This Privacy Notice was last updated on April 10, 2023.
This Privacy Notice describes the personal information Rachel Comey Studio (“Rachel Comey”, “we”, “our”, or “us”) collects when you interact with us through our website or you visit one of our stores (collectively, the “Services”), how we use this information, with whom we share it, and the choices you have in connection with this.
Our Role in Data Processing
The entity responsible for the collection and use (processing) of your personal information is Rachel Comey Studio. You can contact Rachel Comey Studio by telephone at 800-416-1265, by email at [email protected] or mail at 636 Broadway, Suite 320, New York, New York, 10012. Rachel Comey Studio is a controller under the UK General Data Protection Regulation and/or EU General Data Protection Regulation (collectively, “GDPR” or “EU data protection law”).
The Services are controlled and operated by us from the United States of America (“U.S.”). In accordance with U.S. laws, in certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in other countries may be entitled to access your personal data.
Information Collection and Use
We collect personal information, which is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to you, when you engage with our Services and includes data protection as such term is defined under EU or UK data protection laws. Specifically, we collect personal information directly from you, automatically as you engage with our websites or mobile applications, and from third-party sources as described below.
A. Information Collected Directly From You
We collect personal information directly from you when you:
-
- Make a purchase. If you make a purchase on our website, we will collect from you your identifiers (name, email address, address) and your payment information (debit card or credit card). We use this information to process your order, process your payment, facilitate shipment of your order, communicate with you regarding your order. To the extent EU or UK data protection law applies, the legal basis for this is the performance of our contract with you. If you do not provide us with this information, we cannot provide you with our Services. We share this information with our third party payment processor and our fulfillment/shipping provider. If you have an existing Affirm or AfterPay account, you can use those accounts to make a purchase. Note, if you choose to use Affirm of AfterPay, you will be redirected from our Website and be subject to Affirm or AfterPay’s terms and conditions and privacy practices.
As you engage with our Website, we use tracking technology to automatically collect the items you have viewed or put in your shopping cart but haven’t purchased. We will send you reminder emails of those items, if you have provided us your identifiers (email address) by subscribing to our newsletter or creating an account. We share this information with our marketing service provider. You can unsubscribe to these emails at any time by clicking the UNSUBSCRIBE button at the bottom of the email. Please note that we will continue to send you notifications necessary to the Services or requested products or services. To the extent EU data protection law applies, the legal basis for this is your consent.
- Make a purchase. If you make a purchase on our website, we will collect from you your identifiers (name, email address, address) and your payment information (debit card or credit card). We use this information to process your order, process your payment, facilitate shipment of your order, communicate with you regarding your order. To the extent EU or UK data protection law applies, the legal basis for this is the performance of our contract with you. If you do not provide us with this information, we cannot provide you with our Services. We share this information with our third party payment processor and our fulfillment/shipping provider. If you have an existing Affirm or AfterPay account, you can use those accounts to make a purchase. Note, if you choose to use Affirm of AfterPay, you will be redirected from our Website and be subject to Affirm or AfterPay’s terms and conditions and privacy practices.
-
- Create an Account. When you create an account to use our Services, we will collect from you your identifiers (name, email address, date of birth, and physical address), your account login information (username and we store your password in a hashed form), your order history (previous purchases, wish-returns, lists, or saved items). We use information to create and manage your account, update you on your order, send you marketing communications and promotions, and to communicate with you regarding our Services. To the extent EU data protection law applies, the legal basis for this is the performance of our contract with you, if we do not process this information we cannot maintain your account.
-
- Visit one of our stores. If you visit one of our stores, we will automatically collect your sensory information (video recording through our CCTV footage). We use this information to maintain the security of our stores and employees. If you purchase an item, we will collect from you your identifiers (name and email address) and your payment information (debit card or credit card). We use this information to process your payment and if you wish to subscribe to marketing emails. We share this information with our third-party marketing vendor and our third-party payment processor.
-
- Subscribe to marketing emails or newsletter. If you subscribe to our marketing emails, we will collect from you, your identifiers (email address and date of birth) to fulfill your request to receive information we feel may be of interest to you and to send you promotional discounts for your birthday [confirm]. Our communications contain tracking technologies, provided by our marketing service provider, to gain insight into behavior of recipients. With the help of these technologies, we can analyze whether a predefined action took place by a recipient, such as opening our communications, in order to better adapt and distribute our communications. When you opt-in to our marketing communications, you are opting into the use of these technologies. You can unsubscribe to these emails at any time by clicking the UNSUBSCRIBE button at the bottom of the email. Please note that we will continue to send you notifications necessary to the Services or requested products or services. To the extent EU data protection law applies, the legal basis for this is your consent.
-
- Apply for employment with us. When you apply for employment with Rachel Comey, we will collect your identifiers (name and email address) and your professional or employment information (resume, cover letter, employment history, educational history). We use this personal information to assess and manage your application with us, to communicate with you, and as necessary to comply with the law. For more information, please see our Applicant Notice. Please note, we currently only accepting applications from individuals who reside in the United States.
-
- Contact us. When you contact us through either our live-chat feature, email, or our customer service line, we may collect from you your identifiers (name, email address, address), your account information (order number), your purchase information (items in your order), and your financial information (credit card or debit card). We use this information to respond to your inquiries, process returns or refunds, and communicate with you. We share this information with our customer service provider who operates our live-chat feature and customer service line. To the extent EU data protection law applies, the legal basis for this is performance of a contract with you. If you do not provide us with this information, we will not be able to communicate with you.
-
- For benchmarking. Rachel Comey may deidentify or aggregate your personal information for benchmarking purposes. To the extent EU/UK data protection law applies, the legal basis for this processing is our legitimate interest in the improvement of our business and Services. Once information is deidentified or aggregated, Rachel Comey may share this information with third parties or use it for marketing purposes.
Rachel Comey may also use the personal information collected for the above purposes to comply with the law and for other limited circumstances as described in How We Share Your Personal Information.
B. Information Collected Automatically
In addition to the personal information you provide, we also collect information automatically via cookies as you use the Services. This information includes the following internet and other electronic network activity information.
We use usage, device, and location information to: (i) track you within the Services; (ii) enhance user experience; (iii) conduct analytics to improve the Services; (iv) prevent fraudulent use of the Services; and (v) diagnosis and repair Services errors, and, in cases of abuse, track and mitigate the abuse.
To learn more about how Rachel Comey uses cookies on the Website and your options related to cookies, please read our Cookie Policy.
Third party marketing and analytics cookies may be considered sharing under the California Privacy Rights Act (“CPRA”). If you are a California resident and wish to opt out, please contact us by either telephone at 800-416-1265 or email us at [email protected] or use our cookie management platform.
Particular cookies to note on the Services include:
- Google Analytics. We use Google Analytics to collect information on your use of the Website to improve our Website. In order to collect this information, Google Analytics may set cookies on your browser, or read cookies that are already there. Google Analytics may also receive information about you from applications you have downloaded that partner with Google. We do not combine the information collected through the use of Google Analytics with personally identifiable information. Google’s ability to use and share information collected by Google Analytics about your visits to our Websites or to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy available here. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found here. This may be a sale under CPRA. To opt out of this cookie, follow the instructions in the YOUR INFORMATION CHOICES section of the Privacy Policy or visit our cookie management platform.
In general, to disable cookies and limit the collection and use of information through them, you can set your browser to refuse cookies or indicate when a cookie is being sent. When you opt-out an opt-out cookie will be placed on your device. The opt-out cookie is browser and device specific and will only last until cookies are cleared from your browser or device.
How We Share Your Personal Information
Rachel Comey shares the personal information identified in this Privacy Notice in the following instances:
- Within Rachel Comey. Where necessary, we share your personal information within Rachel Comey for legitimate business purposes in order to efficiently carry out our business and to the extent permitted by law. To the extent EU data protection law applies, the legal basis for this is our legitimate interest in carrying out our business operations efficiently.
- With service providers. We share your personal information with our service providers that assist us in providing the Services, such as our e-commerce provider, payment processor, IT support, marketing provider, communications provider, cloud and hosting provider, email provider, and shipping and fulfillment provider.
- With Advertising Providers. For advertising purposes, we may share your personal identifiers (hashed email address), commercial information (price point of items purchased) and demographic information (e.g., gender, age) about you to generate a “lookalike audience” of prospective consumers of our Services through the Facebook, Google or other advertising platforms. This allows us to target advertisements on their network to potential consumers who appear to have shared interests or similar demographics to our existing consumers. If you are a California resident and wish to opt out, please follow the instructions in the RIGHTS OF CALIFORNIA RESIDENTS section.
- With Third Parties. We may need to disclose your personal information to third parties, such as legal advisors, law enforcement agencies, or governmental/regulatory bodies in order to protect our legal interests and other rights, protect against fraud or other illegal activities, prevent harm, for risk management purposes, and to comply with our legal obligations.
- In the event of a corporate reorganization. In the event that we enter into, or intend to enter into, a transaction that alters the structure of our organization, such as a reorganization, merger, acquisition, sale, joint venture, assignment, consolidation, transfer, change of control, or other disposition of all or any portion of our assets, we would share your personal information with third parties, including the buyer or target (and their agents and advisors) for the purpose of facilitating and completing the transaction. We will also share your personal information with third parties if we undergo bankruptcy or liquidation, in the course of such proceedings. To the extent EU data protection law applies, the legal basis for this is our legitimate interest in carrying out our business operations.
- For legal purposes. We will share your personal information where we are legally required to do so, such as in response to tax obligations, court orders, law enforcement or legal process, including for national security purposes; to establish, protect, or exercise our legal rights, as required to enforce our terms of use or other contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights, property, or personal safety of any person; or to comply with the requirements of any applicable law. To the extent EU data protection law applies, the legal basis for this is compliance with legal obligations.
With your consent. Apart from the reasons identified above, we may request your permission to share your personal information for a specific purpose. We will notify you and request consent before you provide the personal information or before the personal information you have already provided is shared for such purpose. You may revoke your consent at any time.
Sharing in the Last Twelve (12) Months
For a Business Purpose. In the preceding twelve (12) months, Rachel Comey has disclosed the following categories of personal information for a business purpose to the following categories of third parties:
We have disclosed your personal identifiers, internet and other network activity information, financial information and customer records information to service providers that perform services on our behalf. These providers include our e-commerce provider, payment processor, IT support, marketing provider, communications provider, cloud and hosting provider, email provider, and shipping and fulfillment provider.
- We have disclosed your internet or other electronic network information to our IT support to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to identify and repair website errors that impair functionality.
- We have disclosed your internet or other electronic network information and location information to our IT support and data analytics provider to maintain, improve, and upgrade Rachel Comey Services.
For a Sale or Sharing.
- Rachel Comey uses certain analytics and advertising cookies on its website and mobile application. These cookies collect your internet and other electronic network activity and share it with the data analytics and advertising partners that provide them. This use of your personal information may be considered a sale under the California Consumer Privacy Act or sharing under the California Privacy Rights Act. If you are a California resident and wish to opt out of these cookies, please follow the instructions in the “YOUR RIGHTS AS A CALIFORNIA RESIDENT” section. To see a full list of the cookies we use, please read our Cookie Policy.
- Rachel Comey shares your personal identifiers and commercial information with advertising partners to engage in lookalike advertising. This use of your personal information may be considered a sale under the California Consumer Privacy Act or sharing under the California Privacy Rights Act. If you are a California resident and wish to opt out of these cookies, please follow the instructions in the “YOUR RIGHTS AS A CALIFORNIA RESIDENT” section.
- Rachel Comey shares your personal information, financial information, account information, and your internet and electronic information with our service providers. These providers include our e-commerce provider, payment processor, IT support, marketing provider, communications provider, cloud and hosting provider, email provider, and shipping and fulfillment provider. This use of your personal information may be considered a sale under the California Consumer Privacy Act or sharing under the California Privacy Rights Act. If you are a California resident and wish to opt out of these cookies, please follow the instructions in the “YOUR RIGHTS AS A CALIFORNIA RESIDENT” section.
Your Rights as a California Resident
The California Privacy Rights Act (CPRA) entitles California residents to certain rights. To the extent that the CCPA applies to our processing of your personal information, you would be entitled to the following rights:
- Right to Access. You have the right to request what personal information we have collected, used, disclosed, and sold about you. You may only submit a request for access twice within a twelve-month period.
- Right to Deletion. You have the right to request the deletion of your personal information that we collect or maintain, subject to certain exceptions. For example, if we are required by law to retain the information that you are asking to be deleted, we would not be able to delete the information until we are legally permitted to delete it.
- Right to Opt Out of Sale/Sharing. You have the right to opt out of the sale or sharing of your personal information to third parties. Rachel Comey does not have actual knowledge that it sells personal information of minors under the age of sixteen (16) years. Our use of third-party cookies and our sharing with certain third parties may be deemed a sale or sharing under the California Consumer Privacy Act (“CCPA/CPRA”). To exercise your right to opt-out of the sale or sharing of your personal information through cookies, please visit our cookie management platform.
- Right to Non-Discrimination. You have the right to not receive discriminatory treatment if and when you exercise your rights to access, delete, or opt out under the CCPA.
- Right to Correct. You have the right to correct inaccurate personal information that we collect or maintain.
- Right to Limit the Use of Sensitive Personal Information. You have the right to limit the use of your sensitive personal information when such use goes beyond that which is necessary for providing the services or certain other permissible purposes like fraud, customer service or quality control. Sensitive information includes Social Security number, driver’s license number, biometric information, precise geolocation, and racial and ethnic origin.
To exercise your right to access or delete your personal information, you may submit a request here. To opt out of the sale of your personal information via cookies or for marketing purposes, please visit our cookie management platform.
For requests submitted via email and telephone, you must provide us with name, zip code, that you are a customer, and your preferred contact method (email address or phone number) which allows us to reasonably verify you are the person about whom we collected the personal information and describe your request with sufficient detail to allow us to properly evaluate and respond to it. If we are not able to verify your identity for access and deletion requests with the information provided, we may ask you for additional pieces of information. Only you, or a person that you authorize to act on your behalf may make a request related to your personal information. If you are an authorized agent making a request on behalf of another individual, you must provide us with signed documentation that you are authorized to act on behalf of that individual. To exercise your right to opt-out of the sale or sharing of your personal information via cookies, please utilize our cookie management platform.
Your Rights as a Nevada Resident
If you are a consumer in the State of Nevada, you may request to opt-out of the current or future sale of your personal information. We do not currently sell any of your personal information under Nevada law, nor do we plan to do so in the future. However, you can submit a request to opt-out of future sales by contacting us at [email protected]. Please include “Opt-Out Request Under Nevada Law” in the subject line of your message.
Your Rights as an Individual in the European Union
Individuals in the European Union are entitled to certain rights under the General Data Protection Regulation (GDPR). If our processing of your personal information is subject to the GDPR, you may be entitled to the following rights:
- Right to access: You have the right to ask us for copies of your personal information. This right has some exemptions, which means you may not always receive all the personal information we process. Applicable exemptions may include the management information exemption (data that we process for management forecasting or management planning about a business or other activity), confidential references (references given or received about an individual), or certain instances of ongoing or prior negotiations with the requestor, among others.
- Right to rectification: You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure: You have the right to request erasure of your personal information that we are not obligated to keep in some cases (also known as the right to be forgotten). For example, you can request us to delete such personal data if: (i) we no longer need the data for the purpose it was collected for, (ii) we process the data based on your consent and you revoke your consent, (iii) you object to our processing based on legitimate interest (and we do not have an overriding legitimate interest), or (iv) you object to our processing the personal data for direct marketing purposes. We may not be able to immediately erase your personal information if we have a lawful reason or a legal or contractual obligation to retain the information or continue the processing.
- Right to restrict processing: If you believe that your personal data is inaccurate, that our processing is unlawful, or that we do not need the information for a specific purpose, you have the right to request that we restrict the processing of such personal data. You also have the possibility to request that we stop processing your personal data while we assess your request. If you object to our processing (per your right to object below), you may also request us to restrict processing of that personal data while we make our assessment.
- Right to object to processing: You have the right to object to processing of your personal data which is based on our legitimate interest (Article 6(1)(f) UK GDPR), by referencing your personal circumstances. You also have the right to object to our use of your personal data for direct marketing purposes. When you object to our use of your data for direct marketing purposes (i.e. let us know that you no longer wish to receive direct marketing from us), we will stop sending you direct marketing correspondence.
- Right to data portability: This right only applies to personal information you have given us. You have the right to ask that we transfer the personal information you gave us from one organization to another or give it to you.
- Right to lodge a complaint: You have the right to lodge a complaint with the relevant Supervisory Authority. A list of Supervisory Authorities is available here.
To exercise these rights, please contact us at [email protected]
Do Not Track
We do not support Do Not Track (DNT). Do Not Track is a preference you can set to inform websites and applications that you do not want to be tracked.
Information Security
We implement and maintain reasonable security measures, such as access controls and encryption, to protect the personal information we collect and maintain. However, no security measure or modality of data transmission over the Internet is 100% secure and we are unable to guarantee the absolute security of the information we have collected from you.
Age Restriction
The Services are not intended for individuals under the age of sixteen (16). If we learn that we have collected or received personal information from a child under the age of sixteen (16), we will delete that information. If you believe we might have information from or about a child under the age of sixteen (16), please contact us at [email protected].
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. We will post the changes to this page and will indicate the date the changes go into effect. We encourage you to review our Privacy Notice to stay informed. If we make changes that materially affect your privacy rights, we will notify yo