OPENING SALE! BUY ONE, GET ONE FREE!

Privacy Policy


Last updated: May 4, 2021

https://www.twobluemountains.com

ABOUT OUR PRIVACY POLICY
Two Blue Mountains cares greatly about your privacy. We exclusively process data that we need for (improving) our services, and carefully handle all information gathered about you and your usage of our services. Your data is not shared with third parties for commercial goals. This privacy policy applies to the use of the website and the services provided by Two Blue Mountains. The starting date for the validity of these terms and conditions is May 4, 2021, with the publication of a new version the validity of all previous versions is canceled. This privacy policy describes what information about you is collected by us, what this data is used for and with whom and under what conditions this data could be shared with third parties. We also explain to you how we store your data, how we protect your data against misuse and what rights you have regarding the personal data you provide us.
If you have any questions about our privacy policy, please contact our privacy contact person, you will find the contact details at the end of our privacy policy.

WHAT DO WE DO WITH YOUR INFORMATION?
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.
When you browse our store, we also automatically receive your computer's internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
Email marketing: With your permission, we may send you emails about our store, new products and other updates.
Disclosure for a business purpose: shared with our processor Shopify.

CONSENT
How do you get my consent?
When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.
If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.
How do I withdraw my consent?
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at or mailing us at: carmen@twobluemountains.com

AGE OF CONSENT
By using this site, you represent that you are at least the age of majority in your state or shop_contact_province_state of residence, or that you are the age of majority in your state or shop_contact_province_state of residence and you have given us your consent to allow any of your minor dependents to use this site.

DISCLOSURE
We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

ABOUT OUR DATAPROCESSING
Below you can read how we process your data, where we save it, what security techniques we use and to whom the data is visible.
We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
Shopify has an obligation, based on the agreement we have with them, to take necessary precautions and security measures when it comes to your personal data.
We have taken necessary precautions and security measures when it comes to your personal data such as an SSL-encryption and a strong password policy.
We use the email services of MailChimp, a third party that facilitates our websites newsletter email-traffic. Any conformation email you receive from our website and webforms are sent to you from the servers of MailChimp. MailChimp will not use your name and email address for their own purposes. At the bottom of each automated email sent from our website you will find an ‘unsubscribe” link. When you click on this link you will no longer receive automated emails from our website, note that this can affect the functionality of our website greatly.
Your personal data will be securely stored, sent and locked by MailChimp. MailChimp uses cookies and other internet technologies that track if emails are opened and read. Additionally, MailChimp gathers information about you as a receiver and the subjects of these emails with the purpose of improving the quality of their service, this data is stored for 30 days. MailChimp retains the right to use your personal information to further improve their services and, within this context, share it with third parties.
For our regular business email, we use the email services of Hosting2GO. This party has implemented fitting technical and organisational measures to prevent misuse, loss or corruption of your data. Hosting2GO does not have access to our mailbox and we treat our email-traffic confidentially.

SERVICE PROVIDERS
We may employ third party companies and individuals to facilitate the https://www.twobluemountains.com website (“Service Providers”), to assist us in analyzing how our website is used. These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

GOOGLE ANALYTICS
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

ABOUT OUR PAYMENT PROCESSORS
For concluding and processing (part of) our payments in our webshop we use third-party services.
In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.
However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.
For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.
Once you leave our store's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website's Terms of Service.
We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
The payment processors we work with are:

1. Paypal
Their Privacy Policy can be viewed at
https://www.paypal.com/webapps/mpp/ua/privacy-full

2. Stripe
Their Privacy Policy can be viewed at https://stripe.com/us/privacy

SECURITY
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

PURPOSE OF DATA PROCESSING
General purpose of data processing
We use your data with the sole purpose of providing you with our services. This means that the goal of processing this data stands in direct relation to the assignment or task that you offer us. We do not use this data for (addressed) marketing purposes. If you share information with us and we use this information to - not based on a request – contact you at a later time, we will first ask for explicit consent. Your data is not shared with third parties, with any other purpose than to fulfil accountancy and administrative obligations. These third parties are all obligated to a duty of confidentiality based on the agreement we have with them, an oath or legal obligation.

Automatically collected data
Information automatically gathered by our website is processed with the sole purpose of providing you with and/or to further improve our services. This information (for instance your IP address (anonymised), web browser and operating system) is not personal information.

Cooperation in tax and criminal investigation
In some cases, we may be obligated by government to a lawful duty of sharing your information with the purpose of assisting in a fiscal or criminal investigation. In such cases we are forced to comply and assist, but will, based on lawful possibilities, offer objection.

Retention periods
We store your data for as long as you are a client with us. This means that we maintain and keep your client profile until you make it known to us that you no longer desire to use our services. Such a message also functions as a request to be forgotten. We are required to keep invoices with your (personal) information due to relevant administrative obligations, this information is safely stored for as long as the relevant term for these obligations has not yet passed. Personnel no longer has access to your client profile and any documents made because of your assignment or task.

Your rights
Based on valid Spanish and European law you, as a concerning party, have certain rights when it comes to personal data that is processed by or on behalf of us. Below you may find an explanation of these rights and how you, as a concerning party, can invoke these rights. In principle to prevent abuse we only send invoices and copies of your data to e-mail addresses that you have made known to us. Should you wish to receive this data on another e-mail address or for instance per mail we will ask you to identify yourself accordingly. We maintain an administration of concluded requests, in case of a request to be forgotten we will maintain an administration of anonymised data.
You receive all invoices and copies of data in files that are structured in a machine-readable format based on data classifications that we use within our system. At all times you maintain the right to lodge a complaint with The Spanish Data Protection Authority if you suspect that we mistreat or misuse your personal data.

Right of inspection
At all times you maintain the right to view the data we process that has a relation or may be reducible to your person. You may request such a viewing to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a copy of all data with an added overview of processors managing this data while also mentioning the categories under which we store this data.

Right to rectification
At all times you maintain the right to have the data we process that has a relation or may be reducible to your person be adjusted. You may request such an adjustment to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a confirmation that the data has been adjusted.

Right to restriction of processing
At all times you maintain the right to limit the data we process that has a relation or may be reducible to your person. You may request such limiting to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, a confirmation that the processing of your data is limited until you chose to cancel said limitation.

Right of transferability
At all times you maintain the right to request for the data we process that has a relation or may be reducible to your person be processed by a third party of choice. You may send in such a request to our contact in charge of privacy matters. You will receive a response to your request within 30 days. If your request is approved we will send you, via the e-mail address known to us, your (personal) invoices or copies of data that we, or third parties on behalf of us, have processed. It is highly likely that in such a case we can no longer offer our services to you for we can no longer guarantee the previous data safety.

Right of objection and other rights
At all times you maintain the right to object to the processing done by us, or on behalf of us by third parties, of your personal data. In case of such an objection we will immediately cease all processing of your data while your objection is being investigated and handled. In case of a justified objection we will return all invoices and/or copies of personal data that we, or third parties on behalf of us, have processed up until that point and cease processing thereafter. You also maintain the right to not be subject of automated decision-making processes or profiling. We process your data in such a way that this right does not apply. Should you believe that this right does apply then we ask you to reach out to our contact in charge of privacy matters.

CHANGES TO THIS PRIVACY POLICY
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

QUESTIONS AND CONTACT INFORMATION
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer by mail at:
info@twobluemountains.com
Re: Privacy Compliance Officer