GDPR & PIPEDA Compliance

Privacy Policy

(PIPEDA & GDPR Compliant)

1. Introduction

This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you visit or make a purchase from our website (the “Site”). We are committed to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR).

2. Personal Information We Collect

When you interact with our Site, we may collect the following personal information:

  • Identifiers (name, billing address, shipping address)

  • Contact information (email address, phone number)

  • Payment information (processed securely by third-party payment providers)

  • Order and transaction history

  • Account information

  • IP address, browser type, device information

  • Cookies and usage data

3. Purposes for Collection and Use

We collect and use personal information for the following purposes:

  • To process and fulfill orders

  • To deliver products and manage returns

  • To provide customer service and respond to inquiries

  • To manage customer accounts

  • To communicate order updates and service-related information

  • To improve our website, products, and customer experience

  • To comply with legal and regulatory obligations

Personal information is only used for purposes that a reasonable person would consider appropriate in the circumstances, in accordance with PIPEDA and GDPR.

4. Legal Basis for Processing (GDPR)

Where GDPR applies, we process personal data based on one or more of the following legal grounds:

  • Performance of a contract (e.g., fulfilling your order)

  • Your consent (e.g., marketing communications)

  • Compliance with legal obligations

  • Our legitimate business interests, where such interests do not override your fundamental rights and freedoms

5. Consent (PIPEDA)

Under PIPEDA, we obtain meaningful consent for the collection, use, and disclosure of personal information, except where otherwise permitted or required by law. Consent may be withdrawn at any time, subject to legal or contractual restrictions.

6. Sharing and Disclosure of Personal Information

We do not sell personal information. We may share personal information with:

  • Shopify, as our e-commerce platform provider

  • Payment processors

  • Shipping and fulfillment partners

  • IT, analytics, and customer support service providers

  • Government or regulatory authorities when required by law

All third parties are contractually required to protect personal information and use it only for authorized purposes.

7. Cross-Border Data Transfers

Personal information may be transferred to and processed in countries outside of your country of residence, including the United States and other jurisdictions where Shopify or our service providers operate.
Where required, we rely on appropriate safeguards such as standard contractual clauses or equivalent measures to ensure adequate protection.

8. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable laws.

9. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, or modification.

10. Your Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction or erasure

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

  • Lodge a complaint with a supervisory authority

Under PIPEDA, you have the right to:

  • Access your personal information

  • Request correction of inaccurate information

  • Withdraw consent, subject to legal limitations

Requests may be submitted using the contact details below.

11. Cookies and Tracking Technologies

We use cookies and similar technologies to operate our Site and enhance user experience. Shopify and third-party apps may also use cookies. You may control cookies through your browser settings.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect operational, legal, or regulatory changes. The revised version will be posted on this page with an updated effective date.

13. Contact Information

If you have questions, requests, or complaints regarding this Privacy Policy or our handling of personal information, please contact us at:

Business Name: Cashmere House, Inc. dba TSE
Email: cs@tsecashmere.com