PRIVACY POLICY

Effective Date: 2023.01.01
Website: cariette.com

At cariette.com (“we”, “us”, “our”), we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or make a purchase.

Please read this privacy policy carefully. By using our website, you consent to the data practices described in this policy. If you do not agree with the terms of this privacy policy, please do not access the site.

1. INFORMATION WE COLLECT

1.1 Personal Information

We may collect personally identifiable information that you voluntarily provide to us when you:

  • Register for an account
  • Place an order or make a purchase
  • Subscribe to our newsletter
  • Contact customer service
  • Participate in promotions or surveys
  • Leave product reviews

This information may include:

  • Identity Data: First name, last name, username, title
  • Contact Data: Billing address, shipping address, email address, telephone number
  • Financial Data: Payment card details (processed securely by third-party payment processors), billing information
  • Transaction Data: Details about purchases, orders, returns, and exchanges
  • Profile Data: Username, password, purchase history, preferences, feedback, survey responses
  • Marketing Data: Your preferences in receiving marketing from us and your communication preferences

1.2 Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and browsing activities:

  • Technical Data: IP address, browser type, browser version, operating system, device type, unique device identifiers
  • Usage Data: Pages visited, time spent on pages, clickstream data, products viewed, search terms, referral URLs
  • Location Data: General geographic location (country, region, city) derived from IP address
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies (see Section 6)

1.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Payment processors (e.g., PayPal, Stripe, credit card companies)
  • Shipping carriers (e.g., DHL, FedEx, USPS, China Post)
  • Social media platforms (if you interact with our social media accounts)
  • Analytics providers (e.g., Google Analytics)
  • Advertising networks
  • Fraud prevention services

2. HOW WE USE YOUR INFORMATION

We use the information we collect for the following purposes:

2.1 Order Fulfillment

  • Process and fulfill your orders
  • Send order confirmations and shipping notifications
  • Provide tracking information
  • Process payments and prevent fraud
  • Handle returns, exchanges, and refunds
  • Communicate about your order status

2.2 Customer Service

  • Respond to your inquiries and provide support
  • Resolve disputes and troubleshoot problems
  • Send administrative information (policy updates, terms changes)

2.3 Marketing and Communications

  • Send promotional emails about products, sales, and new arrivals (with your consent where required)
  • Deliver targeted advertising based on your interests
  • Conduct market research and analysis
  • Request reviews and feedback

2.4 Website Improvement

  • Analyze website usage and performance
  • Personalize your shopping experience
  • Improve our products, services, and website functionality
  • Conduct A/B testing

2.5 Legal Compliance and Security

  • Comply with legal obligations (tax, customs, consumer protection)
  • Detect and prevent fraud, abuse, and security incidents
  • Protect our rights, property, and safety, and that of our users
  • Enforce our Terms & Conditions

2.6 Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contract Performance: To fulfill our contractual obligations when you make a purchase
  • Legitimate Interests: For marketing, website improvement, fraud prevention, and business operations
  • Consent: For marketing communications and certain cookies (where required)
  • Legal Obligation: To comply with applicable laws and regulations

3. HOW WE SHARE YOUR INFORMATION

We may share your information in the following circumstances:

3.1 Service Providers

We share information with trusted third-party service providers who assist us in operating our business:

  • Payment Processors: Stripe, PayPal, credit card processors (PCI-DSS compliant)
  • Shipping Carriers: DHL, FedEx, UPS, USPS, China Post, and local postal services
  • Warehouse & Fulfillment: Third-party logistics providers in China and destination countries
  • Website Hosting: Cloud hosting providers (e.g., AWS, Shopify, WooCommerce)
  • Email Marketing: Mailchimp, Klaviyo, SendGrid
  • Customer Support: Helpdesk software providers
  • Analytics: Google Analytics, Facebook Analytics

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

3.2 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities:

  • To comply with legal obligations (tax, customs, consumer protection)
  • To respond to court orders, subpoenas, or legal processes
  • To protect our rights, property, or safety, or that of our users or the public
  • To investigate fraud, security breaches, or violations of our Terms

3.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will provide notice before your information becomes subject to a different privacy policy.

3.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

3.5 Aggregated/De-identified Data

We may share aggregated or de-identified information that cannot reasonably be used to identify you for marketing, analytics, or research purposes.

4. INTERNATIONAL DATA TRANSFERS

4.1 Cross-Border Transfers

Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

Specifically:

  • Data Controller Location: China
  • Website Operations: United States
  • Fulfillment Centers: China
  • Service Providers: Various countries globally

4.2 International Shipping

When you place an order, we must share your information with:

  • Customs authorities in destination countries
  • International shipping carriers
  • Local postal services
  • Tax authorities (for VAT/GST/duties)

This is necessary for customs clearance and delivery of your order.

4.3 Safeguards

We implement appropriate safeguards for international data transfers:

  • Standard Contractual Clauses (SCCs): For transfers from the EEA/UK to third countries
  • Adequacy Decisions: Where applicable
  • Data Processing Agreements: With all service providers
  • Encryption: For data in transit and at rest
  • Access Controls: Limiting access to authorized personnel only

4.4 Your Consent

By using our website and providing your information, you consent to the transfer of your data to China, the United States, and other countries where our service providers operate.

5. DATA RETENTION

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

5.1 Retention Periods

  • Order Information: 7 years (for tax, customs, and consumer protection compliance)
  • Account Information: As long as your account is active, plus 3 years after closure
  • Marketing Data: Until you unsubscribe or withdraw consent, plus 1 years for record-keeping
  • Website Analytics: 14 months (depending on the service)
  • Customer Service Records: 5 years from last interaction

5.2 Deletion

When your data is no longer needed, we will securely delete or anonymize it. You may request deletion of your data subject to legal retention requirements (see Section 9).

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar tracking technologies (pixels, web beacons, local storage) to:

  • Remember your preferences and settings
  • Keep items in your shopping cart
  • Analyze website traffic and usage
  • Personalize your experience
  • Deliver targeted advertising
  • Prevent fraud

6.2 Types of Cookies We Use

  • Essential/Strictly Necessary Cookies: Required for website functionality (e.g., shopping cart, secure login). Cannot be disabled.
  • Performance/Analytics Cookies: Help us understand how visitors interact with our website (e.g., Google Analytics).
  • Functionality/Preference Cookies: Remember your choices (e.g., language, currency, location).
  • Targeting/Advertising Cookies: Used to deliver relevant ads and track ad performance (e.g., Facebook Pixel, Google Ads).

6.3 Third-Party Cookies

We allow third-party service providers to place cookies on your device, including:

  • Analytics: Google Analytics, Hotjar
  • Advertising: Google Ads, Facebook Pixel, TikTok Pixel
  • Payment: PayPal, Stripe
  • Social Media: Facebook, Instagram, Pinterest

These third parties have their own privacy policies governing their use of cookies.

6.4 Cookie Management

You can control cookies through your browser settings:

  • Accept or reject cookies: Most browsers allow you to refuse all cookies or accept only certain types
  • Delete cookies: You can delete cookies already stored on your device
  • Browser settings: Chrome, Firefox, Safari, Edge all have cookie management options

Note: Disabling essential cookies may prevent you from using certain features of our website (e.g., adding items to cart, completing checkout).

6.5 Do Not Track

Our website does not currently respond to “Do Not Track” (DNT) signals. However, you can use browser settings or privacy tools to limit tracking.

7. DATA SECURITY

7.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: SSL/TLS encryption for data in transit; encryption for sensitive data at rest
  • Secure Payment Processing: PCI-DSS compliant payment processors; we do not store full credit card numbers
  • Access Controls: Role-based access; multi-factor authentication for administrative accounts
  • Network Security: Firewalls, intrusion detection, regular security audits
  • Data Minimization: We collect only the information necessary for specified purposes
  • Employee Training: Regular privacy and security training for staff
  • Incident Response: Procedures to detect, respond to, and notify about data breaches

7.2 Limitations

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7.3 Your Responsibilities

You are responsible for:

  • Keeping your password confidential
  • Using strong, unique passwords
  • Logging out after using shared computers
  • Notifying us immediately of any unauthorized access

8. YOUR PRIVACY RIGHTS

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights (All Users)

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to legal obligations)
  • Restriction: Request restriction of processing in certain circumstances
  • Data Portability: Request transfer of your data to another service provider (where technically feasible)
  • Objection: Object to processing based on legitimate interests or direct marketing
  • Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights:

  • Right to Know: Request disclosure of categories and specific pieces of personal information collected, sources, purposes, and third parties with whom it’s shared
  • Right to Delete: Request deletion of personal information (with certain exceptions)
  • Right to Opt-Out: Opt-out of the “sale” or “sharing” of personal information (we do not sell data in the traditional sense, but certain advertising cookies may constitute “sharing” under CCPA)
  • Right to Correct: Request correction of inaccurate personal information
  • Right to Limit Use of Sensitive Information: Limit use of sensitive personal information
  • Non-Discrimination: You will not be discriminated against for exercising your rights

Do Not Sell or Share My Personal Information: California residents may opt-out by clicking the “Do Not Sell or Share My Personal Information” link in our website footer or by contacting us at [email protected].

8.3 European Economic Area (GDPR)

If you are located in the EEA, you have the rights listed in Section 8.1, plus:

  • Right to Lodge a Complaint: File a complaint with your local data protection authority
  • Automated Decision-Making: Right not to be subject to decisions based solely on automated processing

8.4 How to Exercise Your Rights

To exercise your privacy rights:

  • Email: [email protected]
  • Account Settings: Log in to your account to update preferences or request deletion

Verification: We will verify your identity before processing your request. This may require:

  • Confirming your email address
  • Providing order numbers or account details
  • Government-issued ID (for certain requests)

Response Time: We will respond within 30 days (or as required by applicable law). Complex requests may take up to 90 days with notice.

No Fee: Generally, you can exercise your rights free of charge. We may charge a reasonable fee for excessive or unfounded requests.

9. CHILDREN’S PRIVACY

9.1 Age Restrictions

Our website is not intended for children under 16 years of age. We do not knowingly collect personal information from children.

  • United States (COPPA): We do not knowingly collect data from children under 13
  • European Union (GDPR): Age of digital consent varies by member state (typically 13-16)
  • Other Jurisdictions: Follow local minimum age requirements

9.2 Parental Rights

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected]. We will take steps to delete such information from our systems.

10. THIRD-PARTY WEBSITES AND SERVICES

10.1 External Links

Our website may contain links to third-party websites, including:

  • Social media platforms (Facebook, Instagram, Pinterest, TikTok)
  • Payment processors (PayPal, Stripe)
  • Shipping carriers (DHL, FedEx)
  • Partner websites

We are not responsible for the privacy practices of third-party websites. We encourage you to review their privacy policies.

10.2 Social Media Features

Our website includes social media features (e.g., “Like,” “Share” buttons). These features may:

  • Collect your IP address
  • Set cookies
  • Track your interaction with the feature

Your interactions with social media features are governed by the privacy policies of those companies.

11. MARKETING COMMUNICATIONS

11.1 Email Marketing

With your consent (where required), we may send you:

  • Promotional emails about products, sales, and new arrivals
  • Newsletter with fashion tips and trends
  • Abandoned cart reminders
  • Re-engagement campaigns

11.2 Opt-Out

You can opt-out of marketing communications at any time:

  • Click the “unsubscribe” link in any marketing email
  • Update your preferences in your account settings
  • Email us at [email protected]

Note: Opting out of marketing emails does not opt you out of transactional emails (order confirmations, shipping notifications, policy updates).

11.3 SMS/Text Marketing

If you opt-in to SMS marketing, we may send you text messages about promotions and order updates. Message and data rates may apply. Reply STOP to opt-out.

12. AUTOMATED DECISION-MAKING AND PROFILING

12.1 Profiling Activities

We may use automated processing to:

  • Personalize product recommendations based on browsing history
  • Segment customers for targeted marketing
  • Detect fraudulent transactions
  • Analyze customer behavior and preferences

12.2 Your Rights

You have the right to:

  • Obtain human intervention in automated decisions
  • Express your point of view
  • Contest automated decisions
  • Request explanation of automated decision-making logic

Contact us at [email protected] to exercise these rights.

13. CHANGES TO THIS PRIVACY POLICY

13.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

13.2 Notice of Changes

  • Material Changes: We will notify you of material changes via email or prominent notice on our website
  • Effective Date: The updated policy will indicate the effective date
  • Continued Use: Your continued use of the website after changes constitutes acceptance

13.3 Review

We encourage you to review this Privacy Policy periodically for any changes.

14. CONTACT INFORMATION

14.1 Data Protection Officer / Privacy Team

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

Email: [email protected]
Customer Service Hours: Monday-Friday, 9:00 AM - 6:00 PM CST

14.2 EU/UK Representative (if applicable)

If you are located in the European Economic Area or United Kingdom, you may also contact our EU/UK representative:

Name: Danny Wang
Email: [email protected]

14.3 Supervisory Authority

If you are located in the EEA, you have the right to lodge a complaint with your local data protection authority:

  • EU: Contact your national data protection authority (e.g., CNIL in France, BfDI in Germany)
  • UK: Information Commissioner’s Office (ICO) – www.ico.org.uk
  • California: California Privacy Protection Agency (CPPA)

15. GLOSSARY

  • Personal Information/Personal Data: Any information that identifies or can be used to identify an individual
  • Processing: Any operation performed on personal data (collection, storage, use, disclosure, etc.)
  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: A third party that processes data on behalf of the controller
  • Legitimate Interest: A legal basis for processing where we have a legitimate business interest that is not overridden by your rights

16. ADDITIONAL DISCLOSURES FOR SPECIFIC JURISDICTIONS

16.1 China (PIPL Compliance)

If you are located in China:

  • Data Localization: Certain personal information may be stored on servers in China
  • Cross-Border Transfer: We will obtain separate consent for cross-border transfers where required
  • Sensitive Information: We will obtain explicit consent for processing sensitive personal information
  • Automated Decision-Making: We will provide options that do not rely solely on automated decision-making

16.2 Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Proteção de Dados (LGPD) similar to those described in Section 8.

16.3 Other Jurisdictions

We comply with applicable privacy laws in all jurisdictions where we operate. If you have questions about your specific jurisdiction, please contact us.

Last Updated: 2026.01.01