Privacy Policy
At Grace NY (“we”, “us”, or “our”), accessible at grace-ny.com, we are deeply committed to safeguarding your privacy and ensuring that your personal information is protected. As a company dedicated to privacy-first practices, we comply with the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. This Privacy Policy outlines how we collect, use, disclose, and safeguard your data when you interact with our website.
1. Commitment to Privacy and Data Protection
We recognize the importance of privacy and treat personal data with the highest level of diligence and integrity. We implement industry best practices to ensure your data is secure, and we process your information only in ways that are lawful, fair, and transparent. This Privacy Policy is designed to provide transparency about our data handling practices and your data protection rights.
2. Scope of this Policy and Role of Data Controller
This Privacy Policy applies to all users of our website, grace-ny.com, and to all personal data collected through online interactions. Grace NY is the data controller with respect to all personal information processed via the website and through our associated services. As data controller, we determine the purposes and means of processing your personal data.
If you have questions or need to exercise your data rights, you may contact us at: [email protected].
3. Categories of Personal Data We Process
We may collect, use, store, and transfer various types of personal data, which we categorize as follows:
a. Usage Data
Information regarding how you use our site, including your browser type and version, IP address, time stamps, session duration, pages visited, referring URLs, and other diagnostic data.
b. Account Data
Information provided when you create an account: full name, billing and shipping address, email address, and telephone number.
c. Profile Data
Details such as product preferences, user behaviors, shopping history, saved items, and past purchases, helping us tailor your experience.
d. Communication Data
Information submitted when you contact us, including support requests, feedback, survey responses, and communication records.
e. Technical Data
Device-specific information, such as operating system, browser configuration, screen resolution, language preferences, and device identifiers.
f. Transaction Data
Information related to purchases, including payment method, billing address, delivery address, order contents, and transaction timestamps.
g. Preference Data
Information concerning your choices regarding marketing communications, product interest categories, and consent preferences.
4. Legal Bases for Processing
We rely on several lawful bases under the GDPR and CCPA to process your personal data:
– Consent: Where you have explicitly granted permission for us to use your data for specific purposes.
– Contractual Necessity: Where processing is necessary to perform a contract with you or fulfill your requests.
– Legal Obligation: Where we are legally required to process your data.
– Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our services, enhancing security, and marketing—provided your rights and interests do not override those.
5. Your Rights Under Data Protection Laws
As a data subject under the GDPR and CCPA, you have specific rights concerning your personal information:
– Right of Access: You can request details about the data we hold about you and how it is processed.
– Right to Rectification: You can request correction of inaccurate or incomplete data.
– Right to Erasure: You can ask us to delete your data under certain conditions (“right to be forgotten”).
– Right to Restrict Processing: You can ask us to limit further processing in certain circumstances.
– Right to Data Portability: You can request that we transfer your data to another controller in a machine-readable format.
– Right to Object: You may object to processing based on legitimate interests or direct marketing.
– Right Not to Be Discriminated Against: Under CCPA, exercising your privacy rights will not result in discriminatory treatment.
To exercise any of these rights, please contact us at: [email protected].
6. Security Measures
We use appropriate technical and organizational safeguards to protect your data from unauthorized access, loss, misuse, or alteration. These measures include:
– Data encryption at rest and in transit
– Controlled system access
– Regular security audits and vulnerability testing
– Data access restrictions based on role
– Staff privacy training and awareness
– Secure data backups and disaster recovery protocols
While no online service can guarantee absolute security, we take diligent steps to minimize risks and uphold data integrity.
7. International Data Transfers
Given the global nature of our services, your data may be transferred to and processed in countries outside your home jurisdiction, including the United States. Whenever we transfer your personal data internationally, we ensure compliance through:
– The use of Standard Contractual Clauses (SCCs) approved by the European Commission
– Verification of equivalent data protection laws in destination countries
– Implementation of additional technical and contractual safeguards to ensure adequate protection
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including:
– Account Data: Retained while the account is active or as required for legal obligations
– Transaction Data: Retained for 7 years for tax, audit, and legal compliance
– Communication Data: Retained for 2 years to improve customer service and resolve disputes
– Usage and Technical Data: Retained for 12 months for internal analytics and performance improvements
– Preference Data: Retained until you withdraw consent or update your preferences
When retention is no longer necessary, personal data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience and collect analytical data. We categorize cookies as follows:
– Essential Cookies: Necessary for website operation, account login, and secure transactions.
– Functional Cookies: Enable features like remembering preferences or cart contents.
– Analytical Cookies: Collect site usage data for performance analysis and service improvement.
– Performance Cookies: Help us understand how users interact with the site and identify areas for optimization.
For a comprehensive overview of the specific cookies used and their purpose, please refer to our dedicated Cookie Notice on grace-ny.com.
10. Cookie Management & Compliance
Users are presented with a Cookie Consent Banner upon first visit, allowing them to:
– Accept all cookies
– Reject non-essential cookies
– Customize cookie preferences
You may modify your cookie preferences at any time using the link provided in the footer of our website. We comply with GDPR consent requirements, including prior consent for non-essential cookies, and CCPA “Do Not Sell or Share” requests, which can also be managed through our settings.
11. Children’s Privacy
We do not knowingly collect or solicit personal information from children under the age of 13. If you believe a child has provided us with personal data, please contact us immediately at [email protected]. We will take swift steps to delete such information from our systems.
12. Policy Updates and Revisions
We reserve the right to revise this Privacy Policy as our services evolve or as regulations change. Any substantial updates will be clearly posted on this page, and when necessary, we will alert you via prominent notice or direct communication.
13. Contact Information
If you have questions about this Privacy Policy, how your information is handled, or wish to exercise your legal rights, please contact our Privacy Office at:
We are committed to maintaining your trust and will respond to all inquiries in a timely and transparent manner.
In maintaining this Privacy Policy, Grace NY affirms its commitment to responsible data stewardship and full legal compliance with applicable privacy laws. We encourage all users to review this Policy regularly and reach out with any concerns.