BrimBoss

**Privacy Policy**

**Last updated: [03.09.2024]**

**1. Introduction**

Welcome to Brim Boss ("we", "our", "us"). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and share your personal data when you visit our Etsy shop or make a purchase, and your rights in relation to this data.

We comply with the General Data Protection Regulation (GDPR) and other relevant privacy laws. By using our services, you agree to the collection and use of information in accordance with this policy.

**2. Data Controller**

The data controller responsible for your personal data is:

**Brim Boss**
Halden
Norway
etsybrimboss@gmail.com

**3. Information We Collect**

We collect and process the following personal data:

- **Personal Identification Information:** Name, email address, billing and shipping address, phone number.
- **Order Information:** Details of the products you purchase, order dates, payment information.
- **Communication Data:** Any information you provide when contacting us (e.g., via Etsy messages).

**4. How We Collect Your Data**

We collect data from you in the following ways:

- **Etsy Platform:** When you place an order, Etsy shares your order information with us.
- **Direct Communication:** When you contact us directly via messages on Etsy.

**5. How We Use Your Data**

We use your personal data for the following purposes:

- **To Fulfill Orders:** We use your order information to fulfill and ship your purchases. This includes sharing necessary data with our fulfillment partner, Printful, for production and delivery.
- **Customer Service:** We use your data to manage customer service interactions, such as responding to inquiries and providing updates on your order.
- **Legal Compliance:** To comply with legal obligations, such as tax regulations and record-keeping requirements.

**6. Legal Basis for Processing**

Under GDPR, the legal bases we rely on for processing your personal data are:

- **Contractual Necessity:** We need your personal data to fulfill the contract we have with you (e.g., to process and deliver your order).
- **Legal Obligation:** We are required to process your data to comply with legal obligations (e.g., maintaining records for tax purposes).
- **Legitimate Interests:** We may process your data for our legitimate interests, such as improving our services and managing our business operations.

**7. Data Sharing**

We share your personal data with the following third parties:

- **Etsy:** To process and manage orders placed through the Etsy platform.
- **Printful:** Our fulfillment partner, who prints, packages, and ships the products you order. Printful only receives the information necessary to fulfill your order.
- **Service Providers:** We may use third-party services to assist with our business operations, such as accounting, legal services, or IT support. These providers are bound by confidentiality agreements and only process data as necessary to provide their services.

**8. Data Retention**

We will retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

- **Order Information:** Retained for 5 years to comply with Norwegian tax law.
- **Communications:** Retained for as long as necessary to provide customer support.

**9. Your Rights**

Under GDPR, you have the following rights regarding your personal data:

- **Right of Access:** You can request a copy of the personal data we hold about you.
- **Right to Rectification:** You can request that we correct any inaccurate or incomplete data.
- **Right to Erasure:** You can request that we delete your personal data, under certain conditions.
- **Right to Restrict Processing:** You can request that we restrict the processing of your personal data, under certain conditions.
- **Right to Data Portability:** You can request that we transfer your data to another organization, or directly to you, under certain conditions.
- **Right to Object:** You can object to our processing of your personal data, under certain conditions.

To exercise these rights, please contact us at etsybrimboss@gmail.com

**10. Security**

We take reasonable measures to protect your personal data against loss, theft, misuse, and unauthorized access. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure.

**11. International Transfers**

As a Norwegian business, your data is primarily processed within the European Economic Area (EEA). However, Printful may process data outside the EEA. In such cases, we ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place.

**12. Cookies**

Our Etsy shop may use cookies to enhance your user experience. Please refer to Etsy’s Cookie Policy for more details on how they use cookies.

**13. Changes to This Privacy Policy**

We may update our Privacy Policy from time to time. Any changes will be posted on this page with an updated date.

**14. Contact Us**

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

**Brim Boss**
Halden
Norway
etsybrimboss@gmail.com