Privacy Policy

PRIVACY POLICY

Last Updated: 09/15/20

WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.

CONSENT

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at info@mayanssecret.com or mailing us at:
Mayan's Secret
8461 Canoga Ave., Canoga Park CA., 91303


DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

SHOPIFY

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify's data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

PAYMENT:

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

For more insight, you may also want to read Shopify's Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

THIRD-PARTY SERVICES

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

For example, if you are located in another country and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our store's website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website's Terms of Service.

LINKS

When you click on links in our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with a AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

TYPES OF DATA WE COLLECT

WEBSITE COOKIES

What are cookies, and what are you doing with my data from them?

Yes - we use cookies, cookies are small data files that are placed onto your computer/mobile/tablet/other device as you browse a website. They remember your device and when it accessed the website, and helps inform what happens when you're on the site and after you leave it. They're important for the effective running of a website, and we can use them to tailor the services offered to you.

What information do they collect, and why?

The cookies we have on our site collect information on things like which pages you visit, which device you're on, your IP address, and publicly available information. These cookies such as the ones used by Google Analytics, Adwords, Google Tag Manager, and others (that are shown in the Cookies Section below this paragraph), so they and us can do things like show you targeted ads, banner ads, collect information to monitor the success of campaigns, competitions etc., and trigger automations for us to get in touch with you. It's also pretty important for us to effectively run our website, especially when it comes to things like site navigation, market research, and customer service. It sounds like a lot, but all this does is help tailor our communication to you and let us know the kind of stuff you might like to know more about. We may also keep an eye on the data coming through for crime and fraud prevention, detection, and related purposes, or if we have a legal right or duty to disclose your information. No data is passed on to third party marketers, it stays between us, Mayan's Secret, and the software companies stated above.

COOKIES

SHOPIFY / E-COMMERCE COOKIES

Here is a list of cookies that we use. We've listed them here so you that you can choose if you want to opt-out of cookies or not.

_session_id, unique token, session, Allows Shopify to store information about your session (referrer, landing page, etc).

_shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider's internal stats tracker to record the number of visits.

_shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.

cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.

_secure_session_id, unique token, session

storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

OTHER WEBSITE COOKIES

_wp_session, Expiry: Session, Essential session management cookies for WordPress. Used to maintain information about each visit to the website and enable core site functionality. These cookies do not
contain any personal information.

AWSELB, Expiry: 1 year, This cookie stores information about which part of the Amazon AWS server farm was
used by your most recent visit. This allows us to optimise our site, and your experience for
various performance and server management reasons. For more information please see:
http://docs.aws.amazon.com/ ElasticLoadBalancing/ latest/APIReference/
API_CreateAppCookie StickinessPolicy.html

GOOGLE ANALYTICS COOKIES

_ga, Expiry: 2 years, Google Analytics - Google Analytics uses this cookie to distinguish users and has an
expiration of X. This is responsible for ensuring any session data is sent to the
appropriate Google Analytics profile. This cookie will be followed by a series of numbers
to fulfil this purpose.

_gid, Expiry: Session, This is part of Google Analytics.

_utma, Expiry: Session, This is part of Google Analytics, that uses multiple UTM parameters to help define the
source, medium, device, campaign name, country, keyword (if avalible) and other generic
information tied to the current session. As there are many different UTM parameters
Google Analytics uses multiple UTM cookies with this cookie name.

_utmb, Expiry: Session, The __utmb and __utmc cookies are brothers, working together to calculate how long a
visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a
site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a
site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it
expires. You see, __utmc has no way of knowing when a user closes their browser or
leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn't,
it expires.

_utmc, Expiry: Session, The __utmb and __utmc cookies are brothers, working together to calculate how long a
visit takes. __utmb takes a timestamp of the exact moment in time when a visitor enters a
site, while __utmc takes a timestamp of the exact moment in time when a visitor leaves a
site. __utmb expires at the end of the session. __utmc waits 30 minutes, and then it
expires. You see, __utmc has no way of knowing when a user closes their browser or
leaves a website, so it waits 30 minutes for another pageview to happen, and if it doesn't,
it expires.

__utmt, __utmt_, Expiry: Session, This cookie is used to track and log events in Google Analytics.

__utmz, __utmz, Expiry: Session, keeps track of where the visitor came from, what search engine you used, what link you clicked on, what keyword you used, and where they were in the world when you accessed a website. It expires in 6 months. This cookie is how Google Analytics knows to whom and to what source / medium / keyword to assign the credit for a Goal Conversion or an Ecommerce Transaction. __utmz also lets you edit its length with a simple customization to the Google Analytics Tracking code.

_dc_gtm_, Expiry: Session, Google Analytics ID, injected via Google Tag Manager. This cookie only appears on sites that integrate Google Analytics via Google Tag Manager. The purpose of which is to allow for hassle free implementation of Google Analytics, and additional layers of flexibility in anonymising personal identifiable information.

_gat_UA-XXXXXXXX-X, Expiry: Session, This cookie does not store any user information, it's just used to limit the number of requests that have to be made to Google Analytics, and has an expiration of 10-minutes. 10 Minutes

IDE, Expiry: 1 Year, Google uses cookies like IDE to help customize ads on Google properties, like Google Search. For example, Google use such cookies to remember your most recent searches, your previous interactions with an advertiser's ads or search results, and your visits to an advertiser's website. This helps Google to show you customized ads on Google. One of the main advertising cookies on non-Google sites is the IDE cookie and is stored in browsers under the domain doubleclick.net. This information is exchanged between other Google properties, like YouTube, who may also use these cookies to show you more relevant ads.

_gat, Expiry: Session, This cookie does not store any user information, it's just used to limit the number of requests that have to be made to Google Analytics, and has an expiration of 10-minutes.

VISITOR_INFO1_LIVE, Expiry: 179 days, These cookies are set by the YouTube video service on pages with embedded YouTube video. The VISITOR_INFO1_LIVE expires after eight months, and is used to send watch statistics to YouTube.

YSC, Expiry: Session, These cookies are used to collect anonymous statistics and performance data for embedded Youtube videos on the website. YSC is session-based, and expires once the session has ended.

PREF, Expiry: 8 Months, These cookies are set by the YouTube video service on pages with embedded YouTube video. The PREF cookie may store user preferences and other information such as dark mode, last set volume, and preferred resolution.

PYPF, Expiry: Session, PayPal uses Cookies to recognise its customers and to shorten the time the user needs to log in to his PayPal account by checking his email on PayPal database.

BROWSER COOKIES

How do I disable cookies in my browser?

Browse in Incognito/InPrivate/Private mode!

Google Chrome Incognito (CTRL+SHIFT+N)
Mozilla Firefox in Private Browsing with Tracking Protection (CTRL+SHIFT+P)
Microsoft Edge in InPrivate browsing - tap the "Settings and more" button in the top-right corner, choose "New InPrivate window."
Opera in Private Browsing (CTRL+SHIFT+N)
Internet Explorer in InPrivate browsing (CTRL+SHIFT+P)

For Google Chrome:

Choose Settings> Advanced
Under "Privacy and security," click "Content settings".
Click "Cookies"
and simply choose the settings you'd like from there.

For Microsoft Internet Explorer:

Click on "Tools", and then "Internet Options"
Click on the "privacy" tab
and simply choose the settings you'd like from there.

For Safari:

Choose Preferences > Privacy
Click on "Remove all Website Data"
This will get rid of cookies!

For Mozilla firefox:

Choose the menu "tools" then "Options"
Click on the icon "privacy"
Find the menu "cookie" and pick what you'd like to do from there.

For Opera 6.0 and further:

Choose the menu Files"> "Preferences"
Privacy
and simply choose the settings you'd like from there.

MAILING LISTS

You've signed up for our mailing list! You love us after all! We've loads of stuff to talk about, but first, let's explain what information we've collected, and how and why we use it.

When you first sign up, we collect your information for things like your name and email address. We do that because you've asked to get our newsletter via email, to keep up to date with Mayan's Secret, or anything else we provide that you've opted into. So we'll stick to that in terms of contacting you, unless we need to get in touch to get some more information from you or make sure you're happy and that your details are up to date.

MARKETING

Mayan's Secret will (with your say so) send you updates on company services, special offers and newsletters. It's all stuff we think you'll find relevant, but if you don't like it, you can always unsubscribe by email or by simply contacting us in the email listed below!

LEGITIMATE INTERESTS

If you have contacted us in the past and processing your data is necessary to serve that interest, then we will contact you. It could be for selling our services to you; promoting, marketing, or advertising our services; sending personalized marketing understanding customers needs, behaviors, preferences, activities; improving our services; again, for crime and fraud prevention, detection, and related purposes; handling customer complaints, queries, disputes etc.; and generally fulfilling our duties to our customers, team, and data subjects! We will only get in touch if it is absolutely necessary in order to fulfill your request, or your order, or your return. And if it's really not wanted, you can always tell us to stop through the email already stated, or through unsubscribe buttons where applicable.

LEGAL OBLIGATION

If we're required to process your information by law, we'll do that.

YOUR RIGHTS

So you've given your details to us at Mayan's Secret. You're in good hands, but you may be wondering what rights YOU have. In regards to all the rights below, you can get in touch with us at info@mayanssecret.com. Simply insert into "[MY DATA - MY RIGHT] the subject line of your email request and let us know what you'd like from us, and we'll get back to you as soon as we can and in line with GDPR requirements.

If you've given us consent, you have the right to withdraw your information from us. Also, if you don't want us to get in touch any more, you can simply unsubscribe or get in touch with us at info@mayanssecret.com.

You can lodge a complaint with a supervisory authority. We're a friendly bunch, here, and you can talk to us about anything, but if you'd like to lodge a complaint with a higher power, you can! You've got the right to be informed about the collection and use of personal data. For more information please have a look here for more details:
https://ico.org.uk/for-the-public/raising-concerns/

If you want to see the data we have for you, you can ask for it at any time by contacting us at info@mayanssecret.com.

If the data we have on file for you is outdated, incomplete, or just plain wrong, you also have the right to change that.

You can ask to be forgotten. In the case you want us to forget you, you can ask us to do that, just see this guidance from the ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
You can ask for us to "restrict processing" of your data. If it's wrong, if it's not been processed in line with the GDPR, if you need it for legal reasons (but we don't need it any more), or if you've asked us to stop processing your information altogether - while we consider stopping processing it, you can ask to restrict it.

You've got the right to ask for your data to be given to you. This applies to when you've given us consent to use your data.

You can ask us to stop processing your data.

If we're marketing to you, or if we're processing your data on the grounds of legitimate interests, you can ask us to just quit doing that.

You also have rights related to automated decision making and profiling, where serious decisions made by automated processing (all systematic, no human interaction), where you can ask us not to automate any decision making process, and you can ask us for the information we've used to make that processing possible.

International Transfers
On occasion, we may possibly have to share your data outside of the European Economic area (EEA). You should rest easy, though, it's subject to special rules under GDPR. If we do have to do this, we'll make sure it's done in line and compliantly with data protection laws to make sure it is secure. If we ever need to do it, we'll make sure the standard data protection contract clauses are signed or at the very least covered by their own data protection terms.

How long do we keep your data?
We'll not keep your data any longer than is needed under this notice, and the longest we'll hold onto any personal data after the purpose has been completed is 6 years.

AGE OF CONSENT

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence and you have given us your consent to allow any of your minor dependents to use this site.

CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our store is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.