Privacy Policy
Last Updated: April 3, 2024
I. Introduction
This Privacy Policy (“Policy”) describes how Greyson Clothiers, LLC (“Greyson Clothiers” or “we” or “us”) handles information collected by Greyson Clothiers about you or other individuals and the privacy protection we accord to personal information (“PI”). For purposes of this Policy, PI about you means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.We may change the terms of the Policy from time to time. When we make changes, we will post the amended policy on this website, https://greysonclothiers.com/ (the “Site”), and they will become effective when they are posted. If the changes are material, we will let you know on the Site home page that the Policy has been updated. Your continued use of the Site following the posting of any changes will mean you accept those changes.
II. How Does Greyson Clothiers Collect Your PI and What Types of PI Does It Collect?
Greyson Clothiers collects PI about you when you actively provide it to us, such as by completing an online form, responding to a request for information, signing up to receive communications from us, to join our Black Wolf or other loyalty program, or making a purchase from us. We also may collect PI about you from other sources, such as our business partners; the Internet, including social media websites; the press or other print media; and other organizations or individuals as permitted under applicable law.
Listed below are the types of PI that we may have collected about you within the past 12 months. Some of these types of information may not be PI, depending on other information about you to which we have access. Each type of information listed below is PI only if the information identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your household.
- Identifiers such as your name, postal address, email address, IP (Internet Protocol) address, credit card details (which we do not retain after use), telephone number, or other similar identifiers.
- Commercial information, such as records of products or services you purchased, obtained, or considered, and your purchasing or consuming histories or tendencies.
- Internet or other similar network activity, such as browsing history, search history, information on your interaction with our website, mobile application(s), or an advertisement. This may include hardware and browser information of your computer or other online device.
- Professional or employment-related information, such as your current or past job history, if you are applying for a job with us.
- Personal characteristics related to classifications legally protected from discrimination, such as marital status, age and gender.
- Inferences drawn from other PI, such as a summary we might make based on your apparent personal preferences, characteristics, purchasing trends, predispositions, behavior, and apparent attitudes.
III. Our Business Purposes for Collecting PI; How We Use the Information
We use the PI we collect from you for a variety of purposes permitted by law, including:
- To communicate with you, including in response to your inquiries and to fulfill your requests;
- To provide you with information about our products and services, and to provide you with our products and services;
- To prevent fraud, including by confirming your identity;
- To maintain and upgrade the security of any data or information collected;
- For compliance and risk management purposes; and
- Other legally permissible or everyday business purposes, including data analysis, product development, and compliance with law enforcement and other legal processes.
IV. How We May Share Personally Identifiable Information
We may share the PI we collect as follows:
- With companies that may become our affiliates;
- With our service providers, whom we engage to assist us with technology support, operational support and other forms of assistance, and whom we bind by contract to protect the confidentiality and security of the PI we share with them;
- In the event of a proposed or actual reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our company or its assets, to the proposed or actual acquiring party or assignee;
- As we believe to be appropriate (i) when required by applicable law, including laws outside your country of residence; (ii) to comply with legal process (iii) to respond to requests from public and government authorities; (iv) to enforce the terms and conditions for use of the Site, including this Policy; (v) to protect and defend our rights and property; (vi) to protect the interests of Greyson Clothiers or others; and (vii) to permit us to pursue available remedies or limit the damages that we may sustain.
We do not sell PI; however, under the California Consumer Privacy Act (discussed further in Section X below), sharing of website activity information for advertising purposes (discussed in Section V below) may be deemed to involve a “sale” and we provide a means for website users to opt-out of such sharing. We do not share PI with non-affiliated entities for them to use for their own marketing purposes.
To opt out of these "sales," use the following link: Do Not Sell My Personal Information (opens in a new tab). We do not knowingly sell personal information about consumers under the age of 16. Please note that by opting out, you are also agreeing to be removed from marketing communication and will be removed from Greyson's email and SMS subscriber list.
Our store is hosted on Shopify Inc. Shopify provides us with the online e-commerce platform that allows us to sell our products and services to you. Shopify stores your PI on a secure Shopify server, behind a firewall. If you choose a direct payment gateway to complete your purchase, Shopify will store your credit card data in encrypted form, consistent with the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction and then is deleted. You can find Shopify’s Terms of Service at https://www.shopify.com/legal/terms and the Shopify Privacy Statement at https://www.shopify.com/legal/privacy.
V. Information We and Others Collect Automatically
When you visit our Site, we and third parties with whom we have contracted may collect the following information automatically:
- Technical information, including browser type and version, IP address, time zone setting, browser plug-in types and versions, operating system and platform; and
- Information about your visit, your clickstream to, through and from the Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- We also use cookies to collect information around abandoned shopping carts. A cart is considered abandoned within one hour of inactivity/lack of purchase. If you are subscribed to receive SMS, an SMS message will be sent as a reminder once the cart is considered abandoned.
We and our contracted third parties, including Shopify and Google Analytics (https://analytics.google.com/analytics/web/provision/#/provision), may obtain this information via cookies (small data files your web browser stores on your hard drive), pixel tags (also known as clear GIFs or web beacons), and similar technologies that remember the pages you have visited and the links you have followed. These technologies allow us to see how many visitors are on our Site and the ways in which visitors move around the Site. With the information these technologies provide, we can work to improve the Site so as to provide Site users with an optimal experience when browsing our Site, for example, by making it easier for users to find what they are looking for quickly. You can find the details of the cookies used by Shopify at https://www.shopify.com/legal/cookies.
Some of the third parties who collect information about your visits to the Site through cookies may use the information to serve advertisements to you when you visit other websites. You may opt out of such advertising by rejecting non-essential cookies through our cookie consent banner. You may also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies, you may not be able to access all or parts of our Site. To learn more about cookies, please visit http://www.allaboutcookies.org.
By using the Site, you are deemed to unambiguously agree to its use of any cookies that you do not disable. You may make a “Do Not Track” request in your browser; we will honor that request at our discretion.
Data Retention; Security We will retain PI about you for the period necessary to fulfill the purposes outlined in this Policy. We endeavor to use reasonable organizational, technical, and administrative measures to protect the PI we maintain within our organization.
Updates to Your PI If you would like to update PI that you have provided to us, you may contact us through one of the means listed in the “How to Contact Us” section below.
VIII. Site Use Limitations and International Data Transfers
Our Site is not directed to children, and if we become aware that we have collected PI from any individual under the age of 13, we will delete it.
Our Site is designed for users from and is controlled and operated by us from, the United States. By using the Site, you consent to the transfer of your information to the United States, which may have different data protection rules than those of your country.
IX. Links to Other Websites
Our Site may provide links to third-party websites. When you click on one of these links, you will be accessing content that is not subject to this Policy. We are not responsible for the information-collection practices of the other websites that you visit and advise you to review their privacy policies before you provide them with any PI.
X. California Residents’ Privacy Rights
If you are a resident of California, you have certain privacy rights under the California Consumer Privacy Act (“CCPA”). We honor those rights, as described below, and we are prohibited by law from discriminating against you for exercising any of those rights.
A. Right to Know
If you are a California resident, you have the right to know what PI we have collected about you, why we collected it, and the categories of third parties (excluding service providers) with whom we have shared the PI during the past 12 months. You may request that we provide a description of the categories of PI we have collected (a “Categories Request”) or you may request access to the specific pieces of PI we have collected (a “Specific Pieces Request.”) See below on “How to Submit a Request.”
If you make a Categories Request, and you do not have any type of account with us, we will need you to provide us with at least two data elements specific to you, such as your cell phone number or driver’s license number (depending on the data elements we already maintain about you), so that we can verify your identity. After we confirm that your request is a verifiable consumer request, we will disclose to you:
- the categories of PI we collected about you;
- the categories of sources for the PI we collected about you (e.g., social media websites, government records available to the public, etc.);
- our business or commercial purpose for collecting that PI; and
- the categories of third parties other than service providers (if any) with whom we shared the PI.
If you make a Specific Pieces Request, we need to be sure we have verified your identity with great certainty to safeguard your privacy. In order for us to verify your identity, if you do not have any type of account with us, you will need to provide to us at least three data elements specific to you, together with a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. After we confirm that your request is a verifiable consumer request, we will, consistent with the CCPA, disclose to you the specific pieces of PI we collected about you that you requested.
B. Right to Request Deletion
You have the right to request that we delete any of your PI that we collected from you and retained. (See below on “How to Submit a Request”.) We are not obligated to comply with your request if we have a legal basis to retain the PI. If you make a request for us to delete PI and you do not have any type of account with us, you may need to provide us with at least two data elements specific to you so that we can verify your identity. Once we receive and confirm that your request is a verifiable consumer request, we will inform you whether we have deleted (and have directed our service providers to delete) your PI from our records, or whether we are declining to grant your request to delete due to an exception to the CCPA deletion requirements.
C. Exceptions to Access and Deletion Rights
If you are working for or seeking to work for Greyson Clothiers, or if you are an employee or other representative of a business or other organization that is exploring or engaging in a business-to-business transaction with Greyson Clothiers, the CCPA currently does not provide you with a “right to know” or “right to request deletion” (at least until January 1, 2023).
D. How to Submit a Request
To request access to or deletion of your PI as described above, please submit a verifiable consumer request to us by:
- Fill out our privacy request form here. We will need your name and email address to process your request and safeguard your data. You will receive an email to verify your address. We will use the data gathered in the form only to process your request and for record-keeping as required by law.
- Sending us an email, to: privacy-requests@greysonclothiers.com
You may make a request on your own behalf, but if you wish to designate an authorized agent to make a request on your behalf, please provide us with a signed declaration stating that your intent is to permit that individual to act on your behalf and include such individual’s full name, address, email address, and phone number. That way we will be sure you have fully authorized us to act in accordance with the requests of that individual.
As indicated above, in order to protect your PI from disclosure or deletion at the request of someone other than you or your legal representative, Greyson Clothiers requires identification verification before granting any request to provide copies of, know more about, or delete your PI. We take special precautions to help ensure this. We cannot respond to your request or provide you with PI if we cannot verify your identity or authority to make the request and confirm that the PI relates to you. We will use PI we newly collect in connection with a verifiable consumer request only to verify the requestor's identity and authority to make the request.
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we need more time (up to 45 additional days), we will inform you in writing of the reason and how long it will take us to respond.
XI. How to Contact Us
If you have any questions regarding this Policy, please email us at privacy-requests@greysonclothiers.com.
GDPR Addendum
Last Updated: [December 8, 2023]
I. IntroductionThis GDPR Privacy Addendum (the “GDPR Privacy Addendum”) supplements the information contained in Greyson Clothiers, LLC’s (“Greyson Clothiers” or “we” or “us”) Privacy Policy (our “Privacy Policy”) and applies solely to the users of our Site who are located in the European Economic Area, the United Kingdom, or Switzerland. We adopt this GDPR Privacy Addendum to comply with the European Union’s General Data Protection Regulation, and any laws implementing the foregoing by any member states of the European Economic Area, the United Kingdom (including the UK Data Protection Act and the UK-GDPR), and or Switzerland (collectively, the “GDPR”). Unless otherwise defined in this GDPR Privacy Addendum, any terms defined in the GDPR or our Privacy Policy have the same meaning when used in this GDPR Privacy Addendum. When this GDPR Privacy Addendum is applicable to you, it takes precedence over anything contradictory in our Privacy Policy.
II. Data Controller, Data Protection Officer, and RepresentativeGreyson Clothiers is the data controller of your Personal Data. Greyson Clothiers has appointed representatives in both the European Union and the United Kingdom in compliance with the GDPR and the UK Data Protection Act and UK-GDPR. At this time, Greyson Clothiers is not required to appoint a Data Protection Officer in either the European Union or the United Kingdom, and has elected not to do so. Greyson Clothiers or its representative may be contacted in any manner set forth below in the “Contact Information” Section of this GDPR Privacy Addendum.
III. Information We Collect About You and How We Collect ItThe Personal Data we collect and the ways in which we collect it are described in our Privacy Policy.
The Personal Data we collect from you is required to enter into a contract with Greyson Clothiers, for Greyson Clothiers to perform under the contract, and to provide you with our products and services. If you refuse to provide such Personal Data or withdraw your consent to our processing of Personal Data (when appropriate), then in some cases we may not be able to enter into the contract or fulfill our obligations to you under it.
Our Site may use both session cookies (which expire once you close your browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience and for advertising on our Site. We only place non-essential cookies on your device with your consent. You choose not to receive non-essential cookies through our cookie consent manager, which you may access at any time by clicking the “Privacy Preferences” link at the bottom of any page on the Site. You can also set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. However, if you do not consent to our use of cookies or select this setting you may be unable to access certain parts of our Site. You can find more information about cookies at http://www.allaboutcookies.org and http://youronlinechoices.eu.
IV. Lawful Basis for Processing Your Personal Data
The processing of your Personal Data is lawful only if it is permitted under the GDPR. We have a lawful basis for each of our processing activities (except when an exception applies as described below):
- Consent. By using our Site, you consent to our collection, use, and sharing of your Personal Data as described in our Privacy Policy and this GDPR Privacy Addendum. If you do not consent to the terms of our Privacy Policy and this GDPR Privacy Addendum, please do not use the Site;
- Legitimate Interests. We will process your Personal Data as necessary for our legitimate interests. Our legitimate interests are balanced against your interests and rights and freedoms, and we do not process your Personal Data if your interests or rights and freedoms outweigh our legitimate interests. Our legitimate interests are to: facilitate communication between Greyson Clothiers and you; develop our product and services; provide our products and services to you; promote and market our business, detect and correct bugs and improve our Site; enhance and manage the security and integrity of our products, services, IT infrastructure, and intellectual property; and to detect and prevent fraud and other crime;
- To Fulfill Our Obligations to You under our Contract. We process your Personal Data in order to fulfill our obligations to you pursuant to our contract with you to deliver our products and services to you; and
- As Required by Law. We may also process your Personal Data when we are required or permitted to by law; to comply with government inspections, audits, and other valid requests from government or other public authorities; to respond to legal process such as subpoenas; or as necessary for us to protect our interests or otherwise pursue our legal rights and remedies (for instance, when necessary to prevent or detect fraud, attacks against our network, or other criminal and tortious activities), defend litigation, and manage complaints or claims.
Greyson Clothiers does not ask you to provide, and we do not knowingly collect, any special categories of Personal Data from you.
VI. Automated Decision MakingGreyson Clothiers does not use your Personal Data with any automated decision-making process, including profiling, which may produce a legal effect concerning you or similarly significantly affect you.
VII. How We Use Your InformationWe use your Personal Data as described in our Privacy Policy.
VIII. Disclosure of Your InformationWe do not share or otherwise disclose your Personal Data for purposes other than to the entities and for the purposes described in our Privacy Policy.
IX. Your Rights Regarding Your Information and Accessing and Correcting Your InformationThe GDPR provides you with certain rights with regards to our processing of your Personal Data. These rights replace the similar rights provided in our Privacy Policy or are supplemental to such rights.
- Access and Update. You can review and change your Personal Data by logging into the Site and visiting the “My Account” page or by filling out our privacy request form here. You may also send us an email to privacy-requests@greysonclothiers.com to notify us of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
- Restrictions. You have the right to restrict our processing of your Personal Data under certain circumstances. In particular, you can request we restrict our use of it if you contest its accuracy, if the processing of your Personal Data is determined to be unlawful, or if we no longer need your Personal Data for processing but we have retained it as permitted by law.
- Portability. To the extent the Personal Data you provide Greyson Clothiers is processed based on your consent and that we process it through automated means, you have the right to request that we provide you a copy of, or access to, all or part of such Personal Data in structured, commonly used and machine-readable format. You also have the right to request that we transmit this Personal Data to another controller, when technically feasible.
- Withdrawal of Consent. To the extent that our processing of your Personal Data is based on your consent, you may withdraw your consent at any time by closing your account. Withdrawing your consent will not, however, affect the lawfulness of the processing based on your consent before its withdrawal, and will not affect the lawfulness of our continued processing that is based on any other lawful basis for processing your Personal Data.
- Right to be Forgotten. You have the right to request that we delete all of your Personal Data. We cannot delete your Personal Data except by also deleting your user account, and we will only delete your account when we no longer have a lawful basis for processing your Personal Data or after a final determination that your Personal Data was unlawfully processed. We may not accommodate a request to erase information if we believe the deletion would violate any law or legal requirement or cause the information to be incorrect. In all other cases, we will retain your Personal Data as set forth in this policy. In addition, we cannot completely delete your Personal Data as some data may rest in previous backups. These will be retained for the periods set forth in our disaster recovery policies. If you delete your User Content from the Site, copies of your User Content may remain viewable in cached and archived pages, or might have been copied or stored by other Site users. Proper access and use of information provided on the Site, including User Content, is governed by our Terms of Service (available here).
- Complaints. You have the right to lodge a complaint with the applicable supervisory authority in the country you live in, the country you work in, or the country where you believe your rights under applicable data protection laws have been violated. However, before doing so, we request that you contact us directly in order to give us an opportunity to work directly with you to resolve any concerns about your privacy.
- How You May Exercise Your Rights. You may exercise any of the above rights by contacting us through any of the methods listed under Contact Information below or by filling out our privacy request form here. If you contact us to exercise any of the foregoing rights, we may ask you to verify your identity. We will use the data gathered in the form only to process your request and for record-keeping as required by law. We reserve the right to limit or deny your request if you have failed to provide sufficient information to verify your identity or to satisfy our legal and business requirements. Please note that if you make unfounded, repetitive, or excessive requests (as determined in our reasonable discretion) to access your Personal Data, you may be charged a fee subject to a maximum set by applicable law.
In order to provide our Site, products, and services to you, we may send and store your Personal Data outside of the EEA or the United Kingdom, including to the United States. Accordingly, your Personal Data may be transferred outside the country where you reside or are located, including to countries that may not or do not provide an equivalent level of protection for your Personal Data. Your information may be processed and stored in the United States and United States federal, state, and local governments, courts, or law enforcement or regulatory agencies may be able to obtain disclosure of your information through the laws of the United States. By using our Site, you represent that you have read and understood the above and hereby consent to the storage and processing of Personal Data outside the country where you reside or are located, including in the United States.
Your Personal Data is transferred by Greyson Clothiers to another country only if it is required or permitted under the GDPR and provided that there are appropriate safeguards in place to protect your Personal Data. To ensure your Personal Data is treated in accordance with our Privacy Policy and this GDPR Privacy Addendum when we transfer it to a third party that is considered a processor under GDPR, Greyson Clothiers enters into Data Protection Agreements with the third party that include, where applicable, the standard contractual clauses adopted by the European Commission and/or the Information Commissioner’s Office in the United Kingdom (collectively, the “Standard Contractual Clauses”). The European Commission and the Information Commissioner’s Office in the United Kingdom have determined that the transfer of Personal Data pursuant to the Standard Contractual Clauses provides for an adequate level of protection of your Personal Data, however, the Standard Contractual Clauses may need to be supplemented in some cases with additional measures on a case-by-case basis after an analysis that such supplemental measures can provide you with an essentially equivalent level of protection as afforded in the EEA and/or the UK. When, as a result of this analysis, we believe this to be appropriate and necessary, the Standard Contractual Clauses have been supplemented in this way. Under these Standard Contractual Clauses, you have the same rights as if your Personal Data was not transferred to such third country. You may request a copy of the Data Protection Agreement by contacting us through the Contact Information below.
XI. Data Retention PeriodsGreyson Clothiers will retain your Personal Data for the entire time that you keep your account open, for as long as necessary or appropriate to serve you, maintain your account or as otherwise needed to operate our business, or until you request us to delete your Personal Data. Further details of the periods for which we retain Personal Data after this period are available on request. However, we may retain your Personal Data for any of the reasons listed below:
- for as long as necessary to comply with any legal requirement;
- on our backup and disaster recovery systems in accordance with our backup and disaster recovery policies and procedures;
- for as long as necessary to protect our legal interests or otherwise pursue our legal rights and remedies; and
- for data that has been aggregated or otherwise rendered anonymous in such a manner that you are no longer identifiable, indefinitely.
We may change this GDPR Privacy Addendum at any time. It is our policy to post any changes we make to our GDPR Privacy Addendum on this page. If we make material changes to how we treat our users’ Personal Data, we will let you know on the Site home page that the Policy has been updated. The date this GDPR Privacy Addendum was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Site and this GDPR Privacy Addendum to check for any changes. Your continued use of the Site following the posting of any changes will mean you accept those changes.
XIII. Contact InformationIf you have any questions, concerns, complaints, or suggestions regarding our Privacy Policy or this GDPR Privacy Addendum, have any requests related to your Personal Data described in the Privacy Policy or this GDPR Privacy Addendum, or otherwise need to contact us, you can do so at the contact information below or through the “Contact Us” page on our Site.
To Contact Greyson Clothiers (Controller)