Last Updated February 12, 2024
Your Guide to Privacy
ALL ABOUT YOU BB
Your data will only be used to better your experience and fulfill our contract with you.
WE GOT YOUR BACK
We’ll protect your data like it’s our own.
We’ll tell it to you straight in language that’s easy to understand.
Your data, your preferences—you control what and how you hear from us.
Your info won't just sit around—if we don’t need it we’ll delete it.
The Nitty Gritty Deets
We respect your right to privacy at Dolls Kill! It's important to us that you know how we collect and use your data, and that you know that your data will only be used to provide you with a better shopping experience.
Information You Share With Us
Most of the information you provide to us happens when you're engaging with our brand, like browsing the site or purchasing or registering for an account. In the past twelve (12) months, we have collected the following categories of personal data from our customers:
- Identifiers such as your name, shipping address, phone number, IP address, email address, or other similar identifiers.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)) such as bank account numbers or other financial information.
- Commercial information, including records of what you have purchased from Dolls Kill.
- Internet or other technical data, including IP address, pixel tags, browsing history, transaction history, or browser/device information.
How We Use That Information
We collect only the information necessary for us to provide you with a relevant, personalized, and optimized shopping experience with us. To do that, we collect and process your personal data for the following business and commercial purposes:
- Processing or fulfilling your orders, verifying your identity, and processing payments.
- Communicating with you by email, text, or online chat, including contacting you about the status of your order if there is an issue.
- Marketing and personalization, including delivering information about products and promotions and identifying product and shopping preferences.
- Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
- Debugging to identify and repair errors that impair the Site.
- Complying with applicable laws, regulations, rules, and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
- As necessary or appropriate to protect the rights and safety of our customers, us, and other third parties.
We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.
How We Obtain Your Personal Data
We collect your personal data from the following categories of sources:
- Directly from you. When you provide it to us directly to create an account or when you update the information in your account (see the "Accessing, Modifying, Rectifying, and Correcting Collected Personal Data" section below for more information).
- Automatically or indirectly from you. For example, as you navigate the Site, information such as IP addresses and browser types from the devices you use may be automatically collected through cookies.
- From our service providers.
Legal Bases for Processing
We process personal data for, or based on, one or more of the following legal bases:
- Compliance with Legal Obligations and Protection of Individuals. We may process personal data to comply with our legal obligations, including as required by valid legal process, governmental request, and to protect those individuals who use our Site.
Who We Share That Information With
We share personal data with the following categories of third parties:
- Our service providers.
- Our affiliated entities.
- Government agencies or regulators when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Site or our interests, rights, property, or safety, and/or that of our Customers and others.
Personal Data We Share
We may disclose your personal data to a service provider for a business purpose. In the past twelve (12) months, we have disclosed the following categories of personal data with the following third parties for a business purpose:
- Identifiers (e.g., name, shipping address, phone number, IP address, email address): Service Providers.
- Personal information categories listed in the California Customer Records statute (Cal. Civ. Code 1798.80(e)) (e.g., bank account numbers or other financial information): Service Providers.
Before transferring any personal data, Dolls Kill will enter into agreements with its third-party service providers or affiliated entities, ensuring they protect the personal data in accordance with the EU GDPR. All third parties will be instructed that they may only use the personal data for the purposes identified by Dolls Kill.
Your Rights Regarding Personal Data
You've got a bunch of rights relating to your personal data. Your rights vary depending on the laws that apply to you, but may include:
- The right to know whether, and for what purposes, we process your personal data;
- The right to be informed about the personal data we collect and/or process about you;
- The right to learn the source of personal data about you we process;
- The right to access, modify, and correct personal data about you (see the "Accessing, Modifying, Rectifying, and Correcting Collected Personal Data" section below for more information);
- The right to know with whom we have shared your personal data with, for what purposes, and what personal data has been shared (including whether personal data was disclosed to third parties for their own direct marketing purposes);
- The right to withdraw your consent, where processing of personal data is based on your consent; and
- The right to lodge a complaint with a supervisory authority located in the jurisdiction of your residence, place of work, or where an alleged violation of law occurred.
Don't forget BB, if you want to exercise your rights, have a complaint to make, or just have a question for us, get in touch at email@example.com.
Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
We strive to maintain the accuracy of any personal data collected from you and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us. Any updates or corrections to your information may be made through your online account settings.
Your California Privacy Rights
California's "Shine the Light" law permits our customers who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to firstname.lastname@example.org, and are free of charge. However, we do not disclose personal data protected under the "Shine the Light" law to third parties for their own direct marketing purposes.
The California Consumer Privacy Act ("CCPA") provides our customers who are California residents the following additional rights:
- Request access to specific pieces of personal data collected about you;
- Request to know the personal data we process about you;
- Request to know the personal data we sell or share about you;
- Request rectification of inaccuracies in your personal data;
- Request deletion of personal data about you;
- Request data portability, your requested information will be provided in a readily usable format to allow transmission to other organizations; and
- Request to limit the use or disclosure of your sensitive personal data.
To exercise your California privacy rights described above, please submit a verifiable request to us by emailing us at email@example.com.
No Sale of Personal Data. Under the CCPA, if a business sells Personal Data, it must allow California residents to opt out of the sale of their Personal Information. However, we do not "sell" and have not "sold" Personal Information in the preceding 12 months for purposes of the CCPA. For example, and without limiting the foregoing, we do not "sell" the Personal Information of minors under 16 years of age.
Consumer Request by an Authorized Agent. If any authorized agent submits a consumer request on your behalf, in order to confirm that person or entity’s authority to act on your behalf and verify the authorized agent’s identity, we require an email be sent to firstname.lastname@example.org, along with all of the below items:
- Proof that you gave the authorized agent signed permission to submit the request.
- Sufficient information to verify the authorized agent’s identity, depending on the nature of the request.
- To verify your identity, depending on the nature of the request, we may also require a valid Government Issued ID (not expired).
We cannot respond to your request or provide you with personal data if we cannot verify your identity or authority to make the request and confirm the personal data relates to you. Making a verifiable consumer request does not require creating an account with us. However, if you have an existing login, we will require you to log in to submit a request. We will only use personal data provided in a verifiable consumer request to verify the request’s identity or authority to make the request.
Involvement of Parents or Guardians. In accordance with the provisions of the Children's Online Privacy Act, in the event that we do begin collecting any personal information or data from children under the age of 13 (or 16 where applicable), we will notify parents first, and will seek parental or guardian consent to collect, use, and/or disclose such information from children under the age of 13 (or 16 where applicable). A parent may review and have their child's personal information deleted and may refuse to permit further collection or use of their child's information by notifying us. If you have reason to believe that a child under the age of 13 (or 16) has provided personal information, please contact us in sufficient detail to enable us to delete that information from our databases.
Your European Union and UK Privacy Rights
In addition to the above-listed rights, European Union and UK privacy laws provide individuals with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:
- The right to object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
- The right to request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest (including, but not limited to, processing for direct marketing purposes) or (ii) performance of a task in the public interest;
- In certain circumstances, the right to data portability, which means that you can request that we provide certain personal data we hold about you in a machine-readable format; and
- In certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain personal data we process about you.
Note that we may need to request additional information from you to validate your request. To exercise any of the rights above, please email us at email@example.com.
EU-U.S. Data Privacy Framework
In cases of onward personal data transfers to third parties, Dolls Kill remains responsible and liable under the DPF Principles if a third party that it engages to process personal data on its behalf does so in a manner inconsistent with the DPF Principles, unless Dolls Kill proves that it is not responsible for the matter giving rise to the damage;
- With the individual’s permission to make the disclosure;
- Where required to the extent necessary to meet a legal obligation to which Dolls Kill is subject, including a lawful request by public authorities and national security or law enforcement obligations and applicable law, rule, order, or regulation;
- Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal claims.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Dolls Kill commits to resolve complaints about our collection or use of your personal data. EU, UK, and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Dolls Kill’s privacy office at firstname.lastname@example.org.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Dolls Kill commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF
You may have the option to select binding arbitration under the EU-U.S. Data Privacy Framework Panel for the resolution of your complaint under certain circumstances. The Federal Trade Commission has jurisdiction over Dolls Kill’s compliance with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework.
We keep your deets on file for as long as you have an account with us, as long as it is needed to provide our services to you, or as long as is required to maintain support-related activities. In some cases, we may hold information after you have closed your account if it is necessary to meet certain legal or regulatory requirements, resolve disputes, prevent fraud or abuse, or enforce terms and conditions.
You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so, but if you choose not to provide information that is necessary to provide our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.
Communications Opt-Out. You may opt-out of receiving email communications from us at any time by clicking the unsubscribe link in the message or by contacting us at email@example.com. Please include "Opt-Out" in the email’s subject line and include your name and the email address you used to sign up for communications in the body of the email.
Cookies and Web Tracking. Consult our Cookie Notice for more information about how to control and/or opt out of certain web tracking technologies.
If you have questions regarding your data protection, please contact our data protection officer (DPO) at firstname.lastname@example.org.