Who we are
It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
What personal data we collect and why we collect it
Automatic collection of information
When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device’s IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.
Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.
Collection of personal information
You can visit the Website without telling us who you are or revealing any information by which someone could identify you as a specific, identifiable individual. If, however, you wish to use some of the Website’s features, you will be asked to provide certain Personal Information (for example, your name and e-mail address). We receive and store any information you knowingly provide to us when you make a purchase, create an account, publish content, or fill any online forms on the Website. When required, this information may include the following:
- Personal details such as name, country of residence, etc.
- Contact information such as email address, address, etc.
- Account details such as user name, unique user ID, password, etc.
- Any other materials you willingly submit to us such as feedback, images, etc.
You can choose not to provide us with your Personal Information, but then you may not be able to take advantage of some of the Website’s features. Users who are uncertain about what information is mandatory are welcome to contact us.
While you visit our Website, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We will also store comments or reviews, if you choose to leave them.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. You may review relevant sections of this Policy for more information. Specific cases of personal data collection follow.
When visitors leave comments on the site we collect the data shown in the comments form, a timestamp, and also the visitor’s IP address and browser user agent string to help spam detection. Additionally, a jetpack.wordpress.com IFrame receives the following data: WordPress.com blog ID attached to the site, ID of the post on which the comment is being submitted, commenter’s local user ID (if available), commenter’s local username (if available), commenter’s site URL (if available), MD5 hash of the commenter’s email address (if available), and the comment content.
For security reasons and to protect this website from spam, comment data will be processed in the CleanTalk Cloud Service and will be stored in log files for 7 days. On the expiry of the mentioned period, they will be deleted completely. CleanTalk may use information of spam activity of IP/email addresses to offer proper anti-spam protection to all websites connected to its service. It concerns exclusively those IP/email addresses that are being used for spam mailing.
Jetpack (by Automattic) provides the comments feature and will store the comment author’s name, email address, and site URL (if provided during the comment submission) in cookies. Learn more about these specific cookies on the Jetpack website.
Review relevant sections of this Policy for more information on data sharing.
FT uses Customer Reviews for Woocommerce by ivole to collect and collate trusted, verified reviews of our products. After a purchase, the purchaser’s name and email address and an email request are sent to Customer Reviews. Customer Reviews does not use your name and email address for any purpose other than to request a review and send a follow up email and offer code when a review is placed. Review requests will only be sent once for each product.
You can delete your review at any time and/or contact Customer Reviews at email@example.com to have your personal information deleted. Please also contact us at the address in this document to ensure any personal information relating to your review is removed from this site as well.
Reviews published on this Site will automatically be scanned by our anti-spam service provider CleanTalk. Your data may be processed accordingly in the CleanTalk Cloud Service and stored in log files for 7 days. On the expiry of the mentioned period, they will be deleted completely.
Only users logged in to WordPress.com can access this feature. In order to process a post like action, the following information is used: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID (on which the post was liked), post ID (of the post that was liked), user agent, timestamp of event, browser language, country code. Post likes are tracked.
This feature is only accessible to registered users of the site who are logged in to WordPress.com. This feature provided by Jetpack uses the following information: IP address, WordPress.com user ID, WordPress.com username, WordPress.com-connected site ID and URL, Jetpack version, user agent, visiting URL, referring URL, timestamp of event, browser language, country code. Some visitor-related information or activity may be sent to FT via this feature including email address, WordPress.com username, site URL, email address, comment content, follow actions, etc.
The following activities relating to this feature may be tracked: sending notifications (i.e. when Jetpack send a notification to a particular user), opening notifications (i.e. when a user opens a notification that they receive), performing an action from within the notification panel (e.g. liking a comment or marking a comment as spam), and clicking on any link from within the notification panel/interface.
If you upload images to the website (for example, as part of a product review), you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
We offer electronic newsletters (email updates) to which you may voluntarily subscribe at any time. We are committed to keeping your e-mail address confidential and will not disclose your email address to any third parties except as allowed in the information use and processing section or for the purposes of utilizing a third-party provider to send such emails (see below). We will maintain the information sent via e-mail in accordance with applicable laws and regulations.
In compliance with the CAN-SPAM Act, all e-mails sent from us will clearly state who the e-mail is from and provide clear information on how to contact the sender. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails or by contacting us. However, you will continue to receive essential transactional emails.
For security reasons and to protect this website from spam, your data will be processed in the CleanTalk Cloud Service and will be stored in log files for 7 days. On the expiry of the mentioned period, they will be deleted completely. CleanTalk may use information of spam activity of IP/email addresses to offer proper anti-spam protection to all websites connected to its service. It concerns exclusively those IP/email addresses that are being used for spam mailing. Review relevant sections of this Policy for more information on data sharing.
The Website uses “cookies” to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
Payments are processed off-site through the secure third-party payment processors PayPal or Square, depending on your payment choice made at checkout. Both payment gateways feature end-to-end encryption and are fully PCI-DSS (Payment Card Industry Data Security Standard) compliant, with payment information processed directly on their own servers. No credit card or bank payment details are collected or maintained by FT.
Woocommerce collects some payment related information, such as the purchase total, currency, and billing information, which is stored in the website database as order information and passed to the payment processors in order to process or support the payment. Destination address, purchased product IDs, dimensions, weight, and quantities are used for checkout rates, and customer’s name, address, product dimensions, weight, price, and quantities are used to create shipping and customs labels. See relevant sections of this Policy for details on how information is stored and shared.
Additionally, data pertaining to gift card purchases will be collected by Gift Up!, a third party platform that enables Frozen Tundra gift cards. The following information is collected to support and process the order and payment, screen for risk and fraud, and authenticate: your name, email, shipping and billing address, payment details, IP address, information about the order you initiate, and information about the device and browser you use. Some of the personal information provided to Gift Up will be used to conduct some level of automated decision-making.
Payments for gift cards are still processed through Square or PayPal payment processors.
In order to check login activity and potentially block fraudulent attempts, the following information is used by Jetpack: attempting user’s IP address, attempting user’s email address/username (i.e. according to the value they were attempting to use during the login process), and all IP-related HTTP headers attached to the attempting user.
Failed login attempts (these include IP address and user agent) are tracked. Jetpack also sets a cookie for 1 day to remember if/when a user has successfully completed a math captcha to prove that they’re a real human. Learn more about this specific cookie on the Jetpack website.
Social Media Sharing
Each social media sharing button on the Website loads content directly from its service in order to display the button as well as information and tools for the sharing party. As a result, each service can in turn collect information about the sharing party.
Links to other websites
Our Website contains links to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites or third-parties. We encourage you to be aware when you leave our Website and to read the privacy statements of each and every website that may collect Personal Information.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
WordPress.com statistics are collected through Jetpack by Automattic. The Personal Information used to power these statistics include IP address, WordPress.com user ID (if logged in), WordPress.com username (if logged in), user agent, visiting URL, referring URL, timestamp of event, browser language, and country code. Jetpack collects the same information based on additional loads in the case of Infinite Scroll (i.e. when you scroll down to the bottom of the page and a new set of posts loads automatically). FT does not have access to any of this information via this feature. For example, we see the number of views for a specific page but not which Users viewed it. Stats logs containing visitor IP addresses and WordPress.com usernames (if available) are retained by Automattic for 28 days and are used for the sole purpose of powering these Site statistics.
Do Not Track signals
Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. Tracking is not the same as using or collecting information in connection with a website. For these purposes, tracking refers to collecting personally identifiable information from consumers who use or visit a website or online service as they move across different websites over time. Our Website respects Do Not Track signals.
However, there is currently no standard dictating response of websites to this signal, and many websites do not respect the request. Some third party sites may keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you.
Managing personal information
You are able to delete certain Personal Information we have about you. The Personal Information you can delete may change as the Website or Services change. When you delete Personal Information, however, we may maintain a copy of the unrevised Personal Information in our records for the duration necessary to comply with our obligations to our affiliates and partners, and for the purposes described below. If you would like to delete your Personal Information or permanently delete your account, you can do so on the settings page of your account on the Website or simply by contacting us.
Use and processing of collected information
In order to make our Website and Services available to you, or to meet a legal obligation, we need to collect and use certain Personal Information. If you do not provide the information that we request, we may not be able to provide you with the requested products or services. Some of the information we collect is directly from you via our Website. However, we may also collect Personal Information about you from other sources. Any of the information we collect from you may be used for the following purposes:
- Create and manage user accounts
- Respond to inquiries and offer support
- Request user feedback
- Administer prize draws and competitions
- Sell products/ fulfill orders
- Enforce terms and conditions and policies
- Protect from abuse and malicious users
- Respond to legal requests and prevent harm
- Run and operate our Website and Services
Processing your Personal Information depends on how you interact with our Website, where you are located in the world and if one of the following applies:
- (i) You have given your consent for one or more specific purposes. This, however, does not apply, whenever the processing of Personal Information is subject to California Consumer Privacy Act or European data protection law;
- (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof;
- (iii) Processing is necessary for compliance with a legal obligation to which you are subject;
- (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us;
- (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.
Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
We may also use and share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify any individual, for instance, aggregate statistics on Website and Service use.
Information transfer and storage
Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this Policy or inquire with us using the information provided in the contact section.
Who we share your data with
We share information with third parties who help us maintain our website and provide our store services to you.
Automattic powers many of the core Site features as described in this Policy, via WordPress, Woocommerce, and Jetpack. Jetpack and Woocommerce in particular interact with much of the Personal Information collected on this Site. In order to maintain functionality, some of the data collected must be synced to Automattic/Woocommerce and/or WordPress servers. Following is a list of those instances:
- If you use the Contact Form: post and post meta data associated with the contact form submission.
- If you leave a comment on the Site: all data and metadata associated with the comments. This includes the status of the comment.
- For WordPress logins: failed login attempts, which contain the user’s IP address, attempted username or email address, and user agent information.
If you make a purchase on the Site, order and payment related details are also sent to third parties as required to complete the request for service and described below.
- For checkout rates: the destination ZIP/postal code and purchased product dimensions, weight and quantities are sent to Canada Post.
- For shipping labels: your name, address as well as the dimensions, weight, and quantities of purchased products are sent to EasyPost. Purchased shipping labels are stored on the Woocommerce server to make it easy to reprint them and handle support requests.
Note: Woocommerce does not retain any of the following information regarding orders: Purchaser’s billing and shipping street address, Purchasing billing and shipping company’s name, Purchaser’s email address, Purchaser’s phone number, Transaction ID, Purchaser’s IP address, Purchaser’s user agent.
Frozen Tundra gift cards are offered through Gift Up! services. If you purchase a gift card, Gift Up will collect the following information to support and process the order and payment, screen for risk and fraud, and authenticate: your name, email, shipping and billing address, payment details, IP address, information about the order you initiate, and information about the device and browser you use. Some of the personal information provided to Gift Up will be used to conduct some level of automated decision-making.
Storing personal information (How long we retain your data)
We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. User accounts can be deleted at any time by contacting us at firstname.lastname@example.org.
Contact form entries will be kept for the length of time required to respond to any concerns and complete any appropriate follow-up measures to improve site functionality or business practice, or other needs as required.
Incomplete orders (cancelled, failed, or pending/abandoned) will be retained for a period of three days to allow any pertinent follow-up. After three days they will be removed from the system.
Records relating to completed orders will be retained in full (including relevant personal information) for a period of 1 year to support the FT warranty offer. After 1 year, the personal information associated with an order is anonymized, and the anonymized purchase data is retained for a further nine year period for accounting and tax purposes.
Where we send your data
Frozen Tundra Designs and our website host and secure server are located in Canada. Personal data of customers will be transferred internationally as required to fulfill our services as outlined in this policy. Some of our third-party services are based in the US and globally. Details regarding the safeguarding and transfer of data are provided below. Review relevant sections of this Policy for additional information on security.
CleanTalk monitors visitor comments, reviews, contact form submissions, and login to secure and protect the site, transferring related data to their own servers. CleanTalk Inc has subscribed to and adheres to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks by adopting and implementing the Privacy Shield Principles. Please visit CleanTalk’s Privacy Shield Policy for more information.
The rights of users (What rights you have over your data)
You may exercise certain rights regarding your information processed by us. In particular, you have the right to do the following:
- (i) you have the right to withdraw consent where you have previously given your consent to the processing of your information;
- (ii) you have the right to object to the processing of your information if the processing is carried out on a legal basis other than consent;
- (iii) you have the right to learn if information is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the information undergoing processing;
- (iv) you have the right to verify the accuracy of your information and ask for it to be updated or corrected;
- (v) you have the right, under certain circumstances, to restrict the processing of your information, in which case, we will not process your information for any purpose other than storing it;
- (vi) you have the right, under certain circumstances, to obtain the erasure of your Personal Information from us;
- (vii) you have the right to receive your information in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that your information is processed by automated means and that the processing is based on your consent, on a contract which you are part of or on pre-contractual obligations thereof.
If you have an account on this Site, made a purchase, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
The right to object to processing
Where Personal Information is processed for the public interest, in the exercise of an official authority vested in us or for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. You must know that, however, should your Personal Information be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn whether we are processing Personal Information for direct marketing purposes, you may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to FT through the contact details provided in this Policy. These requests can be exercised free of charge and will be addressed by FT as early as possible.
California privacy rights
Privacy of children
We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through our Website or Service. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website or Service without their permission.
If you have reason to believe that a child under the age of 13 has provided Personal Information to us through our Website or Service, please contact us. You must also be at least 16 years of age to consent to the processing of your Personal Information in your country (in some countries we may allow your parent or guardian to do so on your behalf).
Information security (How we protect your data)
We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
Specific measures taken to protect user data include but are not limited to:
- Data center and hosting:
- Industry standard TLS 1.2 to ensure secure and private encrypted communication channel between you and our servers.
- bcrypt hashing algorithms to store your account passwords.
- Maintain at-rest encryption of user database.
- Modern WAF (Web Application Firewall) solutions to mitigate SQL injection, cross-site scripting, file inclusion, and various other attacks.
- Secure key-based passwordless access to our hosting infrastructure.
- Hosting provider maintains compliance with ISO/IEC 27001:2013 certification, SOC 1 Type II (SSAE 16 and ISAE 3401) and SOC 2 Type II international certifications and PCI DSS level 1 certification.
- Endpoint firewall.
- Security and Malware scanners.
- Brute-force protection.
- Two-factor authentication.
In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website, send you an email.
We will disclose any information we collect, use, or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Changes and amendments
Acceptance of this policy
You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the Website or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services.
If you would like to contact us to understand more about this Policy or wish to contact us concerning any matter relating to individual rights and your Personal Information, you may send an email to email@example.com
This document was last updated on February 5, 2020 to include gift cards.