E-Commerce Privacy
1. Introduction
Elvimarta SA de CV (“Midtown Concept”, "International Home") is committed to protecting the privacy and security of data—including data received from e-commerce channels through our API integrations and other data provided by our users. This Privacy and Data Handling Policy explains how we collect, process, store, use, share, and dispose of data. This policy applies to all data processed by our organization in connection with our services, websites, and API integrations.
2. Data Collection
2.1 Types of Data Collected
- Personal Identification Information (PII): Such as names, email addresses, phone numbers, and mailing addresses.
- Transactional Data: Details of transactions, orders, and interactions provided via our API and website.
- Usage Data: Information collected through website analytics, cookies, and log files, which may include IP addresses, browser types, and access times.
- E-commerce Channel Data: Data received from E-com channels API as governed by the channels policies and our agreement with them.
2.2 Collection Methods
- Direct Interactions: Data provided directly by users through our website or API.
- Automated Technologies: Data captured automatically via cookies, web beacons, and other tracking technologies.
- Third-Party Sources: Data obtained from e-commerce channels and other third-party sources in accordance with applicable legal and contractual requirements.
2.3 Consent and Legal Basis
- We obtain consent from data subjects where required.
- The collection of data is based on a legitimate interest to provide our services and is compliant with all applicable laws and regulations.
2.4 Data Minimization
- We limit data collection to what is directly relevant and necessary to accomplish the purposes outlined in this policy.
3. Data Processing
3.1 Processing Activities
- Service Delivery: Processing data to enable and enhance our services.
- Analytics and Improvement: Analyzing data to understand user behavior and improve our offerings.
- Security and Compliance: Using data to maintain security, detect and prevent fraud, and comply with legal obligations.
3.2 Access Control
- Only authorized personnel with a need to know have access to the data.
- All access is logged and monitored as part of our security practices.
3.3 Automated Processing
- Where automated decision-making or profiling occurs, we implement appropriate safeguards to protect data subject rights.
4. Data Storage
4.1 Storage Locations
- Data is stored on secure servers in cloud environments compliant with international standards.
4.2 Security Measures
- Encryption: Data is encrypted in transit and at rest.
- Access Controls: Role-based access and multi-factor authentication are employed.
- Monitoring: Continuous monitoring, intrusion detection, and regular vulnerability assessments are conducted.
4.3 Data Retention
- Retention Periods: Data is retained only for as long as necessary to fulfill its collection purposes, comply with legal obligations, or resolve disputes. Specific retention periods are defined for different data types.
- Archiving: Data that is no longer actively used is archived securely until it is eligible for disposal.
5. Data Usage
5.1 Purposes for Data Use
- Service Provision: To operate, maintain, and improve our services.
- Communication: To communicate with users about updates, service changes, or marketing (with user consent where required).
- Compliance: To meet legal, regulatory, or contractual obligations.
5.2 Usage Restrictions
- Data is used only for the purposes for which it was collected and in a manner that is consistent with user consent and legal requirements.
6. Data Sharing
6.1 Third-Party Service Providers
- We may share data with trusted third-party vendors who assist in service delivery, analytics, and customer support.
- All third parties are required to adhere to strict data protection and confidentiality obligations.
6.2 Legal Disclosures
- Data may be disclosed if required by law, regulation, or legal process (e.g., court orders or governmental requests).
6.3 Sharing of E-commerc Channel Data (e.g. Amazon)
- Any E-comm channel data is handled in strict accordance with the channel's policies and our contractual obligations, ensuring that data is only shared when permitted and with appropriate safeguards in place.
7. Data Disposal
7.1 Secure Disposal Procedures
- When data is no longer required, we follow secure data disposal practices, including:
- Deletion: Removing data from active systems.
- Destruction: Employing methods to irreversibly destroy data from backups and archives.
- All disposal activities are logged and periodically audited.
7.2 Verification
- Regular audits are conducted to ensure that data disposal processes meet our security and compliance standards.
8. Data Subject Rights
8.1 Rights Overview
- Access: Individuals can request access to the personal data we hold about them.
- Correction: Requests for corrections or updates to inaccurate data.
- Deletion: The right to request deletion of personal data, subject to legal and contractual constraints.
- Restriction and Objection: The right to request restrictions on data processing or object to processing.
- Data Portability: Where applicable, individuals may request to receive their data in a portable format.
8.2 Exercising Your Rights
- To exercise any of these rights or if you have any questions about your personal data, please contact us using the information provided below.
9. Security Measures
- We implement comprehensive security measures, including physical, technical, and administrative safeguards, to protect data against unauthorized access, alteration, disclosure, or destruction.
- Regular security training, audits, and risk assessments are part of our ongoing commitment to data security.
10. Compliance
- Legal Compliance: Our data handling practices comply with relevant laws and regulations
- Standards and Certifications: We adhere to industry best practices and standards such as ISO 27001 and SOC 2 where applicable.
- Audit and Review: This policy and our data handling procedures are reviewed periodically to ensure ongoing compliance and improvement.
11. Changes to This Policy
- We reserve the right to modify this policy at any time. Significant changes will be communicated via our website or through direct communication where feasible.
- The “Effective Date” will be updated to reflect the date of any substantive revision.