Privacy Policy
In this Privacy Policy you will find all the information about which Personal Information we, Therapy Exchange (“Therapy Exchange”, “we”, “us”, “our”) collect and process and for what purpose. You will also find out what rights you have and how you can assert them.
Please read this Privacy Policy along with our Cookie Policy which provides additional details about the Cookies we use. This Policy sits in line with the California Consumer Privacy Act (“CCPA”) and the EU`s General Data Protection Regulation ("GDPR").
​
What is Personal Information?
Personal Information is any information relating to personal or material circumstances that relates to an identified or identifiable individual. This includes, for example, your name, date of birth, e-mail address, postal address, or telephone number as well as online identifiers such as your IP address. In contrast, information of a general nature that cannot be used to determine your identity is not Personal Information. This includes, for example, the number of users of a website.
What is processing?
"Processing" means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means. The term is broad and covers virtually any handling of data.
The Data Controller
The person that is responsible for your information under this Privacy Policy (the “data controller”) is:
Therapy Exchange
1968 S Coast Hwy #1329
Laguna Beach, CA 92651
If you have any questions about the processing of your Personal Information by us or about data protection in general, you can reach us at support@therapyexchangeapparel.com
Relevant legal basis
In the following, we inform you about the legal basis on which we process Personal Information. If more specific legal bases apply in individual cases, we will inform you of these separately.
-
Consent - The data subject has given his/her consent to the processing of Personal Information relating to him/her for a specific purpose or purposes.
-
Performance of a contract and pre-contractual enquiries - Processing is necessary for the performance of a contract to which the data subject is a party or for the performance of pre-contractual measures carried out at the data subject's request.
-
Legitimate interests - Processing is necessary for the purposes of the legitimate interests of the controller or a third party unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of Personal Information.
Your rights
Under the GDPR, you can exercise the following rights:
A) Right to information
You have the right to request information and/or copies of the personal information stored about you.
B) Right to rectification
You have the right to request that personal information relating to you be corrected and/or completed without delay.
C) Right to object to processing
You have the right to request the restriction of the processing of your personal information, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing.
D) Right to deletion
You have the right to request the erasure of your personal information stored by us, unless the exercise of the right to freedom of expression and information, the processing is necessary for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise, or defense of legal claims.
E) Right to information
Where you have exercised the right to rectification, erasure, or restriction of processing, we will notify all recipients to whom personal information relating to you has been disclosed of such rectification or erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort.
F) Right to data portability
You have the right to have personal information that you have provided to us handed over to you or to a third party in a structured, common, and machine-readable format. If you request the direct transfer of the data to another responsible party, this will only be done insofar as it is technically feasible.
G) Right of objection
Insofar as your personal information are processed on the basis of legitimate interests, you have the right to object to the processing at any time. If we process your data for the purpose of direct marketing, you have the right to object at any time to the processing of personal information concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
H) Right to withdraw consent
You have the right to cancel your consent to the collection of data at any time with effect for the future. The data collected until the cancellation becomes legally effective will remain unaffected. Please understand that the implementation of your cancellation may take a little time for technical reasons and that you may still receive messages from us in the meantime.
I) Right to complain to a supervisory authority
If the processing of your personal information violates data protection law or if your data protection rights have otherwise been violated in any way, you may complain to the supervisory authority.
J) Automated decision-making including profiling
You have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you.
Under the CCPA, you can exercise the following rights:
A) Right to Know
You can request information about how we have collected, used, shared, sold, disclosed and otherwise processed your personal information during the past 12 months, including the right to request the specific pieces of personal information that we possess.
b) Right of Deletion
You can request that we delete any of the personal information that we have collected from you. We may deny your deletion request pursuant to certain exceptions in the CCPA, and the response we provide will explain any reason for denying your request.
C) Right of Non-Discrimination
You have the right to not receive discriminatory treatment by us for exercising any of your CCPA rights.
D) Right to Opt-Out of Sale
We do not sell your personal information as provided in the CCPA.
California’s “Shine the Light” law (Civil Code Section 1798.83) requires businesses to respond to requests from California customers asking about the business’s practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your personal information using the contact details provided.
If you wish to exercise any of the rights listed above, you can contact us by email at support@therapyexchangeapparel.com . For your protection and the protection of all our users, we may need to request certain information from you to help us confirm your identity before we can respond to the above requests.
Processing of Personal Information
In the course of our business and website operations, we process data, and this data is generally transferred to our Headquarters in California. However, this also includes disclosure by transmission to third parties and to so-called third countries outside the USA and the EEA.
A) access data and hosting
You can visit our website without providing any personal information. Each time you access a website, the web server automatically saves a so-called server log file, which contains, for example, the name of the requested file, your IP address, the date and time of the access, the amount of data transferred and the requesting provider (access data and log files) and documents the access.
This access data is evaluated solely for the purpose of ensuring trouble-free operation of the site and improving our services. In accordance with the and GDPR, this serves to protect our legitimate interests in the correct presentation of our website, which outweigh our interests in the context of a balancing of interests. All access data is deleted at the latest seven days after the end of your visit to the site.
B) hosting
As part of processing on our behalf, Wix.com Ltd provides hosting and website presentation services for us. This serves to protect our legitimate interests in the correct presentation of our website, which are outweighed by a balance of interests. All data collected in the course of using our website or in forms provided for this purpose in the online shop are processed on Wix`s servers.
C) Contacting us
If you contact us via e-mail contact form or social media, we store and process the following data from you: e-mail address, Name and telephone number, if provided, as well as other Personal Information that you provide when contacting us.
This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted, provided there is no legal obligation to retain it. The legal bases for processing are contract and our legitimate interest.
D) data collection and use for contract processing
We collect Personal Information if you voluntarily provide it to us in the context of your order (your name, e-mail address and shipping address). Mandatory fields are marked as such, as we need the data in these cases to process the contract or to process your contact and you cannot send the order or contact without providing it. We use the data you provide to process the contract.
If you have given your consent by deciding to open a customer account, we will use your data (your name, e-mail address, chosen password) for the purpose of opening a customer account. After complete processing of the contract or deletion of your customer account, your data will be restricted for further processing and deleted after expiry of the retention periods under tax and commercial law, unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law and about which we inform you in this policy.
The deletion of your customer account is possible at any time and can be done either by sending a message to the contact option described below or via a function provided for this purpose in the customer account.
E) newsletter
If you register for our newsletter, we will use the data required for this purpose or separately provided by you to send you our e-mail newsletter on a regular basis based on your consent.
Unsubscribing from the newsletter is possible at any time and can be done either by sending a message to the contact option described below or via a link provided for this purpose in the newsletter. After unsubscribing, we will delete your email address unless you have expressly consented to further use of your data or we reserve the right to use data beyond this, which is permitted by law.
F) marketing
Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.
You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.
Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.
Updating your information
If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us.
For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests. Please keep in mind, we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets or intellectual property or the privacy of another person.
Also, we may not be able to accommodate certain requests to object to the processing of Personal Information, notably where such requests would not allow us to provide our service to you anymore.
Withdraw your consent
You may withdraw your consent and request us to stop using and/or disclosing your Personal Information for any or all of the Purposes by submitting your request to us. Should you withdraw your consent to the collection, use or disclosure of your Personal Information, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.
Data transfer
In order to fulfill the contract, we pass on your data to the shipping company and order fulfillment company (Printful, Inc.) commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.
If you have given us your express consent during or after your order, we will pass on your e-mail address and telephone number to the selected shipping or fulfillment service provider so that they can deliver your order and contact you before delivery for the purpose of delivery notification or coordination.
Depending on which payment service provider you select in the ordering process, you pass on your payment data to the payment processor commissioned with the payment. In some cases, the selected payment service providers also collect this data themselves if you create an account with them. In this respect, we do not collect or process any of your financial data and the Privacy Policy of the respective payment service provider applies.
We may also disclose Personal Information to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or proceedings at home or abroad or to fulfill our legitimate interests.
Data Security
Our data processing is subject to the principle that we only process the Personal Information that is necessary for the use of our services. In doing so, we take great care to ensure that your privacy and the confidentiality of all Personal Information are always guaranteed.
All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.
We also use technical and organizational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Duration of data storage
We store Personal Information on our secure server and only for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.
Automated decision-making
Automated decision-making including profiling does not take place.
Social Media
We are present on social media on the basis of our legitimate interest. If you contact us via those social media platforms, you should note that the chat history can neither be deleted by us nor by you. And that, in accordance with the GDPR, the relevant social media platform and we are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. A Joint Controller Agreement itself if very legalistic and lengthy, but in a nutshell, it clarifies how the jointly responsible parties will fulfill the obligations arising from data protection laws that are applicable to them. The legal basis for the use of the relevant social media platform is our legitimate interest, your consent or, in the case of a (pre) contractual relationship with us, the initiation of a contractual service.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this statement.
Personal information and children
We will not knowingly collect, use or disclose personal information from minors under the age of 16 without first obtaining consent from a legal guardian through direct offline contact.
Changes and updates
We kindly ask you to regularly inform yourself about the content of our Privacy Policy. We will amend the Privacy Policy as soon as changes to the information processing activities we carry out make this necessary.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal information on our part, or any other questions or comments, or wish to exercise your rights under applicable laws, please contact us.
This Privacy Policy was last updated on Thursday, December 15, 2022