Dear Member of The Organized Mess Design Clothing Accessories and Trade Ltd. Co. (“Company”),

The Shopify infrastructure, developed with the principle of “secure shopping” and “privacy of personal information,” operates with advanced communication protocols, primarily SSL technology. 

The credit card information requested on the payment page is never stored on the servers of the Company or its service providers, in order to ensure the highest level of security for our valued customers who shop on the site. In this way, all payment-related transactions are conducted between your bank and your computer via the Company’s interface. 

To protect yourself from insecure sites where personal information may be abused, ensure that the web address on the page where you enter your credit card information has changed from http to https. If you are using Internet Explorer, ensure that a lock icon appears in the lower-left corner of your browser; if you are using Firefox or Netscape, make sure the icon in the lower-right corner shows a lock or key symbol with a blue stripe.

For more detailed information regarding your personal data, please review the Privacy Notice for Website Visitors and the Cookie Policy. You can share your experiences and questions regarding secure shopping at www.theorganizedmess.com with us via email at hello@theorganizedmess.com.

Legal Basis for Processing Personal Data

We process your personal data based on the following legal grounds, as required under the General Data Protection Regulation (GDPR):

• Contractual Necessity: We process personal data to fulfill our contractual obligations with you, such as processing payments and delivering products.

• Consent: In cases where you provide explicit consent, such as for marketing emails, we process your personal data based on your permission.

• Legitimate Interest: In certain situations, we may process your data for purposes such as improving our services, fraud detection, and ensuring the security of our systems, provided these interests do not override your rights.

• Compliance with Legal Obligations: We may process your personal data to comply with applicable laws and regulations.

Your Rights as a Data Subject

Under the GDPR, you have the following rights concerning your personal data:

1. Right to Access: You can request a copy of your personal data that we hold.

2. Right to Rectification: If any data is incorrect or incomplete, you have the right to have it corrected.

3. Right to Erasure (“Right to be Forgotten”): You can request the deletion of your personal data, subject to certain exceptions (e.g., if required by law).

4. Right to Restrict Processing: You may ask us to limit the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

5. Right to Object: You can object to the processing of your personal data if it’s being processed based on our legitimate interests or for direct marketing purposes.

6. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format and to have it transferred to another data controller where technically feasible.

7. Right to Withdraw Consent: If we process your data based on consent, you can withdraw your consent at any time, though this will not affect the lawfulness of the processing before the withdrawal.

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data, and whether we can achieve those purposes through other means.

In some cases, we may anonymize your personal data (so it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Sharing of Personal Data with Third Parties

We do not sell, trade, or otherwise transfer your personal data to outside parties without your consent, except as outlined in this Privacy Notice.

We may share your personal data with trusted third parties who assist us in operating our website, conducting our business, or servicing you, such as:

• Payment processors (e.g., Shopify Payments, PayPal)

• Shipping and logistics companies

• Service providers for IT support, website hosting, and data storage

These third parties have access to personal data only to perform these tasks on our behalf and are obligated to comply with GDPR standards, including security and confidentiality obligations.

International Transfers

In certain situations, we may transfer your personal data to countries outside the European Economic Area (EEA), such as when our service providers or partners are located in other regions.

Whenever your data is transferred outside the EEA, we ensure that adequate safeguards are in place to protect your personal data, such as:

• Implementing standard contractual clauses approved by the European Commission.

• Transferring data only to countries deemed to have adequate data protection laws by the European Commission.

Cookie Policy and Consent

We use cookies and similar tracking technologies to enhance your browsing experience and to provide personalized content and advertisements. Cookies allow us to:

• Remember your preferences and shopping cart.

• Analyze traffic and usage patterns on our website.

• Improve the functionality and security of our website.

You have the option to accept or decline non-essential cookies when you visit our site. You can also manage your cookie preferences by adjusting your browser settings. For more details, please refer to our Cookie Policy.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority (within 72 hours) in compliance with GDPR. If the breach results in a high risk to your personal data, we will also communicate this directly to you.

We wish you a pleasant shopping experience…