Privacy Policy

General information

TCT Distributors LLC, undertakes, that the handling of the webshop’s customers data will at all times be in accordance with the current Data Protection Laws. We send newsletters only after consent, but we can send an automated (system) message without this consent. The customer agrees with the fact that TCTT Distributors LLC. will handle his or her personal details (name, address, phone number and e-mail address) to manage and fulfill orders and transfer them to cooperating individuals, organizations (courier service, the staff of TCT Distributors LLC. and it’s parent company Tattini Riding LLC, accounting firm, bank). We undertake to store the data as safely as possible.

For statistical purposes, Google (Analytics) records the data of each visitor’s browser and the device used to view the page, which will automatically be deleted within a specified time.

In addition to the above, we need to temporarily store the IP address of our site visitors and their browser’s basic properties, but these data are automatically deleted after closing the browser.

The customer declares that the personal information he or she provided is correct and agree to reimburse any damages, lost profits and costs that is incurred to avoid any harm, if the data provided is not accurate.

TCT Distributors LLC. will only use the data of the customer for issuing invoices, accounting purposes and (in case of a newsletter subscription) sending news/promotional information and won’t provide it to third parties under any circumstances (without consent).

TCT Distributors LLC. agrees to modify or delete all the saved data of the customer from all of it’s databases if he or she requests it in e-mail or in writing (with the exception of the data necessary for invoicing, because that must be preserved by the company)

Introduction

TCT Distributors LLC. (26606 E 2100 Nn Rd, Lexington IL 61753 – United States) (hereinafter referred to as “Service Provider, Data Controller”) will submit the following information.

General Data Privacy of the United States. (“GDPR”) imposes specific obligations on the data controller, which we are fulfilling these with this document.

Data subject (here in the case of the webshop user, hereinafter “the user”) must be informed prior to the processing of the data that the data management is based on a consent or binding.

Before the data is processed, the affected person must be clearly and thoroughly informed of all the facts related to his or her data management, in particular the purpose and legal basis of data management, the Data Controller and the person entitled to process it, and the duration of the data handling.

The affected person must be informed about personal data may be processed even if the consent acquisition of the person concerned is impossible or disproportionate, and the processing of personal data is

  • necessary for the fulfillment of a legal obligation for the Data Controller, or
  • necessary for the legitimate interests of the Data Controller or third party and the enforcement of this interest is proportionate to limiting the right to the protection of personal data.

The information should also include the rights and remedies available to the data subject in question.

If the information of the data subjects in person would be impossible or disproportionate (like in this case in a webshop), information may also be disclosed by disclosing the following information:

  • a) the fact of collecting data,
  • b) the affected subjects,
  • c) the purpose of data collection,
  • d) the duration of the data handling,
  • e) the person(s) getting access to this data,
  • f) a description of the rights and remedies of data subjects involved in data processing, and
  • g) if there is a place for data protection, the registration number of the Data Controller.

This Privacy Policy describes the Data Controller of the following website: https://www.tattiniboots.com and is based on the content specification above. It is available on the following page: Privacy Policy

Amendments to the policy will be published at the above address.

Data management connected to operation the webshop

The following should be set out in relation to the management of data related to the operation of a web store:

  • a) the fact of collecting data,
  • b) the affected subjects,
  • c) the purpose of data collection,
  • d) the duration of the data handling,
  • e) the person(s) getting access to this data,
  • f) a description of the rights and remedies of data subjects involved in data processing.

The fact of collecting data, the affected subjects:

GDPR requires compulsory compliance with other principles.

These principles: Personal data can only be treated fairly and legally. The data must be up-to-date and accurate, and the data controller must ensure that the You can modify any data in your user profile. Particular attention is paid to data security measures, proper organizational and technical measures make the webshop work safe.

Personal data may only be handled for a specific purpose, for the exercise of the right and for the fulfillment of the obligation. At all stages of data management, the purpose of data management must be met, data entry and management must be fair and legitimate.

Only personal data that is essential for achieving the purpose of data management can be handled to achieve this goal. Personal data can only be handled to the extent and for the duration required to achieve the goal.

Your data will be transmitted via computer data processing in order to manage your User Account. Your data is provided for quality assurance purposes and for producing statistical studies or sending commercial offers with prior consent.

(Personal information: the purpose of data collection)

Password (for registered users only): For secure access to the user account.

First and last name (for registered users and one-time customers): It is necessary to communicate, for recording the purchase and for issuing an invoice.

Company name (for registered users and one-time customers): It is necessary to communicate, for recording the purchase and for issuing an invoice.

E-mail address (for registered users, one-time customers and newsletter subscribers): Communication (it doesn’t necessarily contain personal information).

Phone number (for registered users and one-time customers): Communication, more efficient way to contact the customer about invoicing or delivery.

Billing address (for registered users and one-time customers): For issuing a proper invoice, the creation of the contract, the definition, modification, fulfillment of the fulfillment of the contract, the billing of the charges arising therefrom and the enforcement of the related claims.

Delivery address (for registered users and one-time customers): For making home delivery possible.

The date of ordering/-registration and (in case of registered users) -last login: Perform a technical operation.

The purpose of the data management is: for the Service provider is managing the personal data of the Users for the purpose of providing full use of the website, eg. the provision of a service contract, modifying, monitoring the contents of the service, billing the related fees and enforcing the related claims, and sending newsletters (with prior consent).

The affected subjects: All registered users, all one-time customers and all subscribers of the newsletter on the website are affected.

The duration of the data handling, the time of data deletion:

  • For registered users: Immediately after deleting their registration.
  • For one-time customers: 14 days after the order has been fulfilled.
  • For users subscribed to the newsletter: Immediately after unsubscription.

Excluding the accounting documents, which are mandatory to keep for 8 years.

The person(s) getting access to this data: Personal data can be handled by the marketing, sales, accounting, delivering and contact staff of the controller, respecting these principles.

A description of the rights and remedies of data subjects involved in data processing: The following information can be modified on the web pages: Password, first and last name, e-mail address, phone number, delivery address, billing address, company name. You can initiate the deletion or modification of your personal data in the following ways:

  • by mail on the 26606 E 2100 N Rd, Lexington IL 61753 – United States
  • by sending an e-mail to info@tattiniboots.com
The details of the data processor (hosting provider) used for data handling:
Company name: GoDaddy
Address: 1 Parsons Dr, Hiawatha, IA 52233
Phone: +1 (480) 505-8877

Legal basis for data handling: the consent of User.

Information about the used cookies

What are cookies?

Cookies are files created by websites you visit to store browsing information, such as page settings or selected languages, etc.

Our webstore uses cookies to help users browse and increase their user experience.
Their content can be verified, in order to make browsing more effective. These cookies do not contain any information from what you could be identified. It is important to point out that making the computer accessible to others can also change cookie functionality.

There are two types of cookies: the cookies created by the website you are currently browsing and third party cookies such as ads or embedded images on that page.

To ensure proper functionality, the cookies generated by our own website must be used at all times.

The other type makes it possible to record which products, services you’ve selected, pages you’ve visited – by disabling them, your browsing content will not be personalized, and any ads that may appear may be irrelevant to you. If you decline to use these, you can disable them by clicking the “I refuse” link in the “Cookie Policy” tab at the bottom of the page.

All browser programs allow you to manage, delete, or disable cookies in the settings.

Cookie handling

The following has to be defined about cookie data management of the webshop:

  • a) the fact of collecting data,
  • b) the affected subjects,
  • c) the purpose of data collection,
  • d) the duration of the data handling,
  • e) the person(s) getting access to this data,
  • f) a description of the rights and remedies of data subjects involved in data processing.

Websites feature cookies include so-called “cookies that are mandatory for the session,” “functional cookies for shopping carts,” and “security cookies”, which require no prior consent from the affected users. Additionally, “cookies provided by a third party (such as a social networking site) may also appear on our pages.

The fact of collecting data, the affected data: unique identification number, dates and times.

The affected subjects: All webshop visitors are affected.

The purpose of data collection: to identify users, save user comfort settings, create statistics, and track visitor clicks on our site.

The duration of the data handling, the time of data deletion:

  • automatic login (for registered users only): identification at login (encrypted user ID), deleted after 60 days,
  • chosen currency: deleted after 1 year,
  • chosen language: deleted after 1 year,
  • selected size chart: deleted after 1 year,
  • visible products per page: deleted after 1 year,
  • php session id: deleted after closing the browser.

The person(s) getting access to this data: Personal data can be handled by the Data Controller staff, respecting these principles.

A description of the rights and remedies of data subjects involved in data processing: An affected person has the option to delete cookies in the Tools/Preferences menu of browsers, usually under the Privacy menu item.

Legal basis for data handling: No consent is required if the sole purpose of the use of cookies are the communication service provided through the electronic communications network or expressly requested by the subscriber or user of the provision of information society services.

Google Adwords

Use of Google Adwords Conversion Tracking

Data Controller uses the online ad program “Google AdWords” and uses Google’s conversion tracking feature within its framework. Google conversion tracking is Google Inc.’s analytics service (1600 Amphitheater Parkway, Mountain View, CA 94043, USA; “Google”).

When a user reaches a web site through a Google ad, a conversion tracking cookie will be placed on his/her computer. These cookies have limited validity and do not contain any personal information, so the User can not be identified by them.

When the user browses on certain pages of the website and the cookie has not expired, Google and the data administrator can see that the user clicked on the ad.

Each Google AdWords customer receives a different cookie so they can not be tracked through the AdWords clients’ websites.
The information, obtained through conversion tracking cookies, is intended to make conversion statistics for AdWords conversion tracking customers. Customers will then be informed about the number of users who have been submitted to, and click on their ad with a conversion tracking tag. However, they do not have access to information that could identify any user.

If you do not want to participate in conversion tracking, you can reject this by blocking the ability to install cookies in your browser. Then you will not be included in conversion tracking statistics.

For more information and Google Privacy Statement, please visit: www.google.com/policies/privacy

Use of Google Analytics

This site uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, text files that are saved to your computer to help analyze a user-visited web page.

Information generated by cookies associated with a web site used by the User is usually stored on a US Google server. By activating IP anonymization on a web site, Google has previously abbreviated the IP address of the User within the Member States of the European Union or in other States party to the Agreement on the European Economic Area.

Sending to Google’s US servers and abbreviating entire IP addresses take place in only exceptional cases. On behalf of the operator of this site, Google will use this information to evaluate how the User has used the Website and to report to the website operator about reports related to the activity of the website and to perform additional services related to website and Internet usage.

Google does not associate an IP address from Google Analytics that is transmitted by the user’s browser with other data. The storage of cookies can be prevented in the Browser’s settings, but please note that in this case, you may not be able to fully use all of the feature on this site. You can also prevent Google from collecting and processing cookie information about User’s website usage (including your IP address) by downloading and installing the browser plug-in available on the link below: https://tools.google.com/dlpage/gaoptout?hl=en

By using this Website, you expressly agree that Google will handle your personal information in accordance with the terms and conditions set forth herein. To learn about Google’s Privacy Policy, please visit the following website: https://policies.google.com/privacy?hl=en

 

Newsletter, Direct Marketing Activity

User at the time of registration may expressly consent to the Service Provider’s promotional and any other offers.

In addition, the Customer may, in keeping with the provisions of this document, consent to the Service Provider’s handling of personal data necessary for the transmission of promotional offers.

The Service Provider will not send unsolicited advertising messages and, without limitation or justification, Customer can unsubscribe free of charge from sending offers. In this case, the Service Provider removes all personal data from the registry – required for sending the advertisement messages – and stops sending promotional offers to User. You can unsubscribe from ads by clicking on the link in these messages.

The following has to be defined about data management of the newsletter sending:

  • a) the fact of collecting data,
  • b) the affected subjects,
  • c) the purpose of data collection,
  • d) the duration of the data handling,
  • e) the person(s) getting access to this data,
  • f) a description of the rights and remedies of data subjects involved in data processing.

The fact of collecting data, the affected data: name, e-mail address, date and time.

The affected subjects: Every subscriber of the newsletter.

The purpose of data collection: sending electronic messages containing advertisement to the person concerned, providing information about current offers, products, promotions, new features, etc.

The duration of the data handling, the time of data deletion: until the consent statement is withdrawn, that is until the date of the unsubscription.

The person(s) getting access to this data: personal data can be handled by the Data Controller staff, respecting these principles.

A description of the rights and remedies of data subjects involved in data processing: User can opt-out of the newsletter at any time, free of charge.

Legal basis for data handling: the voluntary contribution of the concerned

Social networking sites

The following has to be defined about data management of social networks:

  • a) the fact of collecting data,
  • b) the affected subjects,
  • c) the purpose of data collection,
  • d) the duration of the data handling,
  • e) the person(s) getting access to this data,
  • f) a description of the rights and remedies of data subjects involved in data processing.

The fact of collecting data, the affected data: the name, and public profile picture of registered users on Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. social networks.

The affected subjects: every registered user of Facebook/Google+/Twitter/Pinterest/Youtube/Instagram etc. who has “liked or followed” the website.

The purpose of data collection: sharing or “liking” on social networking sites, web site content, products, promotions, or the website itself.

The duration of the data handling, the time of data deletion, the person(s) getting access to this data and a description of the rights and remedies of data subjects involved in data processing: the source of the data, how it is handled, how it is delivered and how it is based, can be found on the given social networking site. Data management takes place on the social networking sites, so the duration of the data handling, the ways of deleting and modifying the data are governed by the rules of the respective community site.

Legal basis for data handling: subject’s voluntary consent to managing his/her personal information on social networking sites.

Data processors

In some cases, the Data Handler employs External Service Providers in order to offer some services. Data Handler cooperates with these External Service providers.

For Personal Data handled by External Service Providers, the terms and conditions of the External Service Providers’ own privacy policy are governed. The Data Controller shall do its utmost to ensure that the External Provider manages the Personal Data transmitted to them in accordance with the law and uses it solely for the purposes specified by the User or in this document and for the purposes set out below. After the 25th of May, 2018, External Service providers record, treat and process personal data transmitted by the Data Controller in accordance with the provisions of the GDPR and they make a statement about to the Data Manager.

The Data Handler informs Users about the data transfer to External Service Providers in this document.

Transporting

Activity performed by data processor: delivery of goods, transportation

The fact of collecting data, the affected data: delivery name, delivery address, telephone number.

The affected subjects: every customer requesting home delivery is involved.

The purpose of data collection: delivery of the ordered product(s) to your home.

The duration of the data handling, the time of data deletion: until the completion of home delivery.

Legal basis for data handling: the voluntary contribution of the concerned.

Online payment

Activity performed by data processor: online payment

Data processor’s name and contact information:

  1. PayPal Inc.
    2211 North First Street., San Jose, CA 95131. – USA
    Phone: +1 402-935-2050
    https://www.paypal.com/webapps/mpp/ua/privacy-full

The fact of collecting data, the affected data: billing name, billing address, e-mail address.

The affected subjects: every customer requesting online payment is involved.

The purpose of data collection: performing online shopping, verifying transactions and fraud-monitoring in order to protect users.

The duration of the data handling, the time of data deletion: until the completion of online payment.

Legal basis for data handling: the voluntary contribution of the concerned.

Customer relations and other data collection

In case user while using Data Controller’s services has a question or problem, he/she may get in touch with Data Controller on the contact options available (phone, e-mail, social networking sites, etc.) on the website.

The purpose of the data management is to contact our company, to enforce the rights of the buyer and the data controller, to manage consumer demand, and ex post verification.

Legal Basis for Data Processing: Your contribution.

Personal Data Handled: the personal Information You provide.

Data collector will delete the information provided in received e-mails, messages, over the phone, on Facebook, etc. with the name and e-mail address of the interested party as well as with any other voluntarily entered personal data, not later than five years from the date of disclosure.

If the contact is a consumer complaint, our company takes a record of the complaint and keeps a copy of the complaint for 5 years.

Data collection forms not listed in this document is provided when data is collected.

On the event of special occasions of authority request or with the authorization of the law to request of other bodies the Service Provider is obliged to provide information, communicate, transfer or make available documents.

In these cases, the Service Provider shall – to the extent that it indicates the exact purpose and exact scope of the data – hand over personal information only to the extent that is indispensable to achieve the purpose of the request.

Data security

The Data Controller plans and executes the data management operations to ensure that the privacy of the individuals concerned is protected.

The Data Controller ensures the security of the data (password, antispyware), takes technical and organizational measures and establishes the procedural rules.

Data are protected by appropriate measures by the Data Controller in particular

  • unauthorized access,
  • alteration,
  • transmission,
  • disclosure,
  • deletion or destruction,
  • accidental destruction and damage,
  • against unavailability because of the change of technology used.

The Data Controller shall ensure by means of an appropriate technical solution that the data stored in the records can not be directly linked and assigned to the data subject.

To prevent unauthorized access to personal data, to alter the data and to prevent unauthorized disclosure or use of the data, the Data Controller shall ensure:

  • the development and operation of the appropriate IT and technical environment,
  • the supervised selection and supervision of the staff involved in providing the service,
  • detailed operating, risk management and service procedures.

Based on the above, the Service provider ensures that the data he manages

  • is available to the holder,
  • is credible and authentic,
  • is verifiable unaltered.

The IT system of the Data Controller and its hosting provider protects against (among others)

  • computer fraud,
  • espionage,
  • computer viruses,
  • spam,
  • hacking,
  • and other attacks.

Legal remedy

User may object to personal data being handled if

  • the handling or transmission of personal data is only necessary to comply with the legal obligation of the Service Provider or to enforce the legitimate interests of the Service Provider, Data Provider or third party, unless data management is prescribed by law;
  • the use or transmission of personal data is done for direct business acquisition, polling or scientific research;
  • in other cases, specified by law.

The Service Provider shall examine the protest within the shortest time but not later than 15 days from the submission of the request, and decide on the matter of its validity and shall inform the applicant in writing. If the Service Provider determines the validity of the protest of the person concerned, data management – including further data collection and data transfer – will terminate, the data will be locked, and Service Provider informs those to who the personal data affected by the protest have previously been forwarded, and who are obliged to take action to enforce the right to protest.

If the User disagrees with the decision of Service provider, he or she may appeal to the court – within 30 days from the date of its communication.