This section provides additional information for people in the European Economic Area (EEA) or United Kingdom (UK). The terms used in this section have the same meaning as in the General Data Protection Regulation and the UK Data Protection Act (GDPR). The term “personal information” as used in this notice has the same meaning as “personal data” in the GDPR.

Collection and Disclosure of Personal Data

The personal data we collect and how we share it is described above in our Privacy Policy.

We may disclose your personal information to the following third party controllers for business purposes:Wave, Vested, Concord, Pinterest Ads, Apple Pay, PayPal - Pay with PayPal, Venmo, Pay Later, CJ, Forter, Expensify, Dyno Mapper, Mazars, Meta Ad Network. To understand how these parties handle your data, please refer to their respectiveprivacy policies.

Cookie Notice

We use cookies to improve your experience on our site and to allow us and third parties to personalize the marketing content you see on other websites and social media. Website visitors from European Privacy Law regions can control cookie settings. Manage your region specific consent settings here.

Essential Cookies

We use these cookies for things like security, logins, site errors, and processing payments. We can't turn these necessary cookies off, but you can control them in your browser.

Cookie Name	Provider	Duration
__cfruid	Chadwick Horn	Session
cart_currency	Shopify	14 Days
keep_alive	Shopify	31 Mins
localization	Chadwick Horn	1 Year
secure_customer_sig	Shopify	1 Year
shopify_pay_redirect	Shopify	1 Hour
VISITOR_INFO1_LIVE	Chadwick Horn	5 Months 27 Days
YSC	Chadwick Horn	Session

Analytics Cookies

These cookies tell us how you use our sites and apps, and provide information to help us improve your experience.

Cookie Name	Provider	Duration
_ga	Google Analytics	1 Year 28 Days
_gat	Google Analytics	2 Mins
_gid	Google Analytics	1 Day
_landing_page	Shopify	14 Days
_orig_referrer	Shopify	14 Days
_s	Shopify	31 Mins
_shopify_s	Shopify	31 Mins
_shopify_sa_p	Shopify	31 Mins
_shopify_sa_t	Shopify	31 Mins
_shopify_y	Shopify	28 Days
_y	Shopify	28 Days

Personalization Cookies

We do not use cookies to personalize content for you.

Advertising Cookies

We do not use cookies for marketing or advertising purposes.

Lawful Bases and Legitimate Interests

We process personal data on the following lawful bases:

Complying with legal obligations
Fulfilling contracts
Consent
Legitimate interests

Where we process personal data on the basis of our legitimate interests, we pursue the following interests: Creating Customer Profiles, Delivering Targeted Ads, Improving our Products & Services, Conducting Surveys, Fulfilling Customer Orders, Internal Business Operations, Meeting Compliance & Legal Requirements, Organizing & Managing Data, Processing Payments, Tracking Purchases & Customer Data, Operating Our Website or Mobile Apps, Preventing Fraud, Providing Customer Support, and Sending Promotional Communications.

International Data Transfers

We may send the personal data of individuals in the EEA/UK/CH to third countries, including the United States, where it may be stored or processed, for example on our service providers’ cloud servers. When we transfer personal data, we rely either on Adequacy Decisions as adopted by the European Commission (EC), the UK Information Commissioner's Office (ICO), or the Swiss Federal Data Protection and Information Commissioner (FDPIC) on the basis of the EU-US Data Privacy Framework, UK-US Data Bridge, and Swiss-U.S. Data Privacy Framework agreements, Standard Contractual Clauses (SCCs) issued by the EC or the FDPIC, or International Data Transfer Agreements (IDTAs) approved by the ICO. Data protection authorities have determined that the SCCs and IDTAs provide sufficient safeguards to protect personal data transferred outside the EEA/UK/CH. You may read more about international data transfer mechanisms at the following links:

Privacy Rights

Individuals in the EEA/UK/CH have the following rights regarding their personal data.Make a Privacy Request by clicking here. Once you submit a request, we will verify your identity and process your request in most cases within 30 days.

Right to access. You have the right to request a copy of the personal data we hold about you.

Right of portability. You have the right to ask us to transfer your data to another party.

Right to rectification. You have the right to request that we rectify any incorrect information we have about you.

Right of erasure. You have the right to request that we erase (delete) any personal information we hold about you.

Right to withdraw consent. You have the right to withdraw your consent at any time when we rely on your permission to process your personal data.

Right to object. You have the right to object to our use of data about you.

Right to restrict processing. In certain circumstances, you have the right to restrict our processing of your personal data to storage only, subject to some exceptions. This right applies when:

You have contested the accuracy of your personal data and we are still verifying its accuracy.
Your personal data has been unlawfully processed under the GDPR.
You need for us to keep your data in order to establish, exercise, or defend a legal claim.
You have previously objected to our processing of your personal data and the status of that review is still pending.

Right to lodge a complaint with a supervisory authority. You have a right to lodge a complaint with a supervisory authority. For more information, you can visit theInformation Commissioner’s Office website at https://ico.org.uk/, the Federal Data Protection and InformationCommissioner’s website at https://www.edoeb.admin.ch/, or see a list of EU Data Protection Authorities athttps://www.gdprregister.eu/gdpr/dpa-gdpr/.

Inquiries

Controller contact information

Sunday Riley UK

privacyuk@sundayriley.com