Privacy policy
Your privacy matters to us. This Privacy Policy explains how The Secret Garden of Chicago ("we," "us," or "our") gathers, utilizes, stores, and safeguards your personal data when you browse our website, place an order, or engage with any of our services. By accessing or using our services, you confirm that you have read, understood, and agree to the practices described herein.
1. Personal Information We Gather
We obtain personal data in two primary ways: information you voluntarily provide and data we automatically collect through your interactions with our platform.
1.1 Information You Provide Directly
| Category | Details |
|---|---|
| Contact Details | Full name, email address, phone number, billing address, and shipping address |
| Payment Data | Credit card, debit card, and other payment credentials — processed securely via third-party payment gateways and never stored on our servers |
| Account Profile | Username, password, and saved preferences upon account creation |
| Purchase History | Products browsed, added to cart, bought, returned, or exchanged, along with complete transaction records |
| Correspondence | Any details shared through customer inquiries, feedback forms, or support requests |
1.2 Information Collected Automatically
When you navigate our website, we may automatically capture:
- Device identifiers — IP address, browser version, operating system, and device type
- Usage patterns — Pages viewed, links clicked, time spent on pages, and referral sources
- Location data — Approximate geographic location derived from your IP address
2. How We Obtain Your Data
Your personal information may be sourced from:
- Direct interactions — Account registration, order placement, form submissions, or direct communications with our team
- Automated tracking — Cookies, web beacons, pixel tags, and analogous technologies deployed across our site
- Third-party partners — Payment processors, logistics carriers, analytics platforms, and advertising networks that assist us in delivering and improving our services
3. Purposes for Using Your Information
We leverage the personal data we collect for the following objectives:
3.1 Order Processing and Fulfillment
- Confirming, shipping, and delivering your purchases
- Sending order confirmations, tracking notifications, and delivery status updates
- Handling returns, refunds, and product exchanges efficiently
3.2 Customer Support
- Responding to your questions, concerns, and service requests in a timely manner
3.3 Account Administration
- Establishing and maintaining your personal account
- Storing your saved preferences, wish lists, and browsing history for a customized experience
3.4 Marketing and Promotional Outreach
- Delivering newsletters, special offers, and promotional content via email (opt-out available at any time)
- Serving tailored advertisements based on your purchase behavior and browsing patterns
3.5 Security and Fraud Mitigation
- Detecting, preventing, and responding to fraudulent or unauthorized activities
- Verifying user identity to safeguard account integrity
3.6 Legal and Regulatory Obligations
- Complying with applicable laws, regulations, and legal processes
- Enforcing our terms of service and protecting our legal rights
4. Information Sharing Practices
We may disclose your personal data to the following categories of recipients:
| Recipient Type | Purpose |
|---|---|
| Service Providers | Payment gateways, shipping partners, email platforms, cloud hosting, and IT support vendors who facilitate day-to-day operations |
| Advertising Partners | Platforms that assist with targeted ad delivery and marketing performance analytics |
| Legal Authorities | When compelled by law, court order, subpoena, or to defend our rights, property, or safety |
| Business Successors | In scenarios involving mergers, acquisitions, asset transfers, or bankruptcy proceedings |
Important: We do not sell your personal information to third parties for their independent marketing use without your explicit consent.
5. Cookies and Tracking Technologies
Our website employs cookies and similar digital tools to:
- Enhance your browsing experience and site navigation
- Analyze traffic patterns and website performance
- Personalize content and product recommendations
Cookies are small text files placed on your device when you visit our site. You retain full control over cookie preferences through your browser settings. Please note that disabling cookies may limit certain website functionalities.
For more details, please refer to our dedicated Cookie Policy page.
6. California Consumer Privacy Act (CCPA) Disclosures
If you are a California resident, the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA), grants you additional rights regarding your personal information. This section outlines those rights and our corresponding practices.
6.1 Categories of Personal Information Collected
Under CCPA, the categories of personal information we have collected within the preceding 12 months include:
| CCPA Category | Examples of Data We Collect | Collected? |
|---|---|---|
| A. Identifiers | Name, email, mailing address, IP address, account username | Yes |
| B. Personal Information (Cal. Civ. Code 1798.80(e)) | Name, address, telephone number | Yes |
| C. Protected Classification Characteristics | Not intentionally collected | No |
| D. Commercial Information | Purchase history, products viewed, items in cart | Yes |
| E. Biometric Information | Not collected | No |
| F. Internet / Electronic Network Activity | Browsing history, search queries, interaction data with our website | Yes |
| G. Geolocation Data | Approximate location via IP address | Yes |
| H. Sensory Data | Not collected | No |
| I. Professional or Employment Information | Not collected | No |
| J. Education Information | Not collected | No |
| K. Inferences | Preferences, characteristics, purchasing behavior patterns | Yes |
| L. Sensitive Personal Information | Not collected (we do not process SSN, financial account numbers, or precise geolocation) | No |
6.2 Sources of Personal Information
- Directly from you (account creation, purchases, inquiries)
- Automatically through website interactions and tracking technologies
- From third-party service providers (payment processors, advertising platforms, analytics tools)
6.3 Business Purposes for Collection
We collect and use personal information for the business purposes defined under CCPA, including:
- Fulfilling customer orders and providing requested services
- Fraud detection and security enhancement
- Marketing optimization and personalized advertising
- Website functionality improvement and analytics
- Compliance with legal and regulatory requirements
6.4 Sale and Sharing of Personal Information
Under CCPA, "sale" has a broad definition that may include certain data transfers to advertising and analytics partners.
- In the preceding 12 months, we may have shared certain personal identifiers and internet activity data with advertising partners for cross-context behavioral advertising purposes.
- We have not sold personal information for monetary consideration.
- You have the right to opt out of the sale or sharing of your personal information.
We do not have actual knowledge that we sell personal information of consumers under 16 years of age.
6.5 Your CCPA Rights
As a California resident, you are entitled to the following rights:
Right to Know You may request disclosure of the specific pieces and categories of personal information we have collected about you, the sources of collection, business purposes, and the third parties with whom we share data.
Right to Delete You may request the deletion of your personal information, subject to certain legal exceptions (e.g., completing a transaction, detecting fraud, exercising free speech, or complying with legal obligations).
Right to Correct You may request the correction of inaccurate personal information in our records.
Right to Opt-Out of Sale/Sharing You may instruct us to stop selling or sharing your personal information for cross-context behavioral advertising at any time.
Right to Limit Use of Sensitive Personal Information While we do not currently process sensitive personal information, should our practices change, you will retain the right to limit its use to purposes strictly necessary for service delivery.
Right to Non-Discrimination We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or denial of services for making a privacy-related request.
6.6 How to Exercise Your CCPA Rights
You may submit a verifiable consumer request by:
- Email: info@thesecretgardenofchicago.com
- Phone: 773-827-4560
- Mail: The Secret Garden of Chicago, 662 N Dearborn St, Chicago, IL 60654, United States
To protect your privacy, we may require identity verification before processing your request. We aim to respond within 45 days and will notify you if an extension is needed (up to an additional 45 days).
6.7 Authorized Agents
You may designate an authorized agent to submit a request on your behalf. We may require written authorization and identity verification from both you and the agent.
6.8 Financial Incentive Programs
We do not currently operate loyalty programs, discount clubs, or other financial incentive programs that involve the collection of personal information. Should this change, we will provide clear disclosures and obtain opt-in consent as required by CCPA.
6.9 Metrics
Under CCPA regulations, we may be required to publish metrics regarding consumer requests received. Should such metrics become applicable, they will be made available upon request by contacting us at the information above.
7. General Data Security Measures
We employ a combination of administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:
- SSL/TLS encryption for data in transit
- Secure payment processing through PCI-DSS compliant providers
- Access controls and authentication protocols for internal systems
- Regular security audits and vulnerability assessments
While we strive to use commercially acceptable means to protect your data, no method of internet transmission or digital storage is 100% secure, and we cannot guarantee absolute protection.
8. Data Retention
We retain your personal information only for the duration necessary to fulfill the objectives outlined in this Privacy Policy, which includes:
- Delivering and supporting the services you use
- Meeting legal and regulatory compliance requirements
- Resolving disputes and enforcing contractual agreements
- Maintaining reasonable business records
When data is no longer needed, it is securely deleted or anonymized.
9. Your Additional Rights and Choices
Depending on your jurisdiction, you may also have the following rights:
- Right to Access: Obtain a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate or incomplete data
- Right to Erasure: Request deletion of your data, subject to legal exceptions
- Right to Restrict Processing: Limit how we use your data in certain circumstances
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Opt out of certain processing activities, including direct marketing
- Right to Withdraw Consent: Revoke previously granted consent at any time
Marketing Opt-Out
You may unsubscribe from promotional emails by clicking the "Unsubscribe" link at the bottom of any marketing message or by contacting us directly.
10. Children's Privacy
Our website and services are intended for users 16 years of age and older. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately, and we will take prompt steps to delete such information.
11. Third-Party Links
Our website may contain hyperlinks to third-party websites or services. We are not responsible for the privacy practices, content, or security of external sites. We strongly encourage you to review the privacy policies of any third-party platforms before sharing your personal information.
12. International Data Transfers
If you access our website from outside the United States, please be aware that your data may be transferred to, stored, and processed in the United States, where our servers and service providers are located. By using our services, you consent to the transfer of your information to the U.S., which may have different data protection laws than your country of residence.
13. Updates to This Privacy Policy
We may revise this Privacy Policy periodically to reflect changes in our practices, legal requirements, or technological advancements. The updated version will be posted on this page along with a revised "Last Updated" date. We encourage you to review this page regularly to stay informed.
14. Contact Us
Should you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:
The Secret Garden of Chicago
- Address: 662 N Dearborn St, Chicago, IL 60654, United States
- Email: info@thesecretgardenofchicago.com
- Phone: 773-827-4560
- Business Hours: Monday through Friday 9:00 AM to 6:00 PM | Saturday 10:00 AM to 4:00 PM (Central Time)
This Privacy Policy is effective as of the date stated above and applies to all users of The Secret Garden of Chicago's website and services.