Privacy Policy

Effective Date: January 1, 2025

PRIVACY POLICY

1. Information on the collection and processing of personal information and contact information of the person in charge

1.1 Thank you for visiting Bella's Boutique Hamilton website. Below, we will inform you about the processing of personal information when using the website. Personal information means any data that can personally identify you.

1.2 The person responsible for the processing of personal data on this website is Bella's Boutique Hamilton. The person responsible means the natural person or legal entity that alone or jointly determines the purposes and means of processing personal data.

1.3 For security reasons, this website uses SSL or TLS encryption to protect the transmission of personal information and other confidential content (e.g. orders or contacts to the responsible person). An encrypted connection can be identified by the "https://" prefix and the lock icon in the browser address bar.

2. Data collection when visiting the website

If you use the website for information purposes only (i.e. do not register or provide any other information), we only collect data that your browser transmits to our server (so-called "server log files"). When you visit the website, we collect the following data, which is technically necessary for displaying the website:

Websites visited Connection date and time Amount of data transferred (bytes) Source/reference to the page you accessed Browser used Operating system used IP address (may be anonymized)

This data processing is carried out on the basis of our legitimate interests to improve the stability and functionality of the website in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). The data will not be transferred or used for any other purposes. However, we reserve the right to review server log files in the event of specific evidence of unlawful use.

3. Cookies

To make your visit to our website more attractive and to enable you to use certain functions, we use so-called cookies on various pages. Cookies are small text files that are stored on your device. Some cookies are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your device and enable us to recognize your browser on your next visit (persistent cookies). When a cookie is set, we collect and process certain user information, such as browser and location data, IP address values. Persistent cookies are automatically deleted after a predefined period of time, which can vary depending on the cookie.

Some cookies are used to store settings to simplify the ordering process (e.g. to store the contents of a virtual shopping cart for later use on your visit to the website). If personal data is processed through individual cookies implemented by us, this processing is carried out in accordance with PIPEDA for the performance of a contract or to protect our legitimate interest in ensuring optimal functionality of the website and user-friendly and efficient visits to the pages.

We may work with advertising partners to provide you with a more interesting website. For this purpose, cookies from our partner companies (third-party cookies) may be stored on your hard drive when you visit our website. If we work with the advertising partners mentioned above, we will inform you separately about the use of these cookies and the scope of information collected below.

You can set your browser to notify you of cookie settings and decide whether to accept them on an individual basis, or to refuse to accept cookies in certain cases or generally. Each browser has a different way of managing cookie settings. This is explained in the help menu of each browser, which explains how to change your cookie settings. Information for your browser can be found at the following links:

Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookiesFirefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en Safari: https://support.apple.com/kb/ph21411?locale=de_DE Opera: https://help.opera.com/en/latest/web-preferences/#cookies

If you do not accept cookies, the functionality of our website may be limited.

4. Contact information

When you contact us (e.g. via a contact form or email), personal data is collected. In the case of a contact form, the data collected can be found on the form. This data is stored and used solely for the purpose of responding to your request or contacting you. The legal basis for processing your data is our legitimate interest in responding to your request pursuant to PIPEDA. If your contact is aimed at entering into a contract, the additional legal basis is the necessity for the performance of the contract. Your data will be deleted after the final processing of your request, provided that there are no legal retention obligations. 5. Data processing when opening a customer account and processing a contract

In accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), we will continue to collect and process the personal data you provide to us for the purpose of executing a contract or when opening a customer account. The collected data can be viewed in the relevant input form. You can delete your customer account at any time by sending a message to the responsible contact. We will use the data you provide to process the contract. After completion of the contract or deletion of your customer account, your data will be blocked in accordance with tax and commercial retention periods and will be deleted after these periods expire, unless you have expressly consented to further use of your data or we are legally permitted to retain it.

5. Data Processing for Customer Account Creation and Contract Fulfilment

In accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA), the personal information you provide to us for the purpose of fulfilling a contract or creating a customer account will be collected and processed as necessary. The specific information being collected can be found in the relevant input form.

You may request to delete your customer account at any time by contacting the designated representative. The information you provide will be used solely for processing and managing the contractual relationship.

Once the contract is fulfilled or your customer account is deleted, your data will be retained only as long as necessary to meet legal, tax, or regulatory obligations. After these retention periods have expired, your data will be securely deleted or anonymized. Exceptions may apply if you have explicitly consented to extended use of your data or if we are legally permitted to retain it for other purposes.

---

6. Use of your data for direct marketing

6.1 Subscribing to our email newsletter

If you subscribe to our email newsletter, we will regularly send you information about our offers. The only information required for sending the newsletter is your email address. The provision of additional data is optional and is used to address you personally. We use a double opt-in procedure to confirm your consent. This means that we will only send you a newsletter if you have explicitly confirmed your consent to receive it. After subscribing, you will receive a confirmation email asking you to verify your subscription by clicking a confirmation link.

By clicking the confirmation link, you consent to the use of your personal data in accordance with PIPEDA. When subscribing to the newsletter, we store the IP address assigned by your Internet Service Provider (ISP), as well as the date and time of subscription, to prevent misuse of your email address. The data collected during the newsletter subscription will be used solely for newsletter distribution. You can unsubscribe at any time using the link provided in the newsletter or by contacting the person responsible as mentioned above. Once you unsubscribe, your email address will be immediately removed from our mailing list, unless you have expressly consented to further use or we are legally permitted to retain it.

---

6.2 Sending email newsletters to existing customers

If you have provided us with your email address when purchasing a product or service, we may send you email updates about similar products or services from our range on a regular basis. In this case, we do not require your separate consent. This data processing is based on our legitimate interest in personalized direct marketing in accordance with PIPEDA. If you initially opted out of receiving emails, we will not send any messages. You may object to the future use of your email address for marketing purposes at any time by contacting the responsible party listed above. You will only be charged for the standard cost of transmission. Once we receive your objection, we will immediately stop using your email address for advertising purposes. 7. Data processing during order processing

7.1 The personal data we collect will be transferred to the delivery company solely for the purpose of delivering the goods, and only when necessary for the fulfillment of your order. Likewise, we will transfer your payment data to the relevant payment service provider, strictly for processing your payment. The legal basis for these transfers is the necessity for the performance of the contract in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

---

7.2 Use of Payment Service Providers

We work with trusted third-party payment service providers to securely process payments. Your payment data is only transmitted when necessary and in accordance with PIPEDA. These providers may include:

• Stripe
  If you choose to pay via Stripe, your payment information will be securely transmitted to Stripe Payments Canada, Ltd. Stripe may perform identity or fraud verification as part of the transaction. For details, refer to Stripe’s privacy policy: https://stripe.com/en-ca/privacy

• PayPal
  If you select PayPal as your payment method, we will transmit your payment details to PayPal Canada Co. for processing. For more information on how PayPal handles your data, visit: https://www.paypal.com/ca/webapps/mpp/ua/privacy-full

• Credit Card Payments (Visa, Mastercard, etc.)
  When paying by credit card, your information will be transmitted to the relevant credit card provider (e.g., Visa, Mastercard, American Express) through a secure payment gateway. Your payment data is encrypted and handled according to the Payment Card Industry Data Security Standard (PCI DSS). We do not store any credit card information on our servers.

8. Contact for Review Notifications

Self-review notifications (not sent via customer review system)

We may use your email address to send you a request for a product or service review if you have explicitly consented to this during or after your order. This processing is conducted in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA). You may withdraw your consent at any time by contacting our Privacy Officer at the email address provided in this policy.

---

9. Use of Social Media: Social Plug-ins

9.1 Facebook Plug-in (Shariff Solution)

Additional customs clearance costs and/or import duties are not included in the product price and are the responsibility of the customer.

Our website uses so-called social plug-ins (“plugins”) from the social network Facebook, operated by Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (“Facebook”).

To enhance your data privacy, these buttons are not fully integrated as plugins. Instead, they are embedded using HTML links. This means that no connection to Facebook servers is established simply by visiting our website. Only when you click on the button will a new browser window open, directing you to the Facebook platform where you may interact with the plugin (after logging in, if necessary).

Meta Platforms, Inc. is based in the United States and, at the time of writing, has been certified under the EU-U.S. Privacy Shield Framework, designed to provide an adequate level of data protection equivalent to that in the European Union.

For further details on how Facebook collects, processes, and uses your personal data, and your rights and privacy settings, please consult Facebook’s privacy policy:
https://www.facebook.com/policy.php

---

9.2 Instagram Plugin (Shariff Solution)

Our website uses so-called social plug-ins (“plugins”) for the online service Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

To protect your data privacy, these buttons are not fully integrated as plugins. They are displayed using HTML links, which ensures that visiting a page containing these buttons will not automatically connect you to Instagram’s servers. Only when you click the button will a new browser window open and direct you to the Instagram platform, where you may interact with the plugin (after logging in, if necessary).

Instagram LLC is headquartered in the United States and, like its parent company Meta Platforms, Inc., has been certified under the EU-U.S. Privacy Shield Framework to ensure compliance with EU-level data protection standards.

For more information about Instagram’s data processing practices and your rights, please review Instagram’s privacy policy:

https://help.instagram.com/155833707900388/ 

10. Online Marketing

10.1 Google DoubleClick

Our website uses DoubleClick, an online marketing tool operated by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“DoubleClick”).

DoubleClick uses cookies to serve relevant ads, enhance campaign performance, and prevent repetitive ads. Google assigns a unique cookie ID to your browser to track which ads were displayed and to avoid displaying the same ad multiple times. This processing is carried out based on our legitimate interest in the optimal marketing of our website, in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).

DoubleClick may also track conversions using the cookie ID, such as when a user visits a website and completes a purchase after clicking a DoubleClick ad. According to Google, the DoubleClick cookie does not store personal information.

By using this tool, your browser automatically establishes a direct connection to Google’s servers. We do not control the extent of data collected by Google, but to our knowledge, integrating DoubleClick enables Google to track which parts of our site you’ve visited or which ads you interacted with. If you’re logged into a Google account, this visit may be linked to your profile. Even if you’re not logged in, your IP address could still be recorded.

If you wish to opt out of this tracking, you can disable cookies for ad preferences through these links:

• https://www.google.de/settings/ads

• https://www.aboutads.info

You can also configure your browser settings to manage cookies individually or block them completely. Please note: deleting your cookies may reset these settings. Refusing cookies may limit some website functionality.

Google LLC is based in the United States and has been certified under the EU-U.S. Privacy Shield Framework, which confirms that it meets privacy standards comparable to those in Canada and the EU.

You can read more about Google’s DoubleClick privacy practices here:
https://www.google.de/policies/privacy/

---

10.2 Use of Google AdWords Conversion Tracking

We also use the Google AdWords online advertising program, including conversion tracking, to measure advertising effectiveness. AdWords allows us to display relevant ads across third-party websites and Google search results. The collected data helps us analyze the success of advertising campaigns and tailor our marketing strategies.

When you click on a Google AdWords ad, a conversion tracking cookie is placed on your browser. This cookie is a small text file that expires after 30 days and does not personally identify you. If you visit a certain page on our website during this period, Google and we will be able to recognize that you clicked on the ad and were redirected to our site.

Each Google AdWords customer gets a unique cookie, meaning the cookie is not tracked across multiple AdWords customer websites. The data is used to generate anonymous conversion statistics—such as how many users clicked an ad and reached a page with a conversion tag. No personal identifying data is shared with advertisers.

If you prefer not to be tracked, you can disable this functionality by changing your browser settings or blocking the conversion tracking cookie. In that case, you won’t be included in conversion tracking metrics.

Our use of Google AdWords is based on our legitimate interest in targeted advertising and audience measurement in accordance with PIPEDA.

Google LLC is certified under the EU-U.S. Privacy Shield Framework.

More information is available in Google’s privacy policy:
https://www.google.de/policies/privacy/

To opt out of interest-based Google advertising permanently, you can install the following browser add-on:
https://www.google.com/settings/ads/plugin?hl=de

Please note: disabling cookies may affect the functionality of certain parts of our website. 

11. Web Analysis Services

Google (Universal) Analytics

Our website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies stored on your device to help analyze how users interact with the site. The information collected via the cookie about your use of the website (including a shortened version of your IP address) is typically transmitted to a Google server and stored there.

We use Google Analytics with the _anonymizeIp() function, which ensures that your IP address is truncated by Google before transmission within countries of the European Economic Area (EEA) or other jurisdictions that support data minimization. Only in exceptional cases will your full IP address be transmitted to a Google server in the USA and shortened there. This data processing is based on our legitimate interest in statistical analysis of user behavior for optimization and marketing purposes, in line with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA).

Google processes this information on our behalf to analyze your use of the website, compile reports on website activity, and provide related services. Your anonymized IP address will not be merged with other Google data.

You can prevent cookies from being stored by adjusting your browser settings. However, doing so may limit some features of our website. You can also prevent the data collected by cookies (including your IP address) from being transmitted to and processed by Google by installing the following browser plugin:
https://tools.google.com/dlpage/gaoptout?hl=en

Alternatively, you can use an opt-out cookie to disable Google Analytics on your browser or mobile device. This cookie only works on the specific browser and domain you apply it to. If you clear your cookies, you must reset it.
Click here: Disable Google Analytics

Google LLC is based in the U.S. and certified under the EU-U.S. Privacy Shield Framework, ensuring comparable levels of data protection.

We also use Google Analytics' cross-device tracking via User ID. A unique, persistent, and anonymized ID is assigned when you access the website for the first time, allowing session data from multiple devices to be linked. This user ID does not contain personal information and is not shared with Google.

You can object to data collection via User ID at any time. To do so, disable Google Analytics on every device you use.

Learn more:
https://support.google.com/analytics/answer/2838718?hl=en

---

12. Retargeting/Remarketing/Recommendation Advertising

Facebook Custom Audiences via Facebook Pixel

Our website uses the Facebook Pixel by Meta Platforms, Inc. (formerly Facebook Inc.), 1 Hacker Way, Menlo Park, CA 94025, USA. With your explicit consent, this tool helps track user actions after interacting with a Facebook advertisement. This allows us to measure the success of Facebook ads and improve future advertising efforts.

The data collected via the pixel is anonymized for us and does not personally identify you. However, Meta may link this information to your user profile and use it for advertising purposes in accordance with their data usage policy:
https://www.facebook.com/about/privacy/

You can allow Meta and its partners to show you ads across Facebook platforms and beyond. This may involve placing cookies on your device. Processing will occur only if you explicitly consent and in compliance with PIPEDA.

Only users aged 13 or older may give consent for Facebook Pixel. If you are under 13, please obtain permission from a parent or legal guardian.

Meta is headquartered in the United States and certified under the EU-U.S. Privacy Shield Framework.

You can disable third-party cookies (including Facebook) via your browser settings or by visiting:
https://www.aboutads.info/choices/

---

Google AdWords Remarketing

We use the Google AdWords Remarketing feature offered by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This enables us to show interest-based ads on Google Search and across third-party websites. For this, Google sets a cookie in your browser to track your visit and customize ads based on your past site interactions.

This use of cookies is based on our legitimate interest in effective website promotion in accordance with PIPEDA.

Further data processing (e.g., cross-device tracking) only occurs if you consent and are logged into your Google account. In this case, your Google account data is temporarily combined with your Google Analytics profile to build audience segments.

To disable interest-based Google ads permanently, install this plugin:
https://www.google.com/settings/ads/onweb/

Or manage your cookie preferences through the Digital Advertising Alliance:
http://www.aboutads.info/

Note: Blocking all cookies may restrict certain features on our site.

More info about how Google uses advertising data:
https://www.google.com/policies/technologies/ads/

13. Data Subject Rights

13.1 Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have comprehensive rights regarding the collection, use, and disclosure of your personal information. These rights include:

• Right to access: You have the right to request information about the personal data we hold about you, the purposes of processing, the categories of data processed, the recipients or types of recipients to whom the data has been disclosed, the intended retention period, and the source of the data if it was not collected directly from you. You may also request details regarding the existence of automated decision-making (including profiling), and meaningful information about the logic involved and the consequences of such processing.

• Right to request correction: You have the right to request the correction or completion of inaccurate or incomplete personal information held by us.

• Right to erasure: You may request the deletion of your personal information, subject to legal obligations that require us to retain certain data. This right does not apply where the data must be kept for reasons such as compliance with legal obligations, public interest, or the exercise or defense of legal claims.

• Right to restrict processing: You may request that we restrict the processing of your personal data if (i) you contest its accuracy, (ii) the processing is unlawful and you oppose deletion, (iii) we no longer need the data but you require it for legal claims, or (iv) you have objected to the processing and a verification of our overriding interests is pending.

• Right to be informed of disclosures: If you have requested correction, deletion, or restriction of processing, you may also request that we inform all third parties to whom we have disclosed your personal data—unless this proves impossible or involves disproportionate effort.

• Right to data portability: You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another organization where feasible.

• Right to withdraw consent: You may withdraw your consent to our processing of your personal data at any time with future effect. This will not affect the lawfulness of any processing based on your consent before its withdrawal. If there is no other lawful basis for continuing to process your data, it will be deleted following your withdrawal of consent.

• Right to lodge a complaint: If you believe that your personal data has been mishandled in breach of PIPEDA, you have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) at https://www.priv.gc.ca, or with your provincial privacy authority if applicable.

---

13.2 Right to Object

If we process your personal data based on our legitimate interests, you have the right to object at any time to the future processing of your data on grounds relating to your particular situation.

If you exercise this right, we will stop processing your data unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or the processing is necessary for legal claims.

If your personal data is being processed for direct marketing purposes, you have the right to object at any time without giving a reason. Once you object, we will cease processing your data for such marketing purposes immediately.

---

14. Retention Period of Personal Information

We retain your personal data only as long as is necessary for the purposes outlined in this policy or to meet our legal and regulatory obligations, such as tax and commercial retention periods.

Once the applicable retention period has expired and the data is no longer needed for any legitimate or contractual purpose, it will be securely deleted or anonymized, unless you have given consent for a longer retention period or such retention is otherwise legally permitted.