Supplemental Privacy & Cookie Notice for Visitors from the European Economic Area
European Union Regulation 2016/679 of 27 April 2016, governing the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“EU GDPR“), requires us to provide additional and different information about our data processing practices to data subjects in the EEA.
We use the following web cookies and other information technologies to provide features on our web and mobile sites to users in the EEA, including cookies that deliver basic visitor experiences, fuller website experiences such as interactivity with third-party content, and our interest-based advertising on other websites.
The following types of cookies (and cookie technology) are enabled when a web or mobile user visits this website:
Cookies (and cookie technology) and their functions
|Cookie / Technology Type
||Enables visitors’ input, choices, or selections across their website experience. Examples include maintaining a shopping cart during a visit or a form throughout a transaction.
||Identifies visitors through the website after they log in.
|Multimedia Player Cookies
||Ensures such things as image quality, network link speed, or buffer information for video and audio playback.
|Load-balancing Session Cookies
||Directs website traffic to a particular datacenter for the quickest website access, and enables visitors to return to that datacenter if needed.
|Visitor Customization Cookies
||Stores preferences and visitor experiential histories: remembers language preference, product-page display preference, and whether certain visitor experiences should be displayed, such as email marketing signup, based on past experiences.
|Social Media Plug-in Cookies
||These cookies from social media platforms (like Facebook and Instagram) facilitate content sharing on those platforms.
|Interest Based Advertising Cookies
||Enables our advertising vendors to deliver tailored ads to our visitors on other websites. The ads are based on a visitor’s combined online and offline (e.g. in-store) shopping history and experience with us, as well with our vendors’ network of advertisers.
||Enables us to do things like estimate number of visitors, detect most used search-engine keywords that lead to a webpage, measure page load times, administer visitor surveys, identify navigation issues, and improve web capabilities.
As exceptions, we rely on your consent with respect to cookies and direct marketing emails per Art. 6.1(a) EU GDPR, and legitimate interests under Art. 6.1(f) EU GDPR, especially with respect to situations where we must process your personal data to comply with applicable laws (as a U.S.-based company, we are subject to U.S. laws and must comply, just like EEA-based companies have to comply with EEA laws).
Recipients or categories of recipients of your personal data are employees of our company and affiliated and non-affiliated services providers who have a need to know.
When you access our Services, you transfer your personal data to the United States of America for which the European Union Commission has not yet issued an unlimited adequacy decision.
We will process and keep your personal information for as long as is necessary for the purposes set out in this Policy, for our legitimate business needs, and for compliance with the law.
You have a right to request from us these EU GDPR rights concerning your personal data: access to data; rectification of data; erasure of data; restriction on processing; objection to data processing; and data portability. You can exercise these rights through a combination of actions: accessing the information in your account or exercising your opt-out options through our Services.
If you have provided consent for direct marketing emails or other data processing, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to lodge a complaint with a supervisory authority.
We do not use automated decision-making, including profiling, as referred to in Article 22(1) EU GDPR, that is, in a way that produces legal effects concerning you or significantly affects you. Our Services’ customization technologies and e-commerce processes are automated, but do not produce legal effects or affect you significantly as contemplated by Art. 22(1) or (2) EU GDPR.
You can contact us with any questions, or to exercise your rights by sending a message to our SANTA CHRISMAS Concierge.