Privacy Policy
PRIVACY POLICY AND DATA PROTECTION DIRECTIVE
Document Reference: LA-PP-2025-V4.2
Effective Date: August 28, 2025
Last Updated: August 28, 2025
Operator: Incroyable Solutions LLC
Brand Portal: Luxeartisanship (https://global.luxeartisanship.com)
1. LEGAL FRAMEWORK, SCOPE, AND CORPORATE COMMITMENT
1.1 Corporate Structure and Data Controller Identification
This Privacy Policy and Data Protection Directive ("Privacy Policy") governs the data processing practices of Incroyable Solutions LLC, a corporation organized and existing under applicable corporate statutes, operating the premium international e-commerce brand Luxeartisanship via its digital flagship portal located at https://global.luxeartisanship.com (the "Platform").
For the purposes of the General Data Protection Regulation (GDPR) (EU) 2016/679, the United Kingdom General Data Protection Regulation (UK GDPR), the Swiss Federal Act on Data Protection (FADP), and other globally applicable data protection statutes, Incroyable Solutions LLC operates as the primary Data Controller.
-
Registered & Operational Address: 16192 Coastal Highway, Lewes, Delaware 19958, United States.
-
Enterprise Privacy Office: care@luxeartisanship.com
-
Corporate Communications Contact: +1 (855) 510-6788
1.2 Global Regulatory Compliance Framework
This Directive is formulated to establish an unyielding, enterprise-grade framework for compliance across multiple jurisdictions. It explicitly incorporates, reconciles, and executes data processing behaviors aligned with:
-
The European Union: General Data Protection Regulation (GDPR) (EU) 2016/679.
-
The United Kingdom: Data Protection Act 2018 and the UK GDPR.
-
Switzerland: Federal Act on Data Protection (FADP) 2023.
-
The United States: California Consumer Privacy Act of 2018 (CCPA) as amended by the California Privacy Rights Act of 2020 (CPRA), alongside applicable state-level comprehensive privacy regulations (including but not limited to Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and Texas TDPSA).
-
Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial legislative frameworks (including Quebec Law 25).
-
Australia & New Zealand: Australian Privacy Act 1988 (Cth) (incorporating the Australian Privacy Principles) and the New Zealand Privacy Act 2020.
-
Southeast Asia: Singapore Personal Data Protection Act 2012 (PDPA), Malaysia Personal Data Protection Act 2010, and the Thailand Personal Data Protection Act (PDPA) B.E. 2562.
-
The Middle East & North Africa: United Arab Emirates Federal Decree-Law No. 45 of 2021 on Personal Data Protection (UAE PDPL) and Egyptian Law No. 151 of 2020 protecting Personal Data.
1.3 Scope of Application
This Privacy Policy applies universally to all natural persons accessing, interacting with, or purchasing from the Platform, including luxury patrons, prospective clients, loyalty program members, and visitors (collectively referred to as "Users", "Data Subjects", or "Consumers"). This Policy governs all processing of personal data irrespective of the geographical location of the Data Subject, the method of digital access, or the cross-border logistical vectors utilized to execute fulfillments.
2. DEFINITIONS AND LEGAL TERMINOLOGY
For the purposes of this Directive, the following definitions shall possess the meanings ascribed below:
-
"Personal Data" / "Personal Information" means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This definition explicitly encompasses "Consumer Health Data" and "Sensitive Personal Information" as defined under applicable state and federal laws of the United States.
-
"Processing" means any operation or set of operations performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
-
"Data Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For the scope of this document, Incroyable Solutions LLC is the sole Data Controller.
-
"Data Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller. This includes third-party software vendors, logistics operators, payment gateways, and marketing clouds.
-
"Consent" of the Data Subject means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her.
-
"Cross-Border Transfer" means the transmission of Personal Data across national boundaries, including transfers from the European Economic Area (EEA), the United Kingdom, or Switzerland to third countries, or transfers out of restrictive jurisdictions within Southeast Asia and the Middle East.
3. TAXONOMY OF PERSONAL DATA COLLECTED
Luxeartisanship processes multiple categories of Personal Data depending on the nature of the interaction with the Platform. We do not engage in the collection of arbitrary or unnecessary data; all processing is tailored to the provision of a bespoke, luxury e-commerce experience.
┌────────────────────────────────────────────────────────────────────────┐
│ PERSONAL DATA TAXONOMY │
└───────────────────────────────────┬────────────────────────────────────┘
│
┌──────────────────────────┼──────────────────────────┐
▼ ▼ ▼
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Identifiers │ │ Transactional│ │ Technical / │
│ & Contacts │ │ & Financial│ │ Telemetric │
└──────────────┘ └──────────────┘ └──────────────┘
3.1 Identity Information
This category encompasses explicit personal identifiers required to construct a luxury profile, authenticate system access, and guarantee lawful delivery of high-value goods.
-
First name, Middle name, Last name, Maiden name (where applicable).
-
Salutation, Honorifics, Titles.
-
Date of birth, Age verification indicators (to confirm legal capacity to enter binding contracts).
-
Passport data or national identification numbers (solely when explicitly demanded by international customs authorities, import brokers, or anti-money laundering regulations governing high-value cross-border physical luxury assets).
3.2 Contact Information
Essential vectors utilized to manage corporate communication, dispatch order progress updates, and execute secure transport.
-
Physical Billing Address (including street name, suite/apartment number, city, state/province, postal code, and country).
-
Physical Shipping and Delivery Address (including geographical coordinates, regional delivery zones, and structural access instructions).
-
Primary and Secondary Electronic Mail (E-mail) Addresses.
-
Mobile and Landline Telephone Numbers (including international country codes).
3.3 Transaction Information
Granular historical records detailing financial interactions and acquisitions executed on the Platform.
-
Details of luxury items appraised, added to shopping carts, wishlisted, or purchased.
-
Precise timestamp data regarding order placement, payment approval, processing milestones, fulfillment, and ultimate receipt.
-
Monetary values, currencies utilized, exchange rate calculations, applied promotional codes, and tier-status benefits.
-
Returns history, customer service tickets, repair/restoration requests for artisanal products, and warranty tracking logs.
3.4 Account Information
Data generated to maintain bespoke Client Portals on the Platform.
-
Encrypted, salted cryptographic hash representations of access passwords.
-
Preferences concerning regional localized storefronts, language settings, currency selections, and marketing communication vectors.
-
Loyalty program metrics, tier status levels, experiential event invitations accepted, and VIP historical interactions.
3.5 Device, Technical, and Telemetric Information
Metadata and machine-generated information capture triggered by interaction with our advanced Shopify infrastructure.
-
Internet Protocol (IP) addresses (including IPv4 and IPv6 variations), regional geolocation indicators derived from routing data.
-
Browser specifications (type, version, cryptographic capability, language configurations, active extensions).
-
Operating system architecture, device manufacturer, specific device models, screen resolutions, and system locale settings.
-
Unique device identifiers (e.g., MAC address, IMEI, IDFA for iOS devices, AAID for Android devices).
3.6 Communications and Support Information
Content generated during interactions with our concierge services and global support network.
-
Full transcript records of live chat interactions via our enterprise support lines.
-
Audio recordings of inbound and outbound customer support telephone calls (processed solely following explicit voice-consent protocols for quality assurance and fraud resolution).
-
Written correspondence transmitted via email (
care@luxeartisanship.com), postal courier, or contact web-forms.
3.7 Marketing and Behavioral Profile Information
Data utilized to curate personalized digital storefront experiences and high-end marketing campaigns.
-
Clickstream data tracking the User's navigational path through the Platform (including entry pages, specific products viewed, interaction duration, exit pages, and scroll depth).
-
Inferences drawn from browsing patterns indicating a strong affinity for specific artisanal collections, material types, or design seasons.
-
Interaction data with marketing assets (e-mail open rates, click-through metrics, SMS engagement, push notification response rates).
3.8 User-Generated Content (UGC)
Data intentionally provided by Users for public display or community building.
-
Product reviews, artistic assessments of craftsmanship, photograph submissions, and video assets uploaded directly to the Platform.
-
Public social media contributions referencing the Platform where the User has explicitly tagged or authorized Luxeartisanship to leverage their likeness or text.
4. AUTOMATED DATA CAPTURE AND ADVANCED TRACKING SYSTEMS
To provide a seamless, highly optimized, and computationally secure interface, Luxeartisanship utilizes a sophisticated network of proprietary and third-party tracking technologies, including tracking cookies, local storage objects, web beacons, pixels, and advanced Server-to-Server communication Application Programming Interfaces (APIs).
┌────────────────────────────────────────────────────────────────────────┐
│ COOKIE & TRACKING ARCHITECTURE │
├───────────────────┬───────────────────┬────────────────────────────────┤
│ Category │ Lifespan │ Primary Purpose │
├───────────────────┼───────────────────┼────────────────────────────────┤
│ Essential/Session │ Session to 1 Year │ Cart Persistence, Shop Pay Auth│
│ Functional │ 1 to 2 Years │ Localization, Currency Prefs │
│ Analytics/GA4 │ 1 Day to 2 Years │ Behavioral Analysis, Clarity │
│ Marketing/Pixels │ 90 Days to 1 Year │ Meta Custom Audiences │
└───────────────────┴───────────────────┴────────────────────────────────┘
4.1 Categorization of Digital Trackers
4.1.1 Essential and Strictly Necessary Trackers
These tracking structures are indispensable for the technical operations of the Platform. The Platform cannot execute basic configurations without them.
-
Shopify Core Cookies: Utilized to sustain cart persistence across browsing sequences, manage user session security, and stabilize the checkout ecosystem.
-
Shop Pay and Payment Gateway Cookies: Deployed to retain encrypted tokenized states for rapid, high-security transaction execution.
-
Consent Framework Trackers: Cookies configured to systematically store the granular consent preferences selected by the User via our Cookie Compliance Banner.
4.1.2 Functional Trackers
These technologies allow the Platform to remember specific localized choices made by the User, augmenting the bespoke luxury aesthetic.
-
Shopify Markets Localization Trackers: Automatically direct the User to the optimized regional storefront (e.g., adjusting language, displaying correct regional currency, and preparing local tax matrices for the EU, UAE, or US markets).
-
Font and Interface Optimization Trackers: Retain rendering parameters to guarantee that the high-fidelity visual assets display optimally on the User's terminal.
4.1.3 Analytics and Telemetry Trackers
These systems collect deep structural metrics on how Users traverse the Platform, allowing our data engineering teams to eliminate performance friction.
-
Google Analytics 4 (GA4): Processes anonymized and pseudonymized event streams, user journey maps, and real-time interaction metrics. GA4 is configured to systematically mask IP addresses prior to processing and data retention inside European and international arrays.
-
Microsoft Clarity: Deployed to capture session recordings, precise mouse-movement tracking, heatmaps, and interaction friction indicators (such as rage clicks or broken link navigation). All sensitive transaction data fields within payment inputs are systematically redacted at the device level prior to transmission to Microsoft servers.
4.1.4 Tracking Pixels and Behavior-Driven Advertising Engines
These systems translate Platform interaction behavior into highly targeted external communication campaigns across major advertising platforms.
-
Meta Pixel and Facebook Conversions API (CAPI): Operates a hybrid browser-to-server and server-to-server telemetry loop. It securely transmits behavioral actions (e.g., "Product Viewed", "Cart Initiated", "Purchase Completed") paired with hashed, privacy-safe identifiers (SHA-256 matched keys) directly to Meta Platforms, Inc. to populate Custom Audiences and drive conversion optimization across Facebook and Instagram Shops.
-
Google Ads and Google Merchant Center Conversion Tags: Used to determine return on ad spend (ROAS) and dynamically retarget prospective patrons searching for artisan goods across the Google Search and Display Networks.
-
Pinterest Shopping and Microsoft Advertising Tags: Used to evaluate performance metrics and interest indicators within the respective discovery engines.
4.2 Consent Management, Opt-Out Rights, and Browser Signals
The Platform enforces a strict Opt-In posture for all non-essential trackers for visitors residing within the European Economic Area, the United Kingdom, Switzerland, and jurisdictions with equivalent legal structures. Non-essential cookies are blocked by default until explicit affirmative consent is registered.
For citizens of the United States possessing legal rights under the CCPA/CPRA, the Platform actively listens for and honors the Global Privacy Control (GPC) and equivalent automated browser-based Do-Not-Track signals. When such a signal is detected, the Platform automatically shifts into an opt-out configuration for behavioral targeting and cross-contextual advertising trackers. Users may dynamically adjust their preferences at any time by accessing the interactive Cookie Preference Portal embedded within the footer of the Platform.
5. PURPOSES OF PROCESSING AND LEGAL BASES
Incroyable Solutions LLC operates with strict adherence to the principles of purpose limitation and legal transparency. We process Personal Data under clearly defined lawful bases as outlined by global regulations (specifically Article 6 of the GDPR/UK GDPR).
┌────────────────────────────────────────────────────────────────────────┐
│ LEGAL BASES FOR PROCESSING │
├───────────────────────────┬────────────────────────────────────────────┤
│ Legal Basis (GDPR Art. 6) │ Operational Execution Context │
├───────────────────────────┼────────────────────────────────────────────┤
│ Contractual Necessity │ Order Fulfillment, Payment Processing, Log │
│ Legitimate Interests │ Fraud Prevention, Platform Optimization │
│ Legal Obligation │ Tax Compliance (VAT/GST), Customs/AML │
│ Consent │ Klaviyo Email Marketing, SMS Campaigns │
└───────────────────────────┴────────────────────────────────────────────┘
5.1 Contractual Necessity (Art. 6(1)(b) GDPR)
Processing is mandatory to execute the core operations required to establish, maintain, and complete the contractual obligations of a purchase agreement entered into between the Consumer and Luxeartisanship.
-
Order Fulfillment & Logistics: Relaying Identity and Contact Information to global carriers, logistics hubs, and customs networks to ship physical luxury goods.
-
Payment Processing & Validation: Securely relaying financial attributes to tokenized transaction architectures (Shopify Payments, Stripe, PayPal, Amazon Pay, Apple Pay, Google Pay).
-
Account Administration: Managing the foundational technical access frameworks for individual consumer profiles.
5.2 Legitimate Interests (Art. 6(1)(f) GDPR)
Processing is necessary to satisfy the legitimate corporate interests pursued by the Data Controller, balanced meticulously against the fundamental privacy rights and freedoms of the individual.
-
E-Commerce Fraud Prevention & Enterprise Security: Utilizing internal telemetry and advanced digital fingerprinting technologies to screen transactions for criminal activity, payment fraud, identity theft, and chargeback exploitation.
-
Website Optimization & Structural Analysis: Analyzing aggregated, pseudonymized behavioral streams to fix technical bugs, optimize server scaling, and enhance visual layouts.
-
Product Recommendations & On-Site Customization: Displaying relevant artisanal collections during active sessions to optimize inventory turnover and provide a curated browsing experience.
-
Legal Defense & Asset Protection: Establishing robust historical trails to defend against litigation, intellectual property disputes, or unauthorized brand manipulation.
5.3 Legal Obligations and Regulatory Compliance (Art. 6(1)(c) GDPR)
Processing is mandated by binding statutory provisions enacted by national, federal, and international governments.
-
Tax Compliance and Auditing Frameworks: Retaining transaction receipts, invoice configurations, and calculation parameters to satisfy multi-jurisdictional tax reporting metrics (including VAT collection for the EU/UK, GST for Australia, New Zealand, and Singapore, HST/PST/QST for Canadian provinces, and localized Sales Tax calculations across individual United States jurisdictions).
-
International Trade, Import/Export, and Customs Compliance: Transmitting detailed commercial descriptions, values, and recipient verification metrics to border control entities, customs brokers, and government reporting databases to secure legal clearance.
-
Anti-Money Laundering (AML) & Sanctions Screening: Verifying transaction sources and screening names against international sanctions lists (OFAC, EU Consolidated List, etc.) when managing high-value transactions involving physical assets, ensuring zero engagement with restricted or prohibited actors.
5.4 Consent-Based Processing (Art. 6(1)(a) GDPR)
Processing is executed exclusively when the Data Subject has granted explicit, unambiguous, and documented affirmative consent.
-
Digital Marketing Communications: Dispatching curated brand announcements, private collection launches, and editorial newsletters via enterprise marketing automation networks (Klaviyo and Mailchimp).
-
Direct SMS/Telephonic Marketing: Sending real-time text-based alerts regarding cart abandonment, flash loyalty events, or delivery tracking via SMS protocols.
-
Cross-Contextual Behavioral Retargeting: Authorizing the activation of Meta, Google, and Pinterest marketing tags to map off-site luxury digital advertisements.
-
User-Generated Reviews & Public Likeness: Displaying customer-contributed imagery, textual testimonials, or video craftsmanship appraisals on the public facing Platform.
6. ENTERPRISE PAYMENT ARCHITECTURE & FINANCIAL SECURITY
Luxeartisanship operates a high-security, PCI-DSS Level 1 compliant decentralized transactional environment. The Platform does not ingest, process, or store raw, unencrypted credit card primary account numbers (PANs) on its internal servers.
6.1 Tokenization and Gateway Dissemination
When an order is submitted via the checkout terminal, payment parameters are directly intercepted and processed via encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) pipelines by specialized, certified third-party financial institutions. Data is processed through:
-
Shopify Payments & Shop Pay: Handled via Shopify's enterprise financial core, backed by localized processing partners across international jurisdictions.
-
Stripe & PayPal: Serving as global processing nodes executing autonomous risk scoring, multi-currency clearings, and instant merchant settlements.
-
Digital Wallet Protocols (Apple Pay, Google Pay, Amazon Pay): Utilizing cryptographic biometric tokens passed directly from the device operating system to the payment matrix without exposing underlying card accounts.
6.2 Advanced Fraud Screening and Chargeback Mitigation
To preserve the fiscal integrity of high-end international trade, all transactions undergo real-time algorithmic fraud review. This includes comparing IP routing metadata against billing configurations, cross-referencing global chargeback indices, and executing machine-learning threat models.
If automated systems flag an order as possessing a critical probability of fraud, processing is paused, and specialized fraud personnel may request additional verification data to safeguard the actual account holder. Failure to provide adequate security verification results in immediate cancellation of the transaction and permanent hashing of the fraudulent indicators to block future system exploitation.
7. GLOBAL LOGISTICS, INTERNATIONAL CUSTOMS, AND TAX COMPLIANCE
The cross-border transmission of physical luxury assets necessitates detailed data interactions with global logistical networks, customs infrastructure, and fiscal authorities.
┌────────────────────────────────────────────────────────────────────────┐
│ SUPPLY CHAIN DATA DEPLOYMENT │
└───────────────────────────────────┬────────────────────────────────────┘
│
┌──────────────────────────┴──────────────────────────┐
▼ ▼
┌──────────────┐ ┌──────────────┐
│ Logistics & │ │ Fiscal & Tax │
│ Carriers │ │ Compliance │
└──────┬───────┘ └──────┬───────┘
│ │
├─► DHL Express / FedEx / UPS ├─► VAT / GST Engine
├─► Customs Brokers (Border Clearance) ├─► Import Duty Matrix
└─► Last-Mile Postal Networks └─► Government Audits
7.1 Supply Chain Partner Data Access
To execute physical delivery of purchased goods, Luxeartisanship transfers structural Identity and Contact Information to authorized global shipping lines, freight forwarders, and logistics specialists, including but not limited to DHL Express, FedEx, UPS, and regional last-mile delivery services. The data shared includes:
-
Recipient full legal name.
-
Granular delivery address and digital geolocation indices.
-
Consignee telephone number and email address (to facilitate delivery scheduling, real-time tracking adjustments, and automated SMS arrival notifications).
7.2 Customs Brokers and Cross-Border Regulatory Filings
International shipments traversing borders to destinations such as the European Union, United Kingdom, Switzerland, Canada, Australia, New Zealand, Singapore, Malaysia, Thailand, United Arab Emirates, and Egypt require extensive regulatory declarations.
Luxeartisanship and its contracted customs clearing brokers generate mandatory manifests including item values, Harmonized System (HS) tariff classification codes, and detailed buyer metadata. Where local laws mandate (such as specific import controls in Egypt or the UAE), buyers may be contacted directly by carriers to provide tax identification numbers or customs authorization forms. This processing is performed pursuant to satisfying international trade laws.
7.3 Multi-Jurisdictional Tax and Duty Processing
Pursuant to international tax standards, transaction data is synchronized with automated fiscal compliance matrices to accurately compute, collect, and remit structural taxes:
-
United States: Localized Sales Tax applied across individual municipal, county, and state lines based on delivery addresses.
-
European Union & United Kingdom: Collection of Value Added Tax (VAT) processed in alignment with the EU Import One-Stop Shop (IOSS) framework or standard import VAT models.
-
Canada: Processing of Goods and Services Tax (GST), Harmonized Sales Tax (HST), Provincial Sales Tax (PST), and Quebec Sales Tax (QST).
-
Australia & New Zealand: Systematic calculation of Goods and Services Tax (GST) for low-value and high-value imported assets.
-
Southeast Asia & MENA: Computation of regional GST/VAT models for Singapore, Malaysia, Thailand, and the UAE.
8. INFORMATION SHARING, THIRD-PARTY DISCLOSURE, AND DATA ECOSYSTEMS
Luxeartisanship does not sell, rent, or lease its high-end patron databases to third parties for independent monetization. Data sharing occurs exclusively with vetted service providers who act as Data Processors under strict Data Processing Agreements (DPAs).
8.1 Categorization of Downstream Processors
8.1.1 Marketing and Customer Relationship Management (CRM) Ecosystems
-
Klaviyo, Zoho, Brevo & Mailchimp: Used to operate our core customer communication, email newsletters, and lifestyle segmentations. Profile parameters and historical behavior are mapped within these secured clouds.
-
Customer Support Platforms: Helpdesk and ticketing systems that aggregate emails sent to
care@luxeartisanship.comand coordinate live-chat logs.
8.1.2 Technology and Cloud Infrastructure Providers
-
Shopify Inc.: The foundational e-commerce core hosting the infrastructure, database architectures, and checkout pipelines for
https://global.luxeartisanship.com. -
Cloudflare & Enterprise Content Delivery Networks (CDNs): Used to securely route web traffic, defend against Distributed Denial of Service (DDoS) attacks, and accelerate international page loading speeds.
8.1.3 Behavioral Attribution and Advertising Partners
-
Meta Platforms, Inc., Google LLC Technology Limited, Microsoft Corporation, Pinterest, Inc.: Shared via browser cookie scripts and Server-to-Server APIs (Conversions API) to construct targeted marketing campaigns and calculate advertising performance.
8.2 Compulsory Legal Disclosures and Judicial Demands
Incroyable Solutions LLC may be legally compelled to disclose Personal Data to law enforcement, judicial bodies, regulatory entities, or central government departments if required by valid statutory provisions, court orders, warrants, or subpoenas. Such disclosures are restricted to the precise parameters mandated by the judicial inquiry and are executed only after thorough legal review to confirm the validity of the request.
8.3 Corporate Transactions and Structural Evolution
In the event that Incroyable Solutions LLC undergoes a structural corporate transition—such as a merger, acquisition by an international luxury group, corporate reorganization, asset sale, or structured insolvency proceeding—User Personal Data may be transferred as part of the core corporate assets. The successor entity shall assume the identical obligations and responsibilities outlined within this active Privacy Policy unless explicitly amended with proper notification to the affected Data Subjects.
9. COMPREHENSIVE REGIONAL CONSUMER PRIVACY RIGHTS
This section outlines the specific legal prerogatives available to Data Subjects under various international privacy jurisdictions. Luxeartisanship guarantees the seamless execution of these rights through dedicated engineering workflows.
┌────────────────────────────────────────────────────────────────────────┐
│ GLOBAL PRIVACY RIGHTS MATRIX │
├─────────────────────┬──────────────────────────────────────────────────┤
│ Legal Jurisdiction │ Primary Actionable Prerogatives │
├─────────────────────┼──────────────────────────────────────────────────┤
│ GDPR/UK GDPR/Swiss │ Erasure, Access, Portability, Restriction, Object│
│ CCPA / CPRA (US) │ Opt-Out of Sale/Sharing, Deletion, Correct │
│ PIPEDA (Canada) │ Access, Rectification, Consent Withdrawal │
│ APP / NZPA / PDPA │ Correction, Access, Cease Direct Marketing │
└─────────────────────┴──────────────────────────────────────────────────┘
9.1 European Economic Area (GDPR), United Kingdom (UK GDPR), and Switzerland (FADP)
Data Subjects residing within these territories possess comprehensive statutory rights under Chapter III of the GDPR:
-
Right of Access (Art. 15 GDPR): The right to obtain absolute confirmation as to whether or not your Personal Data is being processed, and to receive a detailed copy of all data held alongside structural processing explanations.
-
Right to Rectification (Art. 16 GDPR): The right to demand the immediate correction of inaccurate or incomplete Personal Data.
-
Right to Erasure / "Right to be Forgotten" (Art. 17 GDPR): The right to secure the deletion of your Personal Data where it is no longer required for the purposes collected, or where processing lacked an overriding lawful basis.
-
Right to Restriction of Processing (Art. 18 GDPR): The right to "freeze" processing behavior under specific legal circumstances (e.g., contesting accuracy or challenging legitimate interest balancing tests).
-
Right to Data Portability (Art. 20 GDPR): The right to receive your personal records in a structured, commonly used, and machine-readable format (JSON or CSV) for transmission to another entity.
-
Right to Object (Art. 21 GDPR): The absolute right to object at any time to the processing of your data for direct marketing purposes, including any automated profiling behaviors.
-
Right to Withdraw Consent: The right to withdraw previously granted consent for data processing at any time without affecting the lawfulness of processing based on consent before its withdrawal.
9.2 United States Privacy Rights (California CCPA/CPRA, and State Regulations)
Pursuant to the California Consumer Privacy Act as amended by the CPRA, and state-level frameworks, citizens of applicable states possess explicit statutory rights:
-
Right to Know / Access: The right to request disclosure of the specific categories and pieces of Personal Information collected, the commercial purposes for collection, and the categories of third parties with whom data is shared.
-
Right to Correction: The right to request the rectification of inaccurate personal profiles retained within our corporate databases.
-
Right to Delete: The right to request the erasure of Personal Information collected directly from the Consumer, subject to statutory business retention exceptions (e.g., active warranties, tax compliance).
-
Right to Opt-Out of the Sale or Sharing of Personal Information: Luxeartisanship does not "sell" information in exchange for traditional monetary compensation. However, our use of cross-contextual behavioral tracking pixels (Meta, Google, TikTok) may be classified as "sharing" or "selling" under broad US state definitions. Consumers have the absolute right to opt out of these activities by executing a GPC signal or utilizing our opt-out options.
-
Right to Limit the Use of Sensitive Personal Information: Luxeartisanship does not collect or process Sensitive Personal Information for the purpose of inferring specific characteristics about Consumers.
-
Right of Non-Discrimination: The strict prohibition of any discriminatory corporate actions (such as altering pricing tiers, denying access, or reducing service fidelity) for exercising your privacy rights.
9.3 Canadian Privacy Rights (PIPEDA and Provincial Frameworks)
Canadian patrons possess the right to access and challenge the accuracy and completeness of their Personal Information held by Incroyable Solutions LLC. Consent may be withdrawn at any time regarding the utilization of data for discretionary brand marketing, subject to legal or contractual restrictions and reasonable notice.
9.4 Australian and New Zealand Privacy Rights (APP & NZPA)
Under the Australian Privacy Principles and the New Zealand Privacy Act 2020, individuals have the right to request access to their personal records, seek prompt correction of errors, and file formal complaints regarding potential breaches of local privacy principles by contacting our Privacy Office directly or escalating to the Office of the Australian Information Commissioner (OAIC) or the New Zealand Privacy Commissioner.
9.5 Southeast Asian (Singapore, Malaysia, Thailand PDPA) and Middle Eastern (UAE, Egypt) Rights
Data subjects across Singapore, Malaysia, Thailand, the UAE, and Egypt retain structural rights to prevent unauthorized processing, demand data deletion when contracts conclude, request structural correction, and block unsolicited promotional communication streams.
9.6 Protocol for Exercising Data Rights
To formally execute any of the international privacy rights outlined above, please submit a verified request to our global data response team via:
-
Electronic Mail: care@luxeartisanship.com
-
Corporate Telephone Hotline: +1 (855) 510-6788
Identity Verification Requirements
To preserve data security and prevent unauthorized access or corporate espionage, Luxeartisanship enforces a strict identity verification protocol. Upon receiving a data deletion, access, or portability request, we will require the applicant to verify their identity by providing documentation matching the historical records on file (such as responding from the authentic account email, verifying recent order numbers, or providing basic non-sensitive identifier confirmations).
Requests submitted via authorized agents will be delayed until explicit, written power-of-attorney documentation or direct consumer verification is successfully provided. We resolve valid requests within thirty (30) calendar days from receipt, unless regional legislation mandates a tighter timeframe or a complex request warrants an authorized extension.
10. CROSS-BORDER DATA TRANSFERS AND GLOBAL SAFEGUARDS
Incroyable Solutions LLC operates a highly integrated global architecture. Personal Data collected from Data Subjects is frequently transferred across borders, notably to servers located within the United States (where our corporate address is established at 16192 Coastal Highway, Lewes, Delaware 19958), Canada (where Shopify's main data array links operate), and various international cloud routing zones.
┌────────────────────────────────────────────────────────────────────────┐
│ CROSS-BORDER SAFEGUARD MATRIX │
├───────────────────────┬────────────────────────────────────────────────┤
│ Source Jurisdiction │ Implemented Compliance Safeguard │
├───────────────────────┼────────────────────────────────────────────────┤
│ European Union (EEA) │ Standard Contractual Clauses (SCCs) Art. 46 │
│ United Kingdom (UK) │ UK International Data Transfer Addendum (IDTA) │
│ Switzerland │ Swiss Addendum to the Standard Contractual Cl. │
│ Restrictive Regions │ Explicit Consent, Strict Encryption Enclaves │
└───────────────────────┴────────────────────────────────────────────────┘
10.1 European Union Standard Contractual Clauses (SCCs)
For transfers of Personal Data originating from the EEA to destinations outside the EEA that are not recognized as providing an adequate level of protection by the European Commission, AIncroyable Solutions LLC systematically executes and relies upon the Standard Contractual Clauses (SCCs) approved by the European Commission pursuant to Commission Implementing Decision (EU) 2021/914. These clauses bind our corporate entities and downstream vendors to maintain identical data security thresholds as those mandated within the European Union.
10.2 United Kingdom and Swiss Adequacy Safeguards
Transfers originating from the United Kingdom utilize the International Data Transfer Addendum (IDTA) issued by the Information Commissioner’s Office (ICO) under Section 119A of the Data Protection Act 2018. Transfers originating from Switzerland comply with the revised FADP, integrating the Swiss Addendum to the European Commission SCCs to account for Swiss federal data protection oversight.
10.3 Supplementary Technical and Organizational Protections
In addition to executing contractual arrangements, Luxeartisanship implements supplementary technical safeguards when transferring data across borders. This includes enforcing end-to-end Transport Layer Security (TLS) encryption, utilizing pseudonymization frameworks for analytics streams, and restricting employee data-access authorizations to ensure that personnel handling high-value patron files operate under strict confidentiality agreements.
11. DATA RETENTION STRATEGY AND ERASURE PROTOCOLS
Luxeartisanship maintains a strict data retention strategy designed to limit data storage to the minimum timeframe required to fulfill the operational, legal, and transactional purposes for which it was originally captured.
11.1 Retention Schedule Architecture
-
Transactional Profiles & Purchase Histories: Retained for a mandatory duration of seven (7) to ten (10) years post-transaction, depending on the requirements of the internal revenue services and corporate tax frameworks of the United States, United Kingdom, European Union, and relevant regional trade zones. This data serves as legal audit trails for tax collection, custom clearance validation, and corporate financial accounting.
-
Active Consumer Accounts: Retained for the duration that the account remains active. If a client profile shows no interaction, log-in activity, or purchase footprint for a continuous period of five (5) years, the account is flagged for automated lifecycle deprecation and its contents are securely anonymized or permanently erased.
-
Marketing Profiles and Direct Messaging Consents: Retained via Klaviyo, Brevo, Zoho and Mailchimp for as long as the User remains actively engaged with our digital communication streams. If a user unsubscribes or registers zero engagement (opens/clicks) over a consecutive twelve (12) month period, their contact information is moved to a suppression list to honor their communication preferences and limit data exposure.
-
Technical Telemetry, Clickstreams, and Server Logs: Retained within analytics pipelines (GA4, Microsoft Clarity, Cloudflare) for a restricted timeframe typically ranging between thirty (30) days and fourteen (14) months, after which data is aggregated into anonymous behavioral metrics and the underlying granular IP logs are purged.
11.2 Secure Erasure and De-identification Procedures
Once a retention window closes or a valid erasure request under Section 9 is verified, data undergoes systematic destruction. Electronic files are removed using modern overwriting and database deletion commands that prevent recovery.
Where physical documentation exists (such as historical customs declarations or paper manifest invoices), it is securely shredded using certified document destruction vendors. In cases where total erasure is technically unfeasible due to complex immutable database log dependencies, the data is permanently de-identified and anonymized, ensuring that all unique identifiers are irreversibly decoupled so that the data can never again be reconstituted to map to a natural person.
12. ENTERPRISE DATA SECURITY AND INFRASTRUCTURE DEFENSE
The preservation of confidentiality, integrity, and availability of our patrons' information is a foundational requirement for Luxeartisanship. Incroyable Solutions LLC employs advanced security practices aligned with international security frameworks.
12.1 Cryptographic Deployments and Network Defense
-
Data in Transit: All traffic flowing between Users and the Platform is encrypted using state-of-the-art Hypertext Transfer Protocol Secure (HTTPS) over Transport Layer Security (TLS 1.3 or TLS 1.2 protocols).
-
Data at Rest: All personal files stored within our Shopify databases, cloud data warehouses, and peripheral email platforms are protected by advanced cryptographic standards (AES-256 bit encryption models).
-
Perimeter Firewalls & DDoS Defenses: Utilizing top-tier enterprise web application firewalls (WAF) and advanced edge routing technologies to monitor incoming packet traffic, neutralize malicious injections, and defend against unauthorized access attempts.
12.2 Access Control and Operational Security
-
Role-Based Access Control (RBAC): Internal corporate access to customer data environments is strictly restricted based on the principle of least privilege. Only certified support agents, compliance officers, and fulfillment engineers are granted targeted access to the specific data segments required to execute their job functions.
-
Multi-Factor Authentication (MFA): Every internal corporate account, Shopify administrative panel, cloud storage console, and marketing matrix operated by Incroyable Solutions LLC mandates secure Multi-Factor Authentication protocols for entry.
-
Continuous Vulnerability Management: Our digital infrastructure is subject to automated security scanning, regular software patch cycles, and periodic penetration testing conducted by independent cybersecurity firms.
12.3 Data Breach Incident Response Protocol
In the event of a catastrophic security incident resulting in the unauthorized alteration, loss, destruction, disclosure of, or access to Personal Data, Incroyable Solutions LLC operates a formal Incident Response Plan.
If a breach poses a high risk to the rights and freedoms of individuals, we will notify the competent Data Protection Authorities (such as the European Data Protection Board, the UK Information Commissioner's Office, or state Attorneys General) within seventy-two (72) hours of discovery, in compliance with Article 33 of the GDPR. Impacted Data Subjects will be notified without undue delay via direct electronic mail communications, providing clear descriptions of the nature of the breach, the potential consequences, and the exact mitigating steps taken by the company.
13. CHILDREN'S PRIVACY AND MINOR PROTECTIONS
Luxeartisanship curates high-value artisanal luxury products intended exclusively for purchase and use by adult consumers. The Platform is not structured, designed, or directed to attract children, and we do not knowingly or intentionally solicit, capture, or process Personal Data from minors under the age of majority.
13.1 Age Thresholds and Verification Vectors
-
European Union and United Kingdom: Processing is restricted to individuals aged sixteen (16) years or older, unless localized member state laws permit lower thresholds (not below 13 years).
-
United States (COPPA/CCPA): Processing is prohibited for children under the age of thirteen (13) without verifiable parental consent. For consumers between 13 and 16 years of age, explicit opt-in consent is required under CCPA/CPRA for data sharing and behavioral marketing configurations.
-
International Jurisdictions: We adhere to the prevailing minor protection statutes established within individual sovereign markets.
13.2 Remediation of Unauthorized Minor Data Collection
If the Enterprise Privacy Office discovers, or is formally notified by a parent or legal guardian, that an individual below the legal age thresholds has bypassed security measures and established an account or submitted Personal Data to the Platform, we will execute immediate mitigation steps. The minor's account will be permanently deactivated, all associated data strings will be removed from active databases, and we will purge the information from our records, except where retention is mandated by binding statutory laws.
14. THIRD-PARTY DEPLOYMENTS, DIGITAL PLATFORMS, AND SOCIAL INTEGRATIONS
The Platform contains embedded links, application plug-ins, and active integrations with third-party digital networks. These independent platforms operate outside the control, monitoring, and legal responsibility of Incroyable Solutions LLC.
14.1 Social Commerce Ecosystems (Meta, Instagram Shops)
Luxeartisanship leverages advanced native social commerce portals, including Facebook Shops, Instagram and Shops, to display curated inventory within social media networks. When a User interacts with our brand catalogs inside these third-party applications, the underlying data processing behavior is co-governed by the privacy directives of the respective platform operators (Meta Platforms, Inc. Technology Limited). We advise patrons to review the privacy governance declarations of those respective companies before executing purchases through social commerce layers.
14.2 External Digital Assets and Embedded Applications
Our website may include hyperlinks to external visual portfolios, artisan studio features, luxury publication profiles, and independent third-party applications. Clicking on these links allows third parties to capture or share data regarding your session parameters. We do not endorse, oversee, or accept liability for the privacy methodologies, data security architectures, or tracking behaviors deployed by external web domains.
15. METHODOLOGY FOR POLICY UPDATES AND MATURATION
As the international legal landscape evolves, and as our technological frameworks and global e-commerce systems adapt, this Privacy Policy will undergo periodic review and structural updates.
15.1 Revision Notification Mechanisms
Incroyable Solutions LLC reserves the right to modify, amend, or rewrite this Directive at its absolute discretion. When material changes are executed that alter how we process, store, or share Personal Data, or if such modifications reduce the privacy protections afforded to Consumers, we will post a prominent notice on the homepage of the Platform and update the "Effective Date" at the top of this document.
Where required by applicable data protection laws, we will directly notify registered users via their primary electronic mail address on file, providing an option to review the updated text.
15.2 Active Review Posture
We encourage all patrons and visitors to regularly review this page to remain informed of our ongoing data protection practices. Continued interaction with the Platform, utilization of our customer support channels, or execution of new product purchases following the publication of an updated version constitutes acknowledgement of the amended terms.
16. DATA PROTECTION REQUESTS AND CORPORATE CONTACT
For inquiries, clarifications, or formal legal requests regarding this Privacy Policy, our cross-border data transfer safeguards, or to exercise your global privacy rights, please contact our Enterprise Privacy Office.
16.1 Dedicated Corporate Contact Points
-
Operating Legal Entity: Incroyable Solutions LLC
-
Brand Designation: Luxeartisanship
-
Corporate Privacy Office Email: care@luxeartisanship.com
-
Corporate Telephone Line: +1 (855) 510-6788
-
Registered Business Address: 16192 Coastal Highway, Lewes, Delaware 19958, United States.
16.2 Supervisory and Regulatory Escalation Rights
If you reside within the European Union, the United Kingdom, Switzerland, or another jurisdiction with a dedicated data protection authority, and you believe that Incroyable Solutions LLC has failed to resolve a data processing dispute or has operated in violation of applicable data protection statutes, you possess the right to lodge a formal complaint with your local supervisory authority.
-
In the European Union: You may escalate to your national Data Protection Authority (DPA) within the member state of your habitual residence, place of work, or place of the alleged infringement.
-
In the United Kingdom: You may contact the Information Commissioner’s Office (ICO) via
https://ico.org.uk. -
In Switzerland: You may contact the Federal Data Protection and Information Commissioner (FDPIC) via
https://www.edoeb.admin.ch.
17. FINAL LEGAL DISCLAIMER AND CONTEXTUAL RECONCILIATION
This Privacy Policy forms an integral component of the contract governing the use of the Platform, alongside our official Terms of Service, Shipping Directives, and Return Frameworks.
17.1 Statutory Severability and Enforcement
If any individual section, subsection, clause, or specific provision of this Privacy Policy is deemed unlawful, void, or legally unenforceable by a court of competent jurisdiction or a regulatory tribunal possessing valid authority, such individual provision shall be severed from the document. The remaining components, headings, and legal mandates of this Policy shall remain in full force and effect.
17.2 Precedence of Mandatory Regional Protections
Nothing within this Directive is designed to limit or waive any non-waivable statutory rights available to Consumers under local consumer protection laws. In the event of a conflict between the generalized legal terminology utilized in this Policy and a mandatory, non-waivable provision of an individual consumer's local data protection statute, the mandatory regional law shall take precedence.
