Privacy policy

PRIVACY STATEMENT

Last updated: December 10, 2025

SECTION 1 - WHAT DO WE DO WITH YOUR INFORMATION?

When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address.

When you browse our store, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.

Email marketing (if applicable): With your permission, we may send you emails about our store, new products, special offers, and other updates.

SMS marketing (if applicable): With your explicit consent, we may send you SMS text messages about our store, products, and offers. Message and data rates may apply. You can opt out of SMS marketing at any time by following the opt-out instructions in the SMS (for example, replying STOP or similar, depending on the provider’s instructions).
SMS originator opt-in data and consent is never sold or shared with third parties for their own marketing purposes.

SECTION 2 - CONSENT

How do you get my consent?

When you provide us with personal information to complete a transaction, verify your credit card, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your express consent, or provide you with an opportunity to say no.

How do I withdraw my consent?

If after you opt in, you change your mind, you may withdraw your consent for us to contact you, and for the continued collection, use or disclosure of your information, at any time, by contacting us at support@bootsnbagsheaven.com or mailing us at:

Or Paz
Or Paz Internet Marketing LTD
Gefen 5, Kfar Daniel, IL 73125, Israel

You can also:

  • Unsubscribe from email marketing by clicking the “unsubscribe” link in any marketing email.
  • Opt out of SMS marketing by following the opt-out instructions included in any SMS message.

SECTION 3 - DISCLOSURE

We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

We may also disclose or transfer your information in connection with a merger, acquisition, restructuring, sale of assets, or similar corporate transaction, in which case your personal information may be transferred to the new owner as part of the business assets.

SECTION 4 - SHOPIFY

Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

Payment:

If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.

For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

SECTION 5 - THIRD-PARTY SERVICES

Third-party service providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways, analytics platforms, and advertising platforms, have their own privacy policies regarding the information we are required to provide to them.

Examples include:

  • Shopify (store hosting and checkout processing)
  • Payment processors (PayPal, Stripe, Shopify Payments, etc.)
  • Meta (Facebook) Pixel
  • Google Analytics and Google Ads
  • Klaviyo email marketing
  • SMS marketing platforms
  • Shipping carriers and logistics providers

We recommend you review their privacy policies to better understand how they handle your personal information.

Links

When you click on links on our store, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

SECTION 6 - SECURITY

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, it is encrypted using SSL and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional industry standards.

SECTION 7 - COOKIES

We use cookies to enable core site functionalities, improve user experience, analyze traffic, and support personalized marketing.

Shopify Cookies include:

  • _session_id
  • _shopify_visit
  • _shopify_uniq
  • cart
  • _secure_session_id
  • storefront_digest

Additional tracking technologies include:

  • Meta (Facebook) Pixel
  • Google Analytics & Google Ads
  • Klaviyo
  • SMS marketing tracking tools

These technologies help us:

  • Analyze website traffic and performance
  • Improve user experience and site functionality
  • Measure and optimize advertising campaigns
  • Provide personalized product recommendations

Most browsers allow you to block or delete cookies. However, doing so may affect some site functionality.

SECTION 8 - AGE OF CONSENT

By using this site, you confirm that you are at least the age of majority in your jurisdiction, or you are the age of majority and have given your consent for any of your minor dependents to use this site.

We do not knowingly collect, use, or disclose personal information from children under the age of 16 in the EU/UK without parental consent.

SECTION 9 - CHANGES TO THIS PRIVACY POLICY

We reserve the right to modify this privacy policy at any time. Changes take effect immediately upon posting.

QUESTIONS & CONTACT INFORMATION

To request access, correction, amendment, deletion, or to exercise any privacy-related rights, contact:

Email: support@bootsnbagsheaven.com
Address: Or Paz Internet Marketing LTD, Gefen 5, Kfar Daniel, Israel 73125

The Boots N Bags Heaven brand is officially owned by Or Paz Internet Marketing LTD.

WHERE WE STORE AND PROCESS YOUR INFORMATION

Your information may be stored or processed in Israel, the European Economic Area (EEA), the United States, or other jurisdictions where our service providers operate. We rely on contractual safeguards, encryption, and secure systems to protect international data transfers.

DATA RETENTION

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, including legal, accounting, tax, fraud-prevention, and operational requirements. When information is no longer needed, we securely delete or anonymize it.

IF YOU DO NOT WANT US TO CONTACT YOU FOR MARKETING

You may opt out of:

  • Email marketing by clicking “unsubscribe” in any email.
  • SMS marketing by following the opt-out instructions in any SMS message.
  • Targeted advertising by visiting our opt-out page below.

GUEST CHECKOUT

If you use guest checkout instead of creating an account, this Privacy Policy still applies to the information you provide.

YOUR ACCESS TO INFORMATION & GENERAL RIGHTS

You may request access to the personal information we hold about you, request corrections, or request deletion (subject to legal exceptions). We may require identity verification before fulfilling such requests.

ADDITIONAL NOTICE FOR CALIFORNIA RESIDENTS (CCPA/CPRA)

California residents have additional rights regarding their personal information.

Categories of Personal Information We Collect

  • Identifiers (name, IP address, email, device ID)
  • Customer records (billing/shipping info)
  • Commercial information (products viewed, purchase history)
  • Internet activity (pages viewed, ads clicked, referring URLs)
  • Approximate geolocation (IP-based)
  • Inferences (preferences, interests)

Sale or Sharing of Personal Information

We do not sell personal information for money. However, we may share personal information for cross-context behavioral advertising using:

  • Meta (Facebook) Pixel
  • Google Analytics
  • Google Ads
  • Klaviyo
  • SMS marketing tools

California residents may opt out at any time using this link:
Do Not Sell or Share My Personal Information

California Rights Under CCPA/CPRA

  • Right to know
  • Right to access
  • Right to delete
  • Right to correct
  • Right to opt out of sale or sharing
  • Right to limit use of sensitive personal information (we do not collect sensitive categories beyond what is necessary for transactions)
  • Right to non-discrimination

Verification of Requests

Before fulfilling a request, we may require verification of your identity. Verification may include confirming your email address, order details, or other information relevant to your interactions with us. Authorized agents may be required to submit proof of authorization.

California “Shine the Light” Law

We do not disclose personal information to third parties for their own direct marketing purposes without your explicit consent.

NO INTERCEPTION OF COMMUNICATIONS (CIPA STATEMENT)

We do not monitor, record, intercept, or access the contents of private communications, keystrokes, or form fields prior to submission. Data collected through cookies and analytics is limited to aggregated insights and standard website functionality.

AUTOMATED DECISION-MAKING

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals.

ADDITIONAL RIGHTS FOR EU/UK RESIDENTS (GDPR)

EU and UK residents have additional data protection rights.

Legal Bases for Processing under GDPR

  • Performance of a contract
  • Legitimate interests
  • Consent (email/SMS marketing, certain cookies)
  • Legal obligations

GDPR Rights

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to object to processing
  • Right to data portability
  • Right to withdraw consent
  • Right to lodge a complaint

To exercise GDPR rights, contact support@bootsnbagsheaven.com.