Privacy Policy - Complete Terms

Last updated: 01 August 2025

1. WHO WE ARE AND CONTACT INFORMATION

This Privacy Policy applies to personal data processed by Price Heys GmbH (Commercial Register: CH-100.4.816.454-9), operating as "Brix + Bailey", with registered office in Zug, Switzerland.

Data Controller: Price Heys GmbH
Contact: mail@brixbailey.com
Data Protection Officer: mail@brixbailey.com

2. INFORMATION WE COLLECT (COMPREHENSIVE COLLECTION)

2.1 Information You Provide Directly

  • Account registration information (name, email, password, phone number)
  • Profile information and preferences
  • Payment information (processed by third-party processors)
  • Shipping and billing addresses
  • Communications with us (emails, chat, reviews, support requests)
  • User-generated content (reviews, comments, photos, videos)
  • Survey responses and feedback
  • Contest and promotion entries
  • Any other information you choose to provide

2.2 Information Collected Automatically

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages visited, time spent, clicks, scrolls, purchases, search queries
  • Location Data: Approximate location based on IP address, precise location if permitted
  • Cookies and Tracking: Detailed tracking via cookies, pixels, beacons, and similar technologies
  • Analytics Data: User behavior, preferences, and interaction patterns
  • Performance Data: Site performance, error logs, technical diagnostics

2.3 Information from Third Parties

  • Social media platforms (when you connect accounts)
  • Payment processors and financial institutions
  • Shipping and logistics partners
  • Marketing and advertising partners
  • Data brokers and analytics providers
  • Public databases and records
  • Other users (when they refer you or mention you)

2.4 Inferences and Profiles

We create detailed profiles about you including:

  • Purchasing preferences and behavior
  • Demographic and psychographic characteristics
  • Interests and lifestyle information
  • Creditworthiness and fraud risk assessments
  • Marketing segments and targeting profiles

3. HOW WE USE YOUR INFORMATION (BROAD BUSINESS PURPOSES)

3.1 Core Business Operations

  • Processing orders and transactions
  • Account management and customer service
  • Payment processing and fraud prevention
  • Shipping and delivery coordination
  • Returns and refunds processing
  • Marketplace seller coordination

3.2 Business Enhancement and Protection

  • Marketing and Advertising: Direct marketing, targeted advertising, promotional campaigns
  • Analytics and Insights: User behavior analysis, business intelligence, performance optimization
  • Personalization: Customized recommendations, tailored content, personalized experiences
  • Security and Fraud Prevention: Account security, transaction monitoring, risk assessment
  • Legal Compliance: Tax obligations, regulatory reporting, law enforcement cooperation
  • Business Protection: Enforcing terms, investigating violations, protecting intellectual property

3.3 Advanced Data Uses

  • Machine learning and artificial intelligence development
  • Predictive modeling and behavioral analysis
  • Market research and competitive analysis
  • New product and service development
  • Business strategy and planning
  • Merger, acquisition, or sale preparation

4. LEGAL BASIS FOR PROCESSING (MAXIMUM PERMITTED)

We process personal data based on:

4.1 Contract Performance

  • Order fulfillment and transaction processing
  • Account management and customer service
  • Payment processing and shipping

4.2 Legitimate Interests (Broad Interpretation)

  • Business Operations: Marketing, analytics, personalization, fraud prevention
  • Security: Protecting our business, users, and platform integrity
  • Innovation: Developing new products, services, and features
  • Commercial Interests: Revenue optimization, cost reduction, competitive advantage

4.3 Legal Compliance

  • Tax and accounting obligations
  • Regulatory reporting requirements
  • Law enforcement cooperation
  • Court orders and legal processes

4.4 Consent (When Required)

  • Marketing communications (where required by law)
  • Cookies and tracking (where required by law)
  • Sensitive data processing (where required by law)

Note: We interpret "legitimate interests" broadly to cover all business activities that benefit our operations, subject only to mandatory legal limitations.

5. HOW WE SHARE YOUR INFORMATION (EXTENSIVE SHARING)

5.1 Service Providers and Partners

  • Payment Processors: For transaction processing and fraud prevention
  • Shipping Partners: For delivery and logistics
  • Technology Providers: Cloud hosting, analytics, customer service platforms
  • Marketing Partners: Advertising networks, email providers, social media platforms
  • Professional Services: Legal, accounting, consulting, and audit firms

5.2 Marketplace Participants

  • Sellers: Order information, customer details necessary for fulfillment
  • Dropshipping Partners: Customer and order information for fulfillment
  • Other Users: Public profiles, reviews, and interactions

5.3 Business Purposes

  • Corporate Transactions: Mergers, acquisitions, sales, restructuring
  • Investors and Lenders: Due diligence and business evaluation
  • Subsidiaries and Affiliates: Internal business operations and coordination

5.4 Legal and Regulatory

  • Government Authorities: Tax agencies, customs, regulatory bodies
  • Law Enforcement: Criminal investigations, court orders, legal processes
  • Legal Proceedings: Litigation, arbitration, regulatory proceedings

5.5 Other Sharing

  • Public Information: Reviews, comments, and other public content
  • Aggregated Data: De-identified analytics and insights
  • Business Protection: Fraud prevention, security, terms enforcement

6. INTERNATIONAL DATA TRANSFERS (GLOBAL OPERATIONS)

6.1 Transfer Necessity

We transfer personal data internationally as necessary for our global business operations, including to countries that may not provide equivalent data protection.

6.2 Transfer Safeguards

EU/EEA/UK Data: Transferred using appropriate safeguards as required by GDPR/UK GDPR:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions where available
  • Certification schemes where applicable

US Data: Transferred as permitted by applicable state privacy laws

Other Jurisdictions: Transferred with safeguards as required by local law

6.3 Business Necessity Override

Where business operations require international transfers, we prioritize business needs while implementing minimum required safeguards.

7. DATA RETENTION (EXTENDED PERIODS)

7.1 Retention Periods

We retain personal data for as long as necessary for business purposes or as required by law:

  • Account Data: Duration of account plus 7 years after closure
  • Transaction Data: 10 years for accounting and tax purposes
  • Marketing Data: Until you opt out plus 3 years
  • Support Communications: 5 years after last contact
  • Legal Data: Duration of legal proceedings plus 10 years
  • Security Data: 7 years for fraud prevention and security
  • Analytics Data: Indefinitely in anonymized form

7.2 Extended Retention

We may retain data longer when:

  • Required for ongoing legal proceedings
  • Necessary for business protection or dispute resolution
  • Needed for compliance with regulatory requirements
  • Beneficial for business operations and legitimate interests

7.3 Anonymization

We may anonymize personal data and retain it indefinitely for business purposes.

8. YOUR PRIVACY RIGHTS (MINIMUM REQUIRED ONLY)

8.1 EU/EEA/UK Rights (GDPR/UK GDPR)

Where required by law, you have rights to:

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate information
  • Erasure: Request deletion in limited circumstances
  • Restriction: Limit processing in specific situations
  • Portability: Receive data in structured format
  • Object: Opt out of certain processing
  • Withdraw Consent: For consent-based processing

Limitations: These rights are subject to business needs, legal requirements, and technical limitations.

8.2 US Privacy Rights

California (CCPA/CPRA):

  • Right to know categories and sources of personal information
  • Right to delete personal information (with exceptions)
  • Right to correct inaccurate information
  • Right to opt out of sale/sharing (limited definition)
  • Right to limit sensitive personal information use
  • Right to non-discrimination

Other US States: Rights as required by applicable state privacy laws

8.3 Other Jurisdictions

Privacy rights as required by applicable local law only.

8.4 Exercising Rights

Contact: mail@brixbailey.com with subject "Privacy Rights Request"

Verification: We require identity verification before processing requests

Processing Time: Up to 30 days (extendable as permitted by law)

Limitations: Rights are subject to:

  • Business operation requirements
  • Legal compliance obligations
  • Technical feasibility constraints
  • Third-party rights and obligations
  • Security and fraud prevention needs

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Types of Cookies We Use

  • Essential Cookies: Required for site functionality
  • Performance Cookies: Analytics and site optimization
  • Functionality Cookies: Enhanced features and personalization
  • Targeting Cookies: Advertising and marketing
  • Third-Party Cookies: Partner and service provider cookies

9.2 Cookie Purposes

  • User authentication and account management
  • Shopping cart and checkout functionality
  • Site performance monitoring and optimization
  • User behavior analytics and insights
  • Personalized content and recommendations
  • Targeted advertising and marketing campaigns
  • Fraud prevention and security
  • A/B testing and feature development

9.3 Cookie Management

EU/UK Users: Cookie consent as required by ePrivacy regulations Other Users: Cookie notification and opt-out options as required by local law

Browser Controls: You can control cookies through browser settings, but this may limit site functionality.

9.4 Third-Party Tracking

We use third-party tracking technologies from:

  • Google Analytics and Google Ads
  • Facebook/Meta Pixel
  • Other advertising and analytics partners

10. SECURITY MEASURES (REASONABLE EFFORTS ONLY)

10.1 Technical Safeguards

We implement reasonable technical measures including:

  • Encryption for data transmission and storage
  • Access controls and authentication systems
  • Regular security assessments and updates
  • Monitoring and incident response procedures

10.2 Organizational Safeguards

  • Staff training on data protection
  • Vendor security requirements
  • Regular policy reviews and updates
  • Incident response procedures

10.3 Security Limitations

NO GUARANTEE: We cannot guarantee absolute security. You acknowledge that:

  • Internet transmission involves inherent risks
  • No security system is completely secure
  • You use our services at your own risk
  • We are not liable for security breaches beyond our reasonable control

11. CHILDREN'S PRIVACY

11.1 Age Restrictions

  • US: We do not knowingly collect information from children under 13 (COPPA compliance)
  • EU/UK: We do not knowingly process data of children under 16 without parental consent
  • Other Jurisdictions: We comply with applicable local age restrictions

11.2 Parental Controls

If you believe we have collected information from a child improperly, contact us immediately for removal.

12. PRIVACY POLICY CHANGES

12.1 Modification Rights

We may update this Privacy Policy at any time to reflect:

  • Changes in business practices
  • Legal or regulatory requirements
  • New features or services
  • Enhanced data uses or sharing

12.2 Notice of Changes

Material Changes: We will provide notice as required by applicable law:

  • EU/UK: 30 days advance notice for significant changes
  • US: Notice as required by applicable state law
  • Other: As required by local law

Continued Use: Continued use of our services after changes constitutes acceptance.

12.3 Change Interpretation

Changes will be interpreted to maximize our business flexibility while maintaining legal compliance.

13. JURISDICTION-SPECIFIC PROVISIONS

13.1 European Union/EEA

  • Lawful Basis: As outlined in Article 6 GDPR
  • Data Subject Rights: As required by GDPR Articles 15-22
  • Cross-Border Transfers: Articles 44-49 GDPR compliance
  • Supervisory Authority: You may lodge complaints with your local data protection authority

13.2 United Kingdom

  • UK GDPR Compliance: Equivalent protections to EU GDPR
  • ICO Complaints: Information Commissioner's Office complaints procedure available
  • Brexit Considerations: UK adequacy decision and transfer mechanisms

13.3 United States

California:

  • CCPA/CPRA Compliance: Categories of personal information, business purposes, third-party sharing
  • Sale/Sharing: We may "sell" or "share" personal information for advertising purposes
  • Sensitive Information: We may process sensitive personal information for business purposes

Other States: Compliance with Virginia CDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, and other applicable state privacy laws

13.4 Switzerland

  • Swiss FDPA Compliance: Federal Data Protection Act requirements
  • Cross-Border Transfers: Adequate protection or appropriate safeguards

14. BUSINESS CONTACT INFORMATION

Data Controller: Price Heys GmbH
Registration: CH-100.4.816.454-9
Address: Zug, Switzerland
Email: mail@brixbailey.com
Business Hours: Monday-Friday, 9:00-17:00 CET

Privacy Inquiries: mail@brixbailey.com (Subject: "Privacy Request")
Data Protection Officer: mail@brixbailey.com (Subject: "DPO Contact")

Last Updated: This Privacy Policy was last updated on 01 August 2025. Previous versions are available upon request.

Effective Date: This Privacy Policy is effective immediately for new users and 30 days after posting for existing users (where notice is required by law).

This Privacy Policy is designed to provide maximum business flexibility while maintaining compliance with applicable privacy laws. We reserve the right to interpret provisions in favor of business operations to the fullest extent permitted by law.