Home Privacy Policy

Privacy Policy

by Chloe

Content

This Privacy Policy describes how personal data from users visiting the website madeinmexico.nyc is processed, in accordance with U.S. federal and state laws, including the California Consumer Privacy Act (CCPA), the California Online Privacy Protection Act (CalOPPA), and the New York SHIELD Act (Stop Hacks and Improve Electronic Data Security Act). For EU residents, we also comply with the General Data Protection Regulation (GDPR) where relevant.

Data Controller
The data controller is the owner of the website madeinmexico.nyc. To contact the data controller, please write to [email protected].

Collected Data
We collect the following types of data:

  • Navigation Data: Information automatically collected during browsing, such as IP address, browser type, operating system, visited pages, and access time. This data is collected via cookies and similar technologies (see our Cookie Policy).
  • Voluntarily Provided Data: Information that the user provides to us, for example, through contact forms or assistance requests (name, email, etc.).

Purpose of Processing
Personal data is processed for the following purposes:

  • Ensuring the proper functioning of the website and improving the user experience.
  • Analyzing website usage in an anonymous and aggregated form (e.g., via analytical cookies).
  • Responding to requests for information or assistance.
  • Fulfilling legal or regulatory obligations, including compliance with the New York SHIELD Act for data security.

Legal Basis for Processing
The processing of data is based on:

  • User consent (e.g., for non-essential cookies).
  • Performance of a contract or pre-contractual measures (e.g., to respond to a request).
  • The data controller’s legitimate interest (e.g., for website security).
  • Legal obligations (e.g., retention of data for tax, security, or compliance purposes under the SHIELD Act).

Recipients of Data
Data may be shared with:

  • Technical service providers, such as Cloudflare, for DNS management and website security.
  • Relevant authorities in case of legal obligations, such as data breach notifications required by the New York SHIELD Act.

Data Transfer Abroad
Data may be transferred outside the United States (e.g., to Cloudflare, which operates globally). We ensure that such transfers comply with applicable U.S. laws, including the CCPA, and for EU residents, GDPR requirements, using appropriate safeguards such as standard contractual clauses.

Retention Period
Navigation data is retained for a maximum of 12 months unless otherwise required by law. Voluntarily provided data is retained for as long as necessary to fulfill the user’s request or to comply with legal obligations, including those under the New York SHIELD Act.

User Rights
Users have the right:

  • To access their personal data.
  • To request correction or deletion of data.
  • To object to processing or request restriction of processing.
  • To withdraw consent at any time (without affecting the lawfulness of prior processing).
  • To file a complaint with a supervisory authority (e.g., the New York Attorney General for SHIELD Act-related issues, the California Attorney General for CCPA-related issues, or a relevant EU data protection authority for GDPR).

For California residents, under the CCPA, you also have the right to know what personal data is collected, to request deletion of personal data (subject to certain exceptions), and to opt-out of the sale of personal data. New York residents are protected under the SHIELD Act, which requires us to implement reasonable security measures and notify users of data breaches involving personal information. To exercise your rights, contact us at [email protected].

Security Measures
We implement appropriate technical and organizational measures to protect personal data, such as the use of secure protocols (HTTPS) and collaboration with reliable providers like Cloudflare, in compliance with the New York SHIELD Act’s data security requirements.

Updates
This Privacy Policy may be updated periodically. The current version was published on May 29, 2025.