Privacy Policy

This Privacy Policy describes how and when Pagan Business Network collects, uses and shares information when a customer purchases from, contacts or otherwise uses Pagan Business Network’s services through any selling platforms or related sites or services.
This Privacy Policy does not apply to the practices of third parties that Pagan Business Network does not control, including Etsy, Amazon, Ebay or any third party services accessed through our sites and the sites of the platforms we use.  The customer can reference the Privacy Policy of third parties to learn more about their privacy practices.
To fulfill an order, a customer must provide certain information (which the customer authorizes) such as name, email address, postal address, payment information and the details of the product ordered.  The customer may also choose to provide additional personal information if they contact Pagan Business Network directly.
Pagan Business Network relies on a number of legal bases to collect, use, and share information, including:
• As needed to provide services, such as fulfilling an order, settle disputes or provide customer support.
• With affirmative consent, which may be revoked at any time, such as signing up for a mailing list.
• If necessary to comply with a legal obligation or court order or in connection with a legal claim, such as retaining information about purchases as required by tax law.
• As necessary for the purpose of Pagan Business Network legitimate interests, if those interests are not overridden by the customer’s right or interests, such as:
◦ Providing and improving services
◦ Compliance with third parties’ policies and terms of use.
Information about our customers are important to our business.  We share personal information for very limited reasons and in limited circumstances, as follows:
• We share information with third parties as necessary to provide services and comply with our obligations under agreements with third parties we do business with.
• We may engage certain trusted third parties to perform functions and provide services to our shop, such as delivery companies. We will only share personal information with these third parties, but only to the extent necessary to perform these services.
• If we sell or merge our business, we may disclose customer information as a part of that transaction, only to the extent permitted by law.
• We may collect, use, retain, and share information if we have a good faith belief that it is reasonably necessary to:
◦ Respond to legal process or to government requests
◦ Enforce agreements, terms or policies
◦ Prevent, investigate, and address fraud and other illegal activity, security, or technical issues
◦ Protect the rights, property and safety of our customers or others.
We retain customer personal information only for as long as necessary to provide services and as described in our Privacy Policy.  However, we may also be required to retain this information to comply with legal and regulatory obligations, to resolve disputes, and to enforce agreements.  We generally keep data for a period of 10 years.
We may store and process information through third-party hosting services in the US and other jurisdictions.  As a result, we may transfer personal information to a jurisdiction with different data protection and government surveillance laws than the customer’s jurisdiction.  If we are deemed to transfer customer information to another jurisdiction, we rely on Privacy Shield as the legal basis for the transfer, as Google Cloud is Privacy Shield certified.
If the customer resides in certain territories, including the EU, the customer has a number of rights in relation to the customer’s personal information.  While some of these rights apply generally, certain rights apply only in certain limited cases.  We describe these rights below:

• The customer may have the right to access and receive a copy of the personal information we hold about the customer by contacting us using the contact information below.
• The customer may also have the rights to change, restrict our use of, or delete their personal information. Absent exceptional circumstances such as the requirement to store data for legal reasons, personal information will generally be deleted upon request.
• The customer can object to:
◦ Our processing of some information based on our legitimate interests
◦ Receiving marketing messages, email or mail from Pagan Business Network after providing express consent to receive them.
In such cases, Pagan Business Network will delete the customer’s personal information unless there are compelling and legitimate grounds to continue using that information or if it is needed for legal reasons.
• If the customer resides in the EU and wishes to raise a concern about Pagan Business Network’s use of personal information (and without prejudice to any other rights the customer may have) the customer has the right to do so with the customer’s local data protection authoriy.
For the purpose of EU data protection law, Pagan Business Network, is the data controller of the customer’s personal information.  For questions or concerns, contact info@paganbusinessnetwork.com or Pagan Business Network