Privacy Policy

Updated November 20, 2023

We want you to feel comfortable in our online store at www.alittlesteeper.com and not have to worry about the security of your data. That is why data protection is an important part of our corporate philosophy.

In this Privacy Policy, you will find all the information about which Personal Data we collect and process and for what purpose. Equally, we will also inform you of your data protection rights and how you can assert them.

General Principles

What is Personal Data?

Personal Data is “any information relating to an identified or identifiable natural person. This includes, for example, name or address data, telephone number, mobile number, or online identifiers such as your device id and your IP address.

What is processing?

“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means. The term is broad and covers virtually any handling of data.

Who is responsible for data processing?

The responsible party for data processing is A Little Steeper, LLC, a Nevada based limited liability company (“a little steeper”, “we”, “us”, “our”) (“A Little Steeper”, “we”, “us”, or “our”). If you have any questions or if you wish to exercise your rights, please contact us using support@alittlesteeper.com.

What law applies?

Our use of your Personal Data is subject to Nevada’s Privacy Law NRS 603A (“NRS603”), the California Consumer Privacy Act (“CCPA”) including its subsequent amendments from the California Privacy Rights and Enforcement Act (“CPRA”) and the EU’s General Data Protection Regulation (“GDPR”), and of course we process your Personal Data accordingly.

What are the Legal Bases for processing Personal Data

In accordance with the NRS603, CCPA/CPRA and the GDPR, we have to have at least one of the following legal bases to process your Personal Data: a) you have given your consent, b) the data is necessary for the fulfillment of a contract / pre-contractual measures, c) the data is necessary for the fulfillment of a legal obligation, or d) the data is necessary to protect our legitimate interests, provided that your interests are not overridden.

Who is the competent data protection authority?

The competent data protection authority in Nevada is: The Attorney General’s Office, (https://ag.nv.gov) and in California this is the California Privacy Protection Agency, (www.cppa.ca.gov). However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

How long will you keep my data?

We process and store your Personal Data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period exists (in particular commercial and tax law in accordance with Nevada`s Commercial Law and Fiscal Code and others for up to 4 years. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

What Personal Data do we process?

Technical Data

When you access our website, some access data is recorded automatically and stored in a log file on our website’s server. This means if you browse and simply have a look at our website, we process a) the IP address of your computer, b) the date and time of your access, c) the name and URL of the accessed file, d) the browser used, e) the amount of bytes transferred, f) the status of the page request, g) the session ID and g) the referrer URL. The legal basis for processing is our legitimate interest.

Hosting of our website

We use the hosting services of WordPress by Automattic Inc, for the purpose of hosting and displaying our website. WordPress does so on the basis of processing on our behalf, and that also means that all data collected on our website and shop is processed on WordPress’s servers.The basis for processing is our legitimate interest, and the initiation and/or fulfillment of a contract.

Content Management System

We also use the Content Management System (CMS) of WordPress by Automattic Inc to publish and maintain the created and edited content and texts on our website. This means that all content and texts submitted to our website are transferred to WordPress. The legal basis for this processing is our legitimate interest.

 

WooCommerce

To provide our web shop, we use the WooCommerce service developed and operated by Automattic Inc. WooCommerce provides us with their online e-commerce platform through which we can offer our goods for sale to you. Both your inventory data and your usage data are stored on WooCommerce’s servers. The legal basis for processing is our legitimate interest.

Cookies and Cookie Consent Management Tool

As described in our Cookie Policy, we use so-called cookies on our website. As the use of Non-essential Cookies requires in accordance with the NRS603, CCPA/CPRA and the EU`s Privacy and Electronic Communications Directive (“PECD”), your consent, we use a cookie consent management tool to obtain and of course document your preferences. Consequently, we process: a) your consent(s) or revocation of your consent(s), b) your IP address, c) Information about your browser, d) Information about your device, e) Time of your visit to our website. The basis for processing is our legitimate interest and your consent. For further information on the cookies we use, please refer to our Cookie Policy.

Economic analyses and market research

For business reasons, we analyze the data we have on web and server traffic patterns, website interactions, browsing behavior etc. The analyses serve us alone and are not disclosed externally and processed using anonymous analyses with summarized and or anonymized values. For this purpose we use Jetpack by Automattic Inc. The legal basis is our legitimate interest and your consent. For further information on our use of Jetpack, please refer to our Cookie Policy.

Fonts

We integrate Google Fonts by Google LLC, and Font Awesome of Fonticons Inc.To enable the display of fonts, a connection to Google’s and Font Awesome’s server is established when our website is accessed. This enables Google, and Fonticons to determine which website sent the request and to which IP address the display of the font is to be transmitted. The integration is based on our legitimate interest.

 

Contacting us, ordering our products, using our services

You can contact us in various ways and data is always collected in the process. You provide us with most of the data that we process when you contact us such as your name, and email address. This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted again, provided that there is no legal obligation to retain it.

We also process your first name, last name, e-mail address, billing and shipping address for the delivery of your order and the data related to your contract with us to handle the contractual relationship. The processing of this Personal Data is necessary for the order process. We process this data insofar as this is necessary for contract processing, and the assertion of possible claims on our part.

Likewise and as soon as you register an account, you provide us with your name and email address or your postal address. We store this data for as long as you are registered with us. If you delete your customer account, we will delete your data unless there is a statutory retention period on our part. In this case, we must store your data for longer.

The legal basis for processing the above is our legitimate interest, the provision or initiation of a contractual service and your consent.

Payment Data

If you pay through our website your payment data will be processed via our payment service provider Stripe, WooPayments, Apple Pay, Google Pay, via our ecommerce system WooCommerce by Automattic Inc. Payment data will solely be processed through your chosen payment method and we have no access to any Payment Data you may submit. The legal basis for the provision of a payment system is the establishment and implementation of the user contract for the use of the service.

Data Sharing

In certain cases, it is necessary to transmit the processed Personal Data in the course of data processing. In this respect, there are different recipient bodies and categories of recipients.

Internal

If necessary, we transfer your Personal Data within A Little Steeper. Of course, we comply with the associated legal framework and ensure that your data is processed properly. Access to your Personal Data is only granted to authorized employees who need access to the data due to their job, e.g., to fulfill your order or to contact you in case of queries.

External bodies

Personal Data is transferred to our service providers in the following instances:

  • in the context of fulfilling your orders, shipping and delivery with our fulfillment service providers,
  • to use marketing services and to advertise our products online,
  • to communicate with you,
  • to provide our website and shop, and
  • to state authorities and institutions as far as this is required or necessary.

International transfers

We may transfer your Personal Data to other companies as necessary for the purposes described in this Privacy Policy. In order to provide adequate protection for your Personal Data when it is transferred, we have contractual arrangements regarding such transfers. We take all reasonable technical and organizational measures to protect the Personal Data we transfer.

Security of your data

In order to protect the data stored with us in the best possible way against accidental or intentional manipulation, loss, destruction or access by unauthorized persons, we use appropriate technical and organizational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

Nevertheless, internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. And databases or data sets that include Personal Data may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, we will notify all affected individuals whose Personal Data may have been compromised as expeditiously as possible after which the breach was discovered.

Marketing

Insofar as you have given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you for these purposes via the communication channels you have given your consent to.

You may give us your consent in a number of ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

Direct Marketing generally takes the form of email but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.

Based on your recent purchases, we will send you information on similar products by email. In addition to these product recommendations, the e-mails may also contain vouchers. If you no longer wish to receive product recommendations from us, you can object to this at any time. You will find the unsubscribe link in every email you receive from us.

Social Media

General

We are present on social media on the basis of our legitimate interest. If you contact or connect with us via social media, we and the relevant social media platform are jointly responsible for the processing of your data and enter into a so-called joint controller agreement. The Personal Information collected when contacting us is to handle your request and the bases are both your consent and our legitimate interest.

Market research and advertising

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behavior and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. The legal basis is our legitimate interest.

 

When you visit our profiles and interact with us and others

When you visit our social media profiles, we, as the operator of the profile, process your actions and interactions with our profile (e.g., the content of your messages, enquiries, posts or comments that you send to us or leave on our profile or when you like or share our posts) as well as your publicly viewable profile data (e.g., your name and profile picture). Which Personal Information from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in the settings of your social media account. The legal basis is our legitimate interest and your consent.

Advertising

We would like to show you interesting advertising outside of our website and use various third-party tools and cookies for this purpose. These collect and process information about your activities on our website – for example, which products you are interested in or which pages you visit. By knowing what you are looking for and how you use our website, we can adapt our advertising to your needs. And thus increase the likelihood that you will also be shown suitable and interesting advertising outside our website.

We also analyze this data to evaluate the relevance of the advertisements and to optimize the advertisements for you. Through the tools, your browser regularly establishes a connection to the server of the tool provider when you visit our website. For some tools, we have no direct influence on what data is processed by the providers. The following personal data may be processed by third-party providers i) HTTP header information (e.g., IP address, web browser, website URL, date and time); ii) measuring pixel-specific data (e.g., pixel ID and cookie ID); and iii) additional information about visits to our website (e.g., orders placed, products clicked on). The legal bases for processing are our legitimate interest and your consent in case of cookies. For further information, please refer to our Cookie Policy.

Your Rights and Privileges

Privacy rights

Under the NRS603 amendment, you can exercise the following rights:

  • Right to Know/Access
  • Right to Delete
  • Right to Opt-out of Sale
  • Right to Non-Discrimination
  • Right to Rectification
  • Right to Limit Use and Disclosure of Sensitive Personal Information

 

Under the DPA and GDPR, you can exercise the following rights:

  • The right to access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to object to processing;
  • The right to data portability;

 

Under the CCPA and the CPRA amendment, you can exercise the following rights:

  • Right to Know/Access
  • Right to Delete
  • Right to Opt-out of Sale
  • Right to Non-Discrimination
  • Right to Rectification
  • Right to Limit Use and Disclosure of Sensitive Personal Information

 

Further, California’s “Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing Personal Information to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your Personal Information using the contact details provided.

Updating your information

If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to its processing, please do so by contacting us.

Withdrawing your consent

You can withdraw consents you have given at any time by contacting us.

Access Request

In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any Personal Data or to make a correction requested by you, we will tell you why.

 What we do not do

  • We do not use Automated decision-making including profiling; and
  • We do not sell your Personal Data.

COPPA (Children Online Privacy Protection Act)

When it comes to the collection of Personal Information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.

Telephone Consumer Protection Act (TCPA)

If we process your Personal Information for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.

Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (‘DNT’) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

Validity and questions

This Privacy Policy was last updated on Monday, November 20th 2023 and is the current and valid version. However, from time to time changes or a revision to this policy may be necessary. If you have any questions or if you wish to exercise your rights, please contact us using support@alittlesteeper.com.

Shopping Cart
Scroll to Top