Privacy Policy

Protecting your privacy is important to THE DESIGN STUDIO. (“SUB BOX”)

SUB BOX provides services and develops software to help merchants sell better or more efficiently online through various platforms, such as Shopify. SUB BOX has adopted this Privacy Policy (“Privacy Policy”) to guide you through the collection, use, retention, and disclosure of Personally Identifiable Information (“Personal Data”, as further described below) that you may provide while using SUB BOX websites, apps, and services in connection with these platforms (collectively referred to as “Services”) SUB BOX encourages you to read this Privacy Policy, as well as our terms and conditions of use, in order to understand how we collect and process Personal Data in the course of providing the Services and your interaction with the Services.

By using the Services, you consent to the collection, use, retention, and disclosure of your Personal Data for processing as described in, and subject to the limitations set out in this Privacy Policy.

Note to Residents of the European Union and California: In order to comply with the requirements of the European General Data Protection Regulation (GDPR) for our European users, and California Consumer Privacy Act (CCPA), this Privacy Policy outlines the legal basis on which we process your Personal Data and provides other information required by the GDPR & CCPA.

Personal Data

Personal Data is any information that would identify a person directly, or indirectly in combination with data from other sources. For example, a full name, home or work address, phone number, national identification number (SSN, SIN, etc.), email address, banking details, IP address, biometric data, usage data, or any information that may individually identify a person.

SUB BOX may collect Personal Data including without limitation your name, shipping and billing addresses, phone number, email address, payment information, IP address, and device identifiers and/or geolocation information, in the course of its Services, and may use or disclose that Personal Data as described in this Privacy Policy.

SUB BOX may also create de-identified or anonymized data from Personal Data by excluding data components (such as your name, email address, etc.) that makes the data able to personally identify you, through obfuscation, or through other means. In addition, SUB BOX may collect and use aggregated, anonymous information to provide data about the Services to advertisers, potential business partners and other unaffiliated entities. As this information does not identify a person, and is therefore not Personal Data, SUB BOX’s use of such aggregated, anonymized and/or de-identified data is not subject to this Privacy Policy.

Consent and Collection of Personal Data

If you use a SUB BOX website, or conduct a transaction through a SUB BOX Service where Personal Data is essential, your consent is implied to collect and use your Personal Data to facilitate that use or complete that transaction requested or initiated by you only. Examples of instances in which Personal Data may be collected by SUB BOX are, without limitation:

  • When you install a SUB BOX App,
  • If you make or return a purchase through a merchant who uses a SUB BOX App,
  • When you access and navigate a SUB BOX website, or engage in communication and/or business transactions with SUB BOX Professional Services, Managed Services, Client Success, or any other SUB BOX entity,
  • If you knowingly submit Personal Data through a SUB BOX website for the purpose of registering for a service, a contest, or authentication.

During these instances, we may collect data such as, but not restricted to: areas of the Services or SUB BOX websites you visit, transaction type(s) you engage in or request (and amounts thereof), content you view, your IP address, data downloaded or submitted by you, payment information provided by you, shipping and billing information entered by you, as well as the nature, quantity and price of the goods or services you exchange and the individuals or entities with whom you communicate or transact business using the Services.

In the event SUB BOX requests Personal Data for scenarios independent of the above, such as marketing-related questions via questionnaires, surveys, and profile data, it will include a specific consent request. The consent request will include a clear purpose and goal for the collection of Personal Data, along with a means of withdrawing consent. In these scenarios, we may ask for data such as, but not limited to: your contact information (name, telephone numbers, email address, mailing address), date of birth, product and/or cosmetic concerns, which brands and products you use, user authentication and security information (e.g. username and password).

If at any point you wish to withdraw consent to Personal Data collection, please contact SUB BOX via the Contact & Questions area at the bottom of this Privacy Policy. Please note that certain Services may only be able to be offered or provided to you if you disclose the Personal Data necessary to facilitate those Services, and therefore SUB BOX may not be able to provide you with certain Services in the event that you choose not to disclose that Personal Data to SUB BOX.

Age of Consent

The Services offered by SUB BOX are directed towards and designed for the use of persons above the age of majority in your province, state, or country. Persons under the age of majority are not permitted to use the Services on their own, and SUB BOX will not approve applications of, or establish, or maintain accounts or memberships for, any persons below their respective region’s age of majority.

SUB BOX does not solicit or knowingly collect Personal Data from persons below the age of majority of their region. If we discover we have received Personal Data of a person below the age of majority, we will delete such information from our systems. Additionally, if a parent or legal guardian believes that Personal Data regarding a minor in their care has been provided to SUB BOX, they may request the minor’s information be corrected or deleted by contacting SUB BOX Privacy Officer via the Contact & Questions area at the bottom of this Privacy Policy.

Anonymous Information

When you interact with a SUB BOX Service, similar to most other websites, apps, and online services, certain anonymous technical information about your visit is automatically logged and collected by SUB BOX. This may include information about the type of browser you use, operating system, the date and time you access the Service, the links you accessed while using the Service, and the internet address of the website, if any, which linked directly to the SUB BOX Service. This information is used for system administration purposes such as diagnosing problems with SUB BOX’s Services, servers and websites, compiling aggregated and statistical information, and to improve the operation and content of SUB BOX’s websites and Services. It is not personally identifiable, and is not considered Personal Data and subject to this Privacy Policy.

Personal Data Use

SUB BOX may use collected Personal Data for such purposes as:

  • Helping to establish and verify the identity of users, and to keep user accounts secure,
  • Opening, maintaining, administering and servicing users’ accounts or memberships,
  • Providing Services and support to users,
  • Improving SUB BOX’s websites, including tailoring its websites to users’ preferences,
  • Providing users with product or Service updates, promotional notices and offers, and other information about SUB BOX and its affiliates,
  • Corresponding with you, and responding to your questions, inquiries, comments, and instructions,
  • Maintaining the security and integrity of SUB BOX systems, and,
  • Complying with applicable laws.

Once collected, SUB BOX will store and process your Personal Data in secure locations. SUB BOX may transmit data outside of Canada for the purposes of processing and executing transactions related to the Services, or for the purpose of executing transactions on behalf of merchants that have installed and make use of SUB BOX Apps in connection with their online stores. Where this transmission occurs, the security measures outlined in this Privacy Policy will continue to apply.

Personal Data will only be retained by SUB BOX for the length of time required to fulfill the purpose or complete the transaction for which it was collected, or as may be required by law. Beyond that point, Personal Data in the possession or control of SUB BOX will be anonymized or securely destroyed.

Legal Basis for Processing

This section addresses the legal basis for processing your Personal Data if you reside outside of Canada and in the European Economic Area (within Canada, you typically provide consent when you receive notice of this Privacy Policy in (or via) a website link or mobile app).

Lawful Basis for Processing

Data protection law in the European Union requires a “lawful basis” for collecting and retaining Personal Data from citizens or residents of the European Economic Area. SUB BOX collects and processes your Personal Data for a variety of purposes outlined in this Privacy Policy. In certain cases, separate consent to this processing is not required, including:

  • For the performance of a contract: To perform our contractual obligations to you, including account registration, fulfilling orders or purchases you have made (including processing of payment), contacting you in relation to any issues with your order, in relation to the provision of the Services, where SUB BOX needs to provide your Personal Data to our service providers to provide the Services, or to aggregate and centralize data for the performance of the Services.
  • To meet legal obligations: To comply with laws, regulations, court orders, or other legal obligations or to assist in an investigation.
  • For legitimate interests: To operate SUB BOX’s business and provide the Services, other than in performing our contractual obligations to you, except where overridden by the interests or fundamental rights and freedoms that require protection of Personal Data. For example, the following areas include processing permitted due to legitimate interests:
    • Communication. To communicate with you regarding the Services, including to provide you important notices regarding changes to SUB BOX’s Terms of Service, and also to address your requests, inquiries, and complaints. SUB BOX may send strictly necessary communications, including emails, even if you have opted out of receiving other SUB BOX emails or communications. These types of communications do not require consent. SUB BOX also processes your Personal Data for our legitimate interests when you communicate with us, including when you sign up for promotional materials and SUB BOX has not asked you for your consent in that regard.
    • Respond to Your Requests. To respond to your requests for technical support, online services, product information or to any other communication you initiate. This includes accessing your account to address technical support requests.
    • Promotional Messages. SUB BOX processes your non-sensitive Personal Data to provide you with promotional messages, including when you communicate with SUB BOX or sign up for promotional materials, when you participate in special activities, offers, or programs, when we aggregate and centralize data, and when we share Personal Data with our service providers and vendors.
    • Surveys. To send you surveys in connection with our Services, unless commercial in nature. In those cases, a survey request may be sent to you if you have given SUB BOX your consent to receive marketing from us.
    • Compliance with Law and Public Safety . To assist in the investigation of suspected illegal or wrongful activity, including sharing information with other entities for fraud, loss, and crime prevention purposes. To protect and defend SUB BOX’s rights and property, or the rights or safety of third parties.
    • Improvement and Development. To develop, provide, enhance, and improve SUB BOX Services and your experience, including to enable you to use the full range of our Services. For internal purposes related to certain research, analytics, innovation, testing, monitoring, customer communication, risk management, and administrative purposes.
    • Enforcing Terms and Notice. To enforce SUB BOX’s Terms of Service or this Privacy Policy, or agreements with third parties.
    • Merger or Acquisition (Note that certain country/region-specific disclosures may also apply, depending upon the jurisdiction in which you reside). To support a contemplated reorganization or an actual reorganization of SUB BOX’s business, in connection with financing, a sale, or other transaction involving the disposal of all or part of our business or assets, including for the purpose of permitting the due diligence required to decide whether to proceed with a transaction.

Consent as a Basis for Processing

In some cases, SUB BOX will ask for your consent to process your Personal Data. You may indicate your consent in a number of ways, including, as may be presented by SUB BOX and permitted by law, ticking a box (or equivalent action) to indicate your consent when providing us with your Personal Data through our Services or a form, or registering or creating an account with us. Note that certain country/region-specific rules regarding consent may also apply, depending upon the jurisdiction in which you reside.

Security

SUB BOX maintains reasonable physical, technical, and administrative security measures to minimize the risk of unauthorized loss, theft, copying, misuse, access, disclosure, alteration, or destruction of your Personal Data.

If transactions are offered as part of a SUB BOX Service, transaction information is transmitted to and from SUB BOX in encrypted form using industry-standard Secure Socket Layer (SSL) connections to help protect such information, including Personal Data transmitted in the course of these transactions, from interception.

SUB BOX also restricts access to your Personal Information to only those persons who have a legitimate business need or legal requirement to view it in connection with the Services. You, as a Personal Data owner, may also authorize any persons you may choose to have access to your Personal Data.

Although SUB BOX does utilize security measures appropriate to the level of risk, no method of data transfer or storage on the internet is 100% secure and security risks cannot be eliminated entirely. As such, SUB BOX cannot guarantee perfect security, integrity, or confidentiality of Personal Data.

SUB BOX maintains a security incident response protocol to be put in place in the event that the security of your Personal Data in the possession or control of SUB BOX is compromised. In the event of a data breach or security incident involving the Services, SUB BOX will apply this protocol to enable SUB BOX to effectively and efficiently respond to, and contain, the breach or incident. SUB BOX may also seek to notify you in such an event. If notification is appropriate or required, SUB BOX may notify you by email, messaging to your device, or other reasonable means.

Disclosure of Personal Data

SUB BOX does not provide Personal Data to unaffiliated third parties for their use in marketing directly to you. We may use unaffiliated companies, or trusted third party service providers, to help maintain and operate our Services for reasons related to our business operations and to better serve you, and those companies may receive your Personal Data for that purpose. For example, Bold may use third party payment processor services in connection with the Services and its websites, and the payment information that you provide to SUB BOX may be disclosed to and used by these payment processors for the purposes of completing and executing transactions requested or initiated by you. When SUB BOX shares Personal Data with third-party services that support our delivery of the Services, we require that they use your Personal Data only for the purposes we’ve authorized, and that they protect your Personal Data to at least the same standards used by SUB BOX.

As part of agreements with merchants who have installed SUB BOX Apps and the execution of transactions on behalf of merchants that make use of SUB BOX Apps in connection with their online stores, we may disclose Personal Data which has been collected by us that is specific to that merchant’s store and your transactions in connection therewith.

SUB BOX may also disclose Personal Data about you in connection with legal requirements, such as in response to an authorized subpoena, governmental request or investigation, or as otherwise permitted by applicable law (including, without limitation, to prevent fraud or abuse, or to protect SUB BOX’s legal rights, property, or the safety of SUB BOX, its employees, users or others).

Finally, as SUB BOX’s business develops, it may sell or buy corporate assets, and in such transactions Personal Data may be one of the transferred business assets. If SUB BOX, its internet businesses, or substantially all of its shares or assets, is acquired or an acquisition is contemplated, Personal Data may be one of the assets assessed or transferred in connection with that transaction.

A list of Data Processors engaged by SUB BOX who may receive Personal Data is available by request. New processors will be added to this list 30 days prior to being integrated into our Services. If you are subject to the GDPR and have objections to a Data Processor addition, please contact SUB BOX via the Contact & Questions area at the bottom of this Privacy Policy. Objections to Data Processors may impact the Services which can be offered or provided to you by SUB BOX.

If you believe your Personal Data has been disclosed other than as described in this Privacy Policy, please contact SUB BOX via the Contact & Questions area at the bottom of this Privacy Policy.

Transfers of Your Personal Data to Other Countries

The Personal Data SUB BOX processes, and associated Services and systems, may be housed on servers in various locations where SUB BOX maintains servers or facilities, including Canada, the United States, and the EU. Please be aware that Personal Data we collect may be processed and stored in one or more of these locations. The data protection and privacy laws in these locations may offer a different level of protection than in your country/region, however, as noted earlier in this Privacy Policy, SUB BOX takes steps, including through contracts, intended to ensure that the Personal Data it collects continues to be protected wherever it is located in a manner consistent with the standards of protection required under applicable law.

Where Personal Data is transferred from the European Economic Area to a country that has not received an adequacy decision by the European Commission, SUB BOX relies on appropriate safeguards, such as for example the European Commission-approved Standard Contractual Clauses and EU-U.S. Privacy Shield Frameworks, to transfer the Personal Data.

By using our Services and submitting your Personal Data, you agree to the transfer, storage, and/or processing of your Personal Data in the locations contemplated above. Where and as required, we will seek your explicit consent as outlined in this Privacy Policy.

“Cookies” and Advertisers

The SUB BOX websites, or the third-party companies used to host, operate, or maintain these websites, may place a “cookie” on your computer in order to allow you to use these websites and to personalize your experience.

A “cookie” is a small piece of data, or an alphanumeric identifier, that can be sent by a web server to your computer or device, which then may be stored by your browser on your computer or device. Cookies allow SUB BOX to recognize your computer or device while you are on our websites and help customize your online experience and make it more convenient for you. Cookies are also useful in allowing more efficient log-in for users, tracking transaction histories, and preserving information between browsing sessions. The information collected from cookies may also be used to improve website functionality.

The advertisers and/or other content providers that may appear on SUB BOX websites may also use cookies that are not sent by SUB BOX. Such ads or content may contain cookies that help track and target the interests of users of our websites in order to present “personalized” advertisements or other messages that the user might find interesting. SUB BOX is not responsible for any such cookies.

Most web browsers have features that can notify you when you receive a cookie or prevent cookies from being sent. If you disable cookies, however, you may not be able to use certain personalized functions of SUB BOX websites.

Rights with Respect to Personal Data

SUB BOX is committed to ensuring you retain full access to and control of your Personal Data. To that end, we endeavor to respect your right to be informed regarding the collection, use and disclosure of Personal Data, and your right of correction and access to it, via this Privacy Policy.

If you would like to access, correct, remove, request a copy of, withdraw consent to collection of your Personal Data, or are looking for any additional information on how your Personal Data may be collected, used or disclosed by SUB BOX, please contact SUB BOX via the Contact & Questions area at the bottom of this Privacy Policy. Subject to certain exceptions and limitations that may be prescribed by applicable law, you will be provided with reasonable access to your Personal Data, and will be entitled to have it amended or corrected as appropriate.

In certain circumstances, you may have the right to have your Personal Data, or certain components of your Personal Data, erased by SUB BOX, to have your Personal Data moved, copy or transmitted from SUB BOX’s systems to other systems, or to object to or restrict certain processing of your Personal Data by SUB BOX. In the event that you wish to inquire about, or seek to exercise any of these rights (as they may be applicable), please contact SUB BOX.

European Economic Area and the United Kingdom

Subject to applicable law, if you are a citizen or resident of the European Economic Area or the United Kingdom you have certain statutory rights in relation to your Personal Data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. You can usually do this by contacting SUB BOX in accordance with the Contact & Questions area at the bottom of this Privacy Policy.

To the extent that Bold’s processing of your Personal Data is subject to the General Data Protection Regulation, (or applicable laws covering the processing of Personal Data in the United Kingdom), Bold relies on its legitimate interests, described above, to process your data. Bold may also process other information that constitutes your Personal Data for direct marketing purposes, and you have a right to object to Bold’s use of your Personal Data for this purpose at any time.

If you are a customer of a merchant who uses Bold’s Apps and wish to exercise these rights, please contact the merchants you interacted with directly – we serve as a processor on their behalf, and can only forward your request to them to allow them to respond.

If you are unhappy with the response that you receive from us, we hope that you would contact us to resolve the issue but you also have the right to lodge a complaint with the relevant data protection authority in your jurisdiction at any time.

California Privacy Rights

This section provides additional details about California consumers and the rights afforded to them under the California Consumer Privacy Act or (“CCPA”). If you need to access this notice in an alternative format, please contact us via the method in Contact & Questions section below.

Under CCPA “Personal Information” is defined as anything that identifies, relates to, describes or is capable of being associated with or could reasonably be linked, directly or indirectly, with a particular California consumer of household. For more details about the Personal Information we have collected over the last 12 months, including the categories of sources, please see the Personal Data and Consent and Collection of Personal Data section above. We collect this information for the business and commercial purposes described in the Personal Data Use section above. We share this information with the categories of third parties described in there. Bold does not sell (as such term is defined in the CCPA) the personal information we collect (and will not sell it without providing a right to opt out). Please note that we may use third-party cookies for our advertising purposes as further described in our Cookies and Advertising section above.

The CCPA requires opt-in consent to information use for minors under the age of 16 and verified parental consent for children under the age of 13. We do not knowingly collect or process the information of children.

Subject to certain limitations, the CCPA provides California consumers the right to request, free of charge, to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any “sales” that may be occurring, and to not be discriminated against for exercising these rights.

California consumers may make a request pursuant to their rights under the CCPA by contacting us at hello@thedesignstudio.net.au. We will verify your request using the information associated with your account, including email address. Government identification may be required. Consumers can also designate an authorized agent to exercise these rights on their behalf.

External Links

SUB BOX Services may contain links to other websites, apps, or services, including those of advertisers or third-party content providers who offer downloads as part of a SUB BOX Service. SUB BOX is not responsible for the privacy practices or the content of other websites, apps, or services. We encourage you to read the Privacy Policies published by such third parties before divulging your Personal Data to them.

Changes to this Privacy Policy

SUB BOX reserves the right to modify or supplement this Privacy Policy in its discretion, at any time. If a material change to the terms of this Privacy Policy is made, we will post a notice to our Blog and a link to the new or amended Privacy Policy. The collection, use and disclosure of your Personal Data by SUB BOX will be governed by the version of this Privacy Policy in effect at that time. Your continued use of SUB BOX’s websites and/or Services subsequent to any changes to this Privacy Policy will indicate your consent to the collection, use and disclosure of your Personal Data in accordance with the amended Privacy Policy.

Contact & Questions

If you have any questions or comments regarding this Privacy Policy or any aspects of SUB BOX Services, please contact SUB BOX at hello@thedesignstudio.net.a