Privacy policy

Livia Club - Privacy Policy

Last Updated: January 21, 2026
Effective Date: January 21, 2026

4.1 INTRODUCTION

Livia Club ("Company," "we," "us," "our") operates the website liviaclub.store and Shopify storefront. This Privacy Policy ("Policy") explains how we collect, use, disclose, and protect your personal data when you visit our website, make purchases, or interact with us.

Scope: This Privacy Policy applies to all personal data collected through:

  • Livia Club website (liviaclub.store)

  • Shopify storefront

  • Email communications

  • Phone inquiries

  • In-person interactions (if applicable)

Jurisdiction: This Privacy Policy complies with:

  • U.S. Federal Trade Commission (FTC) regulations

  • California Consumer Privacy Act (CCPA)

  • Connecticut data protection laws

  • General Data Protection Regulation (GDPR) for EU customers

4.2 WHAT PERSONAL DATA WE COLLECT

Data Collected at Checkout:
When customers place orders, we collect:

  • Full name

  • Email address

  • Phone number

  • Shipping address

  • Billing address (if different from shipping)

  • Payment method information (processed securely by Shopify Payments)

  • Order history and purchase amounts

  • Product preferences and browsing history

Data Collected on Website:

  • IP address

  • Browser type and version

  • Operating system

  • Pages visited and time spent

  • Referring website

  • Search queries on our site

  • Cookies and tracking pixels

  • Device information (mobile vs. desktop)

Data Collected Voluntarily:

  • Customer service inquiries and emails

  • Contact form submissions

  • Survey responses

  • Testimonials and reviews

  • Product feedback

  • Newsletter sign-ups

  • Social media interactions

Data NOT Collected:

  • Credit card numbers (processed by Shopify Payments; we don't store full card data)

  • Social Security numbers or tax IDs (except EIN for business inquiries)

  • Government-issued ID numbers

  • Biometric data

  • Sensitive health information

4.3 HOW WE USE YOUR DATA

Primary Uses:

Purpose Data Used Legal Basis
Order Fulfillment Name, address, email, phone, payment method Contract performance
Shipping & Delivery Name, address, phone number Contract performance
Customer Service Email, phone, order history Legitimate interest
Marketing & Promotions Email, purchase history, preferences Consent / Opt-out available
Fraud Prevention IP address, payment method, device info Legitimate interest / Security
Website Improvement Browsing behavior, page analytics Legitimate interest
Legal Compliance All relevant data Legal obligation (taxes, AML)
Personalization Browsing history, purchase history Legitimate interest / Consent

Marketing Communications:

  • We send promotional emails only with customer consent

  • Customers may opt-out of marketing at any time (see Section 4.7)

  • Transactional emails (order confirmation, tracking, refund) are always sent

Data Analysis & Aggregation:

  • We may analyze aggregated data to understand shopping patterns

  • Aggregated data is de-identified and cannot identify individuals

  • Results used to improve products, services, and marketing

4.4 HOW WE SHARE YOUR DATA

Data Sharing & Processors:

Recipient Data Shared Purpose Legal Basis
Shopify All transaction data Order processing / Platform hosting Contract
Payment Processors (Stripe/PayPal) Payment information, email Payment processing Contract / PCI compliance
Shipping Carriers (USPS/UPS/FedEx) Name, address, phone Package delivery Contract
Email Service Providers Email address, name Marketing communications Contract / Consent
Compliance Partners Transaction data Anti-money laundering (AML) / OFAC Legal obligation
Analytics Services IP address, browsing behavior Website analytics Legitimate interest
Law Enforcement Any relevant data Court orders, legal requests Legal obligation

Data NOT Shared:

  • We do NOT sell customer data to third parties for their own marketing

  • We do NOT share data with competitors

  • We do NOT share data with data brokers

  • We do NOT disclose personal data without consent (except as legally required)

Third-Party Processors:
All third-party processors sign Data Processing Agreements (DPAs) requiring them to:

  • Use data only for specified purposes

  • Implement appropriate security measures

  • Not disclose data to unauthorized parties

  • Comply with all privacy laws

4.5 SECURITY & DATA PROTECTION

Data Security Measures:

Technical Safeguards:

  • SSL/TLS encryption for all data in transit

  • 256-bit encryption for stored personal data

  • Firewalls and intrusion detection systems

  • Regular security audits and penetration testing

  • PCI-DSS compliance for payment data

Administrative Safeguards:

  • Limited employee access to personal data (need-to-know basis)

  • Employee confidentiality agreements

  • Background checks for employees handling payment data

  • Regular privacy training for staff

  • Incident response procedures for data breaches

Physical Safeguards:

  • Secure storage of paper documents (if any)

  • Locked filing cabinets and restricted access

  • Office access controls

Limitations:

  • While we implement industry-standard security, no system is 100% secure

  • Customers are responsible for password security and protecting login credentials

  • We are not liable for unauthorized access due to customer negligence

4.6 COOKIES & TRACKING TECHNOLOGIES

Cookies We Use:

Cookie Type Purpose Duration
Session Cookies Maintain shopping cart, login Session only
Persistent Cookies Remember preferences, user ID Up to 2 years
Analytics Cookies Track website usage, improve UX Up to 2 years
Marketing Cookies Retargeting ads, social media integration Up to 2 years
Third-Party Cookies Shopify, Google Analytics, social plugins Varies by provider

Cookie Consent:

  • Customers can control cookie settings in browser settings

  • Disabling cookies may limit site functionality

  • Essential cookies (security, session) cannot be disabled

  • Cookie banner appears on first visit; customers can accept or manage preferences

Do Not Track (DNT):

  • Some browsers include DNT signals; we honor these where applicable

  • Cookies may still be placed if user accepts via banner (explicit consent overrides DNT)

4.7 CUSTOMER RIGHTS & OPT-OUT OPTIONS

Marketing Opt-Out:

Unsubscribe from Email Marketing:

  • Every promotional email includes unsubscribe link at bottom

  • Click "Unsubscribe" or "Manage Preferences" to opt-out

  • Processing time: Within 5 business days

  • Transactional emails (order confirmation, etc.) cannot be unsubscribed from

Email Preferences:

  • Customers can manage email preferences in account settings

  • Options: Promotional emails, newsletters, product recommendations

  • Customers can opt-in/out of specific categories

SMS Marketing (if offered):

  • Text "STOP" to opt-out of SMS messages

  • Or reply "NO" to promotional SMS

Call Preferences:

  • Request to be added to "Do Not Call" list: contact@liviaclub.store

  • Transactional calls (order updates, refunds) may still occur

4.8 CUSTOMER RIGHTS UNDER PRIVACY LAWS

Customer Rights:

Right to Know (CCPA/GDPR):

  • Customers may request what personal data we have collected about them

  • Request via email: contact@liviaclub.store

  • Livia Club provides information within 45 days (CCPA) or 30 days (GDPR)

Right to Access:

  • Customers can download their data in portable format (CSV, JSON)

  • Request access in account settings or via email

  • Free of charge for one request per year

Right to Delete ("Right to be Forgotten"):

  • Customers may request deletion of personal data

  • Exception: Data needed for legal compliance (taxes, fraud prevention) cannot be deleted

  • Deletion completed within 45 days (CCPA) or 30 days (GDPR)

  • Note: After deletion, we cannot process future orders until new data provided

Right to Correct:

  • Customers may request correction of inaccurate data

  • Update address, email, or name in account settings

  • Or email request to contact@liviaclub.store

Right to Opt-Out of Data Sales:

  • Under CCPA, customers have right to opt-out of "sale" or "sharing" of personal data

  • Livia Club does NOT sell customer data

  • Customers can request confirmation via email

Right to Limit Use of Sensitive Data:

  • California consumers can limit use of sensitive data (CCPA)

  • Sensitive data: SSN, financial account info, biometric data

  • Request via: contact@liviaclub.store

  • Livia Club does not collect most sensitive data

Right to Non-Discrimination:

  • Customers will NOT be discriminated against for exercising privacy rights

  • No price increase, denial of service, or lower quality service for opting out

4.9 CONTACT US FOR PRIVACY REQUESTS

Privacy Rights Requests:

Email: contact@liviaclub.store
Subject Line: "Privacy Rights Request - [Type of Request]"
Required Information:

  • Full name

  • Email address used for account

  • Type of request (access, deletion, opt-out, etc.)

  • Any additional details

Response Timeline:

  • Initial acknowledgment: Within 5 business days

  • Substantial response: Within 30-45 days depending on request type

Verification:

  • We may ask for additional information to verify your identity

  • This prevents unauthorized access to personal data

4.10 DATA RETENTION

How Long We Keep Your Data:

Data Type Retention Period Reason
Account Information While account is active + 2 years after Legal compliance, dispute resolution
Transaction Records 7 years Tax compliance, fraud prevention
Email Communications 3 years Customer service, dispute resolution
Marketing Preferences Indefinitely until deleted Consent records, CCPA compliance
Browsing/Analytics Data 2 years Website improvement, aggregation
Payment Data Never stored by us (tokenized) PCI-DSS compliance
Deleted Accounts 90 days (deletion grace period) Data backup recovery

Deactivated Accounts:

  • Customers can deactivate accounts; data is retained per retention schedule above

  • Account can be reactivated within 90 days

  • After 90 days, account data may be permanently deleted

4.11 CHILDREN'S PRIVACY

Age Requirement:

  • Livia Club does not knowingly collect data from children under 13 (COPPA compliance)

  • Our website is not directed to children

  • If we discover data from child under 13 was collected, we delete immediately

Parental Consent:

  • Children 13-17 may use Livia Club with parental consent

  • Parents can request access to or deletion of child's data

  • Contact: contact@liviaclub.store

4.12 INTERNATIONAL DATA TRANSFERS

Data Transfers:

  • Livia Club operates in the United States

  • Some data may be transferred to third-party processors (Shopify, payment processors)

  • International transfers comply with GDPR Data Transfer Impact Assessment (DTIA)

EU/UK Customers:

  • Transfers to U.S. are made under appropriate safeguards (Standard Contractual Clauses)

  • EU customers have right to object to transfer; contact for alternatives

GDPR Compliance:

  • For EU residents, we are Data Processor under GDPR

  • Livia Club has Data Processing Agreement (DPA) with Shopify

  • Privacy Shield no longer used; Standard Contractual Clauses in place

4.13 CALIFORNIA CONSUMER PRIVACY ACT (CCPA) SPECIFICS

CCPA Rights (California Residents Only):

Right to Know:

  • What personal information is collected

  • How it's used and shared

  • Request: "I want to know what personal data you have on me"

Right to Delete:

  • Request deletion of personal data (with exceptions)

  • Livia Club will delete within 45 days

Right to Opt-Out:

  • Opt-out of sale/sharing of personal data

  • Use "Do Not Sell or Share My Personal Information" link (see Section 4.7)

Right to Correct:

  • Request correction of inaccurate data

  • Livia Club corrects within 30 days

Right to Limit Use:

  • Limit use of sensitive personal data

  • Sensitive data: financial info, SSN, health data, biometric data

Nondiscrimination:

  • No discrimination for exercising CCPA rights

  • Prices, service quality, and features remain the same

California Privacy Rights Act (CPRA):

  • CPRA amendments effective January 2026

  • Additional rights: automated decision-making, profiling, financial incentive transparency

  • Right to delete synthetic data (new under CPRA)

  • Livia Club complies with all CPRA requirements

4.14 GENERAL DATA PROTECTION REGULATION (GDPR) SPECIFICS

GDPR Rights (EU Residents Only):

Legal Basis for Processing:

  • Contract: Order fulfillment and delivery

  • Consent: Marketing communications, analytics

  • Legitimate Interest: Fraud prevention, website improvement, customer service

  • Legal Obligation: Tax compliance, money laundering prevention

Data Subject Rights:

  • Right to access personal data

  • Right to rectification (correction)

  • Right to erasure ("Right to be Forgotten")

  • Right to restrict processing

  • Right to data portability

  • Right to object to processing

  • Rights related to automated decision-making

Right to Object:

  • EU residents may object to processing at any time

  • Grounds: Direct marketing, profiling, automated decision-making

  • Object via: contact@liviaclub.store

Data Protection Authority:

  • EU residents may lodge complaint with their national DPA if unhappy with our handling

  • DPA contacts available at: edpb.europa.eu

4.15 CONNECTICUT DATA PROTECTION LAWS

Connecticut Residents:

  • Connecticut has data privacy protections under state consumer protection laws

  • Livia Club complies with Connecticut consumer protection standards

  • Unrequested marketing communications must comply with CAN-SPAM Act

CAN-SPAM Compliance:

  • Email marketing complies with CAN-SPAM Act requirements

  • Each email includes business contact information

  • Physical address (15 WACO ST GROTON, CT 06340) included

  • Unsubscribe link on every promotional email

4.16 THIRD-PARTY LINKS & PRIVACY

Third-Party Websites:

  • Our website may contain links to third-party sites (social media, review sites, etc.)

  • Livia Club is NOT responsible for third-party privacy practices

  • Review each site's privacy policy before providing data

  • Examples: Instagram, TikTok, YouTube, Pinterest

Social Media Integration:

  • Social buttons (Share, Like) may track data for social networks

  • Refer to platform privacy policies for details

  • Facebook Pixel, TikTok Pixel, Instagram Ads may collect browsing data for retargeting

4.17 DATA BREACH NOTIFICATION

Security Incident Response:
In the event of a data breach affecting personal data:

Notification Timeline:

  • Customers notified WITHOUT UNREASONABLE DELAY (within 72 hours per GDPR)

  • Connecticut law: notification without unreasonable delay

  • Federal law: notification varies by state (typically 30-60 days)

Notification Content:

  • What data was affected

  • What we're doing to investigate

  • Steps customers should take

  • Fraud monitoring resources

  • Contact information for questions

Law Enforcement Notification:

  • If breach involves SSN, financial account info, or other sensitive data, law enforcement may be notified

  • FBI, Secret Service, and state AG may be contacted if required

Credit Monitoring:

  • If breach involves financial data, Livia Club will offer credit monitoring service

  • Service provided at Livia Club's cost (not customer's)

4.18 POLICY CHANGES & UPDATES

Modifications to Privacy Policy:

  • Livia Club may update this Privacy Policy at any time

  • Changes take effect immediately upon posting

  • Material changes will be announced via email or website banner

  • Continued use of website constitutes acceptance of changes

Notification of Changes:

  • For material changes affecting your privacy rights, email notification sent to registered email

  • 30 days' notice for significant changes

Previous Versions:

4.19 CONTACT & SUPPORT

Privacy Questions or Concerns:

Email: contact@liviaclub.store
Phone: +1 (305) 667-9634
Mailing Address:
Livia Club
15 WACO ST GROTON, CT 06340
USA
Response Time: 24-48 business hours