Privacy Policy

Last Updated: January 12, 2025

Introduction

Damned Designs ("we," "our," or "us") is a Wyoming corporation with a mailing address at 169 Madison Ave STE 15182, New York, NY 10016. We respect your privacy and are committed to protecting your personal information in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other relevant privacy regulations.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a purchase, create an account, or interact with us in any way. Please read this Privacy Policy carefully. By accessing or using our website, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy.

Data Controller Information

For the purposes of GDPR and other applicable privacy laws, Damned Designs is the data controller responsible for your personal information. Our designated privacy contact can be reached at the contact information provided at the end of this policy.

Information We Collect

Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

• Account Information: Name, email address, phone number, username, and password
• Billing and Shipping Information: Full name, billing address, shipping address, phone number
• Payment Information: Credit card numbers, billing address, and other payment details (processed securely by our payment processors)
• Order Information: Purchase history, product preferences, order details, and transaction records
• Communication Data: Messages, emails, and other communications with our customer service team
• Marketing Preferences: Subscription preferences and consent for marketing communications
• Age Verification: Date of birth or age confirmation (required for certain products)

Information Automatically Collected

We automatically collect certain information when you visit our website:

• Device Information: IP address, device type, operating system, browser type and version
• Usage Data: Pages viewed, time spent on pages, links clicked, referring website
• Location Data: General geographic location based on IP address
• Cookies and Tracking: Information collected through cookies, web beacons, and similar technologies

Information from Third Parties

We may receive information about you from:

• Payment Processors: Transaction verification and fraud prevention data
• Shipping Partners: Delivery confirmation and tracking information
• Marketing Partners: Demographic and interest data (with your consent)
• Social Media: Public profile information if you interact with us on social platforms

Legal Basis for Processing (GDPR)

Under GDPR Article 6, we process your personal information based on the following legal bases:

• Contract Performance (Article 6(1)(b)): Processing necessary to fulfill our contract with you, including order processing, delivery, and customer service
• Legitimate Interest (Article 6(1)(f)): Fraud prevention, website security, business analytics, and improving our services
• Consent (Article 6(1)(a)): Marketing communications, cookies (where required), and optional data processing
• Legal Obligation (Article 6(1)(c)): Compliance with tax, accounting, and other legal requirements
• Vital Interests (Article 6(1)(d)): Protection of health and safety in emergency situations

How We Use Your Information

We use your personal information for the following purposes:

Order Processing and Fulfillment

• Processing and fulfilling your orders
• Payment processing and verification
• Shipping and delivery coordination
• Order tracking and status updates
• Handling returns and refunds

Customer Service and Communication

• Responding to your inquiries and providing customer support
• Sending order confirmations and shipping notifications
• Communicating about your account or our services
• Resolving disputes and handling complaints

Marketing and Promotional Activities

• Sending marketing emails and promotional offers (with your consent)
• Personalizing your shopping experience
• Recommending products based on your preferences
• Conducting surveys and market research

Business Operations and Improvement

• Analyzing website usage and customer behavior
• Improving our website, products, and services
• Conducting business analytics and reporting
• Managing inventory and supply chain operations

Legal and Security Purposes

• Detecting and preventing fraud, abuse, and security threats
• Complying with legal obligations and regulatory requirements
• Enforcing our Terms of Service and other agreements
• Protecting our rights, property, and safety
• Age verification for restricted products

Data Retention Periods

We retain your personal information for different periods depending on the type of data and purpose:

• Account Information: Retained while your account is active, plus 3 years after account closure
• Order and Transaction Data: Retained for 7 years for tax and accounting purposes
• Payment Information: Not stored by us; handled by PCI-compliant payment processors
• Marketing Communications: Until you unsubscribe or withdraw consent
• Website Analytics: Aggregated data retained for 26 months; individual data for 14 months
• Customer Service Records: Retained for 3 years after last interaction
• Legal and Compliance Data: Retained as required by applicable laws (typically 7-10 years)
• Security Logs: Retained for 12 months for fraud prevention and security purposes

Sharing Your Information

We may share your personal information with the following categories of recipients:

Service Providers and Processors

• Payment Processors: NMI, Sezzle, and other payment service providers
• Shipping Companies: USPS, UPS, FedEx, and other delivery services
• Technology Providers: Web hosting, email services, analytics platforms
• Customer Service: Help desk and support ticket management systems
• Marketing Services: Email marketing platforms and advertising networks (with consent)

Legal and Regulatory Authorities

• Law enforcement agencies when required by law or court order
• Regulatory authorities for compliance purposes
• Tax authorities for tax reporting and compliance
• Legal counsel in connection with legal proceedings

Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal information may be transferred to the successor entity, subject to the same privacy protections outlined in this policy.

Important: We Do Not Sell Personal Information

We do not sell, rent, or trade your personal information to third parties for monetary consideration. Any sharing is limited to the purposes outlined above and subject to appropriate data protection agreements.

Your Privacy Rights

GDPR Rights (EU Residents)

If you are located in the European Union, you have the following rights under GDPR:

• Right of Access (Article 15): Request a copy of the personal information we hold about you
• Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal information
• Right to Erasure (Article 17): Request deletion of your personal information ("right to be forgotten")
• Right to Restrict Processing (Article 18): Request limitation of how we process your personal information
• Right to Data Portability (Article 20): Request transfer of your data to another service provider
• Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for processing based on consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

CCPA Rights (California Residents)

If you are a California resident, you have the following rights under CCPA:

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of personal information (we do not sell personal information)
• Right to Non-Discrimination: Not be discriminated against for exercising your privacy rights
• Right to Correct: Request correction of inaccurate personal information
• Right to Limit: Request limitation of use and disclosure of sensitive personal information

How to Exercise Your Rights

To exercise any of these rights, please contact us using the following methods:

• Email: privacy@damneddesigns.com
• Phone: (609) 997-8106
• Mail: Damned Designs, Privacy Rights, 169 Madison Ave STE 15182, New York, NY 10016

We will respond to your request within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request to protect your personal information.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience:

Types of Cookies We Use

• Essential Cookies: Required for website functionality, shopping cart, and security
• Performance Cookies: Help us understand how visitors use our website
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Used for advertising and remarketing (with your consent)

Cookie Consent

We obtain your consent for non-essential cookies through our cookie banner. You can manage your cookie preferences at any time through your browser settings or by contacting us.

International Data Transfers

Your personal information may be transferred to and processed in countries other than your country of residence, including the United States. We ensure appropriate safeguards are in place for international transfers:

• Adequacy Decisions: Transfers to countries with adequate data protection levels
• Standard Contractual Clauses: EU-approved contracts for data protection
• Binding Corporate Rules: Internal data protection policies for multinational companies
• Certification Schemes: Privacy Shield successors and similar frameworks

Data Security

We implement comprehensive security measures to protect your personal information:

Technical Safeguards

• SSL/TLS encryption for data transmission
• Secure data storage with encryption at rest
• Regular security audits and vulnerability assessments
• Access controls and authentication systems
• Firewall protection and intrusion detection

Organizational Measures

• Employee training on data protection and privacy
• Data processing agreements with third-party providers
• Regular privacy impact assessments
• Incident response and breach notification procedures
• Data minimization and purpose limitation practices

While we implement robust security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry-standard practices.

Children's Privacy

Our website and services are not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Given the nature of our products (knives, tactical tools, and other potentially dangerous items), age verification is required for purchases, and we strongly recommend parental supervision for any interaction with our website by minors.

Third-Party Links and Services

Our website may contain links to third-party websites, services, or applications. This Privacy Policy does not apply to these third-party services. We encourage you to read the privacy policies of any third-party services you visit or use.

We are not responsible for the privacy practices or content of third-party websites or services.

State-Specific Privacy Rights

Additional State Rights

Residents of certain states may have additional privacy rights:

• Virginia (VCDPA): Rights to access, correct, delete, and opt-out of targeted advertising
• Colorado (CPA): Rights to access, correct, delete, and opt-out of targeted advertising and profiling
• Connecticut (CTDPA): Rights to access, correct, delete, and opt-out of targeted advertising
• Utah (UCPA): Rights to access, delete, and opt-out of targeted advertising

Contact us using the information below to exercise these rights.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant authorities as required by applicable law. For GDPR, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay when required.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will notify you of any material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending email notification to registered users for significant changes
• Displaying a prominent notice on our website

Your continued use of our website after the effective date of the updated Privacy Policy constitutes acceptance of the changes.

Governing Law

This Privacy Policy is governed by the laws of the State of Wyoming, without regard to conflict of law principles. However, your privacy rights under GDPR, CCPA, and other applicable privacy laws remain in effect regardless of this governing law provision.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Privacy Contact

EU Representative (GDPR)

If you are located in the European Union and need to contact our EU representative, please use the privacy contact information above, and we will connect you with our designated EU representative.

Data Protection Authority Contacts

You have the right to lodge a complaint with your local data protection authority:

• EU: Contact your local Data Protection Authority
• UK: Information Commissioner's Office (ICO)
• California: California Attorney General's Office