Privacy

PRIVACY POLICY

Effective Date: May 25th, 2018

Elisa Solomon Jewelry respects your concerns about privacy. This Privacy Notice describes the types of personal information we collect about our customers on https://elisasolomon.com (the “Site”), how we use the information, with whom we share it and the choices available to customers regarding our use of the information.

Information You Provide

When you visit our Site, you may provide personal information to us in connection with ordering or registering on our Site (such as name, postal address, email address, phone number, shipping information, order information, and other details to help us assist you with your experience).

Automated Collection on the Site

When you visit our Site, we may collect certain information by automated means, such as cookies, web beacons and web server logs. The information we collect in this manner may include your device IP address, unique device identifier, web browser characteristics, device characteristics, operating system, language preferences, referring URLs, clickstream data, and dates and times of website visits.

Cookies are files that websites send to your computer to uniquely identify your browser or to store information or settings in the browser. A web beacon (also known as an Internet tag, pixel tag or clear GIF) links web pages to web servers and their cookies and may be used to transmit information collected through cookies back to a web server. Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of the Site. The cookies we use include the following:

Account Cookie:

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Google Analytics cookies:

These are set for monitoring and tracking visitor behavior on the site.

WordPress logged-in cookies:

These are used by WordPress to authenticate logged-in visitors, password authentication and user verification as mentioned above.

W3 Total Cache cookies:

These are used by W3 Total Cache plugin to monitor referrer and user identification for caching purposes.

Wordfence security cookies:

These are used by Wordfence; our security systems, to monitor referrer and user identification for caching purposes as well as website security and prevention purposes.

Facebook (Visitor Action Pixel):

We use the “visitor action pixels” from Facebook Inc (1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”)) on our website.

This allows user behavior to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This enables us to measure the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which is why we are informing you, based on our knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

The legal basis for the use of this service is Art. 6 paragraph 1 sentence 1 letter f GDPR. You can object to the collection of your data by Facebook pixel, or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.

Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).

How We Use the Information We Obtain

We may use the information we obtain described above to:

  • To personalize your experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • Provide products and services to you;
  • Send you newsletters and other communications if you sign up to receive them;
  • Market our products and services to you;
  • Operate, evaluate and improve our business (including developing new products and services; enhancing and improving our services; managing our Site and communications; analyzing our products and customer base; performing data analytics; and performing accounting, auditing and other internal functions); and
  • Comply with and enforce applicable legal requirements, relevant industry standards and the provisions of this Privacy Notice.

We may use the information we obtain in other ways for which we provide specific notice at the time of collection.

Third-Party Analytics Services

We may use third party analytics services on our Site, such as Google Analytics and Lucky Orange. The analytics providers that administer these services use technologies such as cookies, web beacons and web server logs to help us analyze your use of the Site. The information collected through these means (including IP address) may be disclosed to these analytics providers, and other relevant third parties who use the information to evaluate use of the Site.

Google Analytics:  

We use Google Analytics, an analytics service, to help us analyze the traffic on our Site. For more information on Google Analytics’ processing of Personal Information, please see “How Google uses data when you use our partners’ sites or apps.” To learn more about Google Analytics and how to opt out, please visit:

https://www.google.com/intl/en/analytics/learn/privacy.html.

To learn more about Google Analytics and how to opt out, please visit

https://www.google.com/intl/en/analytics/learn/privacy.html

Lucky Orange web analytics service:

This site uses the Lucky Orange analytics system to help improve usability and the customer experience. Lucky Orange may record mouse clicks, mouse movements and scrolling activity. Lucky Orange may record keystroke information that you voluntarily enter on this website.

  • IP Address and Header Information: We automatically collect certain information when you visit our Site, such as IP address and Header Information. “ Header Information” is information such as browser type, operating system, language, screen resolution, referring URL, etc. provided to our web server by your browser. We have a legitimate interest in using such information to assist in log-in, systems administration purposes, information security and abuse prevention, and to track user trends.
  • Lucky Orange Traffic Data: We use Lucky Orange to generate useful insights about our Site’s visitors’ use of the Site. We use the data collected to further our legitimate interest in analyzing the effectiveness of our Site, so we can improve our Site’s look, function, and content. We only collect keystroke data when you enter data into form fields that do not require or prompt you to provide sensitive information. You can opt-out of our processing of your Traffic Data by clicking the “Opt out of tracking” button near the top of this page.

This Site is not designed to respond to “do not track” signals received from browsers.

Third-Party Apps, Tools, Widget and Plugin-Ins

The providers of third-party apps, tools, widgets and plug-ins on the Site, such as Facebook, Instagram, Pinterest, and Twitter, and third-party sign-in and registration tools, also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of the features and is subject to the privacy policies or notices of these providers. Elisa Solomon Jewelry is not responsible for these providers’ information practices.

Online Tracking

On the Site, we may collect information about your online activities for use in providing you with advertising about products and services tailored to your individual interests. This section of our Privacy Notice provides details and explains how to exercise your choices.

You may see certain ads on other websites based on your visits to our Site because we participate in advertising networks administered by third-party vendors. Ad networks allow us to target our messaging to users considering demographic data, users’ inferred interests and browsing context. These networks track your online activities over time by collecting information through automated means, including through the use of cookies, web beacons and web server logs. The networks use this information to show you advertisements that are tailored to your individual interests. The information our ad network vendors collect includes information about your visits to websites that participate in the vendors’ advertising networks, such as the pages or advertisements you view and the actions you take on the websites. This data collection takes place both on our Site and on third-party websites that participate in the ad networks. This process also helps us track the effectiveness of our marketing efforts. To learn more about how to opt out of ad network interest-based advertising, click here.

Information We Share

We do not disclose personal information we obtain about you, except as described in this Privacy Notice. We may share personal information with service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may disclose information about you:

  • If we are required to do so by law or legal process;
  • To law enforcement authorities or other government officials, and
  • When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.

MailChimp Email marketing messages & subscription

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the “Processing of your personal data” above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software / applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences, you can unsubscribe from our MailChimp list by visiting a link in the footer of the emails sent, or email us at Solomon.elisa@gmail.com otherwise contact MailChimp directly.

MailChimp holds the following information about you within their EMS systems (in our account control);

  • Email address
  • I.P address
  • Subscription time & date
  • Phone (if provided)
  • Your Name (if provided)
  • Past Order details

MailChimp is keen on data security as we are well aware that our users (you) care about how the personal information is used. Hosted on high performing Google & Amazon clouds, Mailchimp assures that all our customer information is held confidential. We never sell our customer list or our customer information. All the customer information collected such as name, email address, phone number, website, social media handles, mailing address, billing information or any other information related to third party integrations is collected for the sole purpose of providing best services to our customers and to update them of the improvements to our product and services.

We will send product updates, special offers or promotional notices via mail, Facebook, or email, from time to time, to our customers and prospects who have expressed interest and requested such information. The customer/ prospect can always opt out from receiving such offers/ notifications by following the opt out link on the specific communication or by contacting us or MailChimp directly.

We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

Your Choices

You may at any time ask us to stop sending you emails or other communications. To update your preferences, ask us to remove your information from our mailing lists or submit a request, please contact us as described in the How To Contact Us section below.

How long we retain your data

We adopt appropriate data cleaning regularly and safe practices. For users that register on our website, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

We are following the current data retention time periods on our servers if you make a purchase at our store. To provide and facilitate orders, some information is shared with our third parties securely such as Stripe and MailChimp in which you can still request an additional data deletion for from us or from them directly. We safely and securely have accounts with Stripe and MailChimp to provide a better customer and user experience, and can assist with deleting any data that we retain for a legitimate period of time.  

For our website database (Hosted on secure GoDaddy Virtual Private Servers) we retain data for the following:

  • Inactive accounts:
  • 13 Months
  • Pending orders:
  • 90 Days
  • Failed orders:
  • 90 Days
  • Cancelled orders:
  • 90 Days
  • Completed orders:
  • 4 Months

 

Account Erasure Requests

When an account erasure request goes forward we remove personal data from orders and access to any possible downloads.

How We Protect Personal Information

We maintain safeguards to protect the personal information you provide through the Site against accidental, unlawful or unauthorized access, destruction, loss, alteration, disclosure or use.

We use the trusted provider Stripe for our transactions on the website.  Stripe gives state of the art security and peace of mind to our customers and user experience while on elisasolomon.com with the following protection methods for transaction:

  • Machine-learning based fraud prevention
  • adaptive algorithms that learn from Stripe’s global network of hundreds of thousands of users to help keep our customers protected and safe.
  • Transparent risk scores
  • Horizontally-scaled ML model training infrastructure
  • Custom rules engine
  • Trust and block lists support
  • Optimized manual review flows
  • Real-time fraud insights
  • TC40s and SAFE fraud reporting
  • 3D Secure

Dispute handling:

  • Programmatic dispute management
  • Evidence submission aid
  • Direct integration to Visa Claims Resolution (VCR) + MasterCom

We also use a plug-in called Wordfence that helps to provide the following protections:

Web Application Firewall

The Web Application Firewall stops our site from getting hacked by identifying malicious traffic, blocking attackers before they can access our website. Powered by the Threat Defense Feed, it is automatically updated with new firewall rules that protect us from the latest threats. Even if you are running a vulnerable plugin or theme, Wordfence will protect our site from being hacked by blocking attacks based on known and constantly updated attack patterns.

Real-time Threat Defense Feed

Wordfence also protects us from new and emerging threats as the Wordfence Forensic Lab is constantly adding new firewall rules to the Threat Defense Feed which is updated in real time.

Wordfence protects over 2 million WordPress websites, giving us unmatched access to information about how hackers compromise sites, where attacks originate from and the malicious code they leave behind. The Wordfence Forensic Lab is constantly adding updates as they discover new threats. We receive a real-time version of the Threat Defense Feed. The real-time version of the Threat Defense Feed provides our Firewall and Scan Engine with updated firewall rules, the latest malware signatures, and malicious IP updates.

Brute Force Attacks

Wordfence monitors live login activity to analyze failed login attempts and will lock out any attempts to brute-force guess user account password or our administrative usernames. Specifically, Wordfence will do the following:

  • Lock out users after too many login failures
  • Lock out users after using the “forgot password” form too many times
  • Optionally lock out anyone who uses an invalid username
  • Prevent WordPress from given hackers information about what usernames may exist on our system

 

 

Geographic protection

Wordfence country blocking is designed to stop an attack, prevent content theft or end malicious activity that originates from a geographic region in less than 1/300,000th of a second. Blocking countries who are regularly creating failed logins, a large number of page not found errors and are clearly engaging in malicious activity is an effective way to protect our site during an attack. Wordfence Country Blocking provides protection for site in the following manner:

  • Blocks access to our administrative login form
  • Blocks access to customer login form
  • Blocks access to the rest of our site
  • Provides access to a continually updated database of country to IP mappings

 

Advanced Manual Blocking

Advanced manual blocking allows us to quickly and efficiently dispatch site security threats by blocking entire malicious networks and any human or robot activity that indicates suspicious intentions based on pattern matching and IP ranges. Wordfence Intelligently blocks our websites threats by:

  • Blocks of suspicious ranges of IP addresses (Think of these as networks)
  • Specific web browsers and web browser patterns
  • Referring websites
  • Any combination of the above

Elisa Solomon Jewelry also has administration and alert systems to notice suspicious patterns or indications of suspicious intentions to immediately take the steps to block using these tools.

Malware Scanner

We maintain a cluster of high performance servers in our data center to assist with scanning our website. When Wordfence scans our site, it compares our core files, themes and plugins with what is in the WordPress.org repository and reports any changes to us. Wordfence leaves no corner of our site untended by:

  • Scanning core files, themes and plugins for malware, code injections and backdoors. Also checks them against WordPress.org repository versions to check their integrity
  • Checking URLs against Google’s safe browsing list
  • Scanning for DNS changes
  • Elisasolomon.com administrators can scan as frequently as every hour and select optimal times that don’t interfere with high traffic time periods.

 

 

Check if Site IP is Generating Spam

 

Elisasolomon.com currently has a virtual private server for automatic relaying of emails so it is not a shared IP address.  Shared IP addresses can generate spam such that legitimate customer emails can be caught in spam filters. Wordfence prevents our IP from generating spam by:

  • Checking our IP address reputation with reputation providers like Spamhaus
  • Protecting our own website which prevents our site from being used to send spam email
  • Alerting us to file changes that don’t match the official WordPress repository, which may indicate a script installed that generates spam

 

Check if Site is Spamvertized

When a website is being used for spamvertising, it can severely impact its SEO rankings and email deliverability. Wordfence checks if our website URL has been flagged for spamvertising, indicating that our site may have been compromised or that we are emailing too aggressively. Wordfence prevents our site from becoming a venue for spamvertizing by:

  • Protecting our site from being hacked, which prevents spammers from using our URL in spam emails
  • Checking if our site domain name has been flagged as a source of spam, which may indicate that our site has been hacked, or you are being flagged as a spammer for another reason

 

View Blocked Intrusion Attempts

Elisasolomon.com security tools monitor visits and hack attempts not shown in other analytics packages and allows us to see attempts in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on our site. Wordfence monitoring in real time means we can see:

  • Traffic from robots, humans, Google crawlers and 404 errors
  • Traffic not shown by Google Analytics and other Javascript loggers
  • Logins, logouts and who is consuming the most content
  • Security threats and exploit attempts in real-time
  • Visitor location at the city level and visitor hostname

Live Traffic Monitoring

Like most website owners, SEO matters to us. In real time, we can see Google as it crawls our site to see which pages are being crawled and which aren’t. This helps us identify issues like crawling non-existent pages and missing robots.txt files. Wordfence Live Traffic monitoring allows us to:

  • Separate pageviews generated by humans from those generated by crawlers
  • Immediately block fake Google crawlers and malicious or overly aggressive crawlers
  • Help enhance SEO by logging how often and when Google crawlers access our site

View Bots and Crawlers

If someone or something is generating many “page not found errors” or consuming content too aggressively, they’re likely up to no good. We can block them with Wordfence, and make room Google crawlers to work unhindered. Wordfence is our ally in crawler control, because it:

  • Separates pageviews generated by humans from those generated by crawlers
  • Immediately blocks fake Google crawlers and malicious or overly aggressive crawlers
  • Helps enhance SEO by logging how often and when Google crawlers access our site

View Logins and Logouts

There are many scenarios where it is helpful to see who is logging in and out of our site. If you think that you’ve been hacked you can look to see who has logged in, when they did and where they came from. If you are seeing a huge spike in brute force login attempts, you can use the information to develop a blocking strategy. Visibility into which usernames attackers are using during password guessing attacks alerts you to usernames you may need to change. Wordfence Live Traffic monitoring allows us to see:

  • Logins, logouts and who is consuming the most content
  • Traffic from robots, humans, Google crawlers and 404 errors
  • Traffic not shown by Google Analytics and other Javascript loggers
  • Security threats and exploit attempts in real-time
  • Visitor location at the city level and visitor hostname

View Human Visitors

Monitor visits to our site in real time; including where in the world they’re coming from, their IP address, the time of day and time spent on our site. Wordfence Live Traffic monitoring allows us to see:

  • Traffic from robots, humans, Google crawlers and 404 errors
  • Traffic not shown by Google Analytics and other Javascript loggers
  • Security threats and exploit attempts in real-time
  • Visitor location at the city level and visitor hostname

Repair Files

Wordfence uses a source code verification feature to tell you what has changed and help repair hacked files. Backed by cloud servers (over a terabyte of data), Wordfence checks the integrity of our core files, theme files and plugin files against what is stored in the official WordPress repository. Wordfence maintain a record of every WordPress core, theme and plugin file ever released to the official repository to provide this feature. After Wordfence has alerted us to file changes, Wordfence can:

  • See how files have changed, something only Wordfence does
  • Download the original file to compare original to current
  • View and repair the file by overwriting with a pristine, original version

Advanced Comment Spam Filter

Wordfence advanced comment spam filter which provides an additional layer of filtering. The advanced filter does an additional check on the source IP of inbound comments and any URLs that are included. Wordfence reduces spam that is known to slip through traditional filters by:

  • Using advanced heuristics to identify spam comments, like URLs, source IP, and content
  • Using aggregated data to identify comment spammers
  • Giving us the flexibility to change our filter settings

Get Detailed IP Info

We understand more about our visitors for security purposes using the detailed information Wordfence provides about each visitor IP address. Using this information we can decide to let them into our site or block them. Wordfence lets us view detailed IP address information like:

  • Visitor location down to the city level
  • Who the visitor’s Internet Service Provider is
  • History for each IP address showing which pages they have visited
  • Which network an IP address belongs to using our “whois” lookup feature
  • What network an entire IP address belongs to and how to block it

 

Cookies set by the Wordfence plugin

We strives to keep you extra extra secure, but that takes a couple of cookies from the state of the art Wordfence system. To help you understand which cookies our security system has in place to protect your information. Currently our site sets three cookies and we explain what each cookie does, who will have the cookie set, and why the cookie helps secure our site. The following cookies are:

wfwaf-authcookie-(hash):

What it does: This cookie is used by the Wordfence firewall to perform a capability check of the current user before WordPress has been loaded.

Who gets this cookie: This is only set for users that are able to log into WordPress.

How this cookie helps: This cookie allows the Wordfence firewall to detect logged in users and allow them increased access. It also allows Wordfence to detect non-logged in users and restrict their access to secure areas. The cookie also lets the firewall know what level of access a visitor has to help the firewall make smart decisions about who to allow and who to block.

wf_loginalerted_(hash):

What it does: This cookie is used to notify the Wordfence admin when an administrator logs in from a new device or location.

Who gets this cookie: This is only set for administrators.

How this cookie helps: This cookie helps site owners know whether there has been an admin login from a new device or location.

wfCBLBypass:

What it does: Wordfence offers a feature for a site visitor to bypass country blocking by accessing a hidden URL. This cookie helps track who should be allowed to bypass country blocking.

Who gets this cookie: When a hidden URL defined by the site admin is visited, this cookie is set to verify the user can access the site from a country restricted through country blocking. This will be set for anyone who knows the URL that allows bypass of standard country blocking. This cookie is not set for anyone who does not know the hidden URL to bypass country blocking.

How this cookie helps: This cookie gives site owners a way to allow certain users from blocked countries, even though their country has been blocked.

What data breach procedures we have in place

Should our website experience a data breach, Elisa Solomon Jewelry will follow the necessary procedures required.  The breach will be immediately communicated to those users affected by the breach within a timely period of 72 hours. Audit and log systems and state of the art advanced security tools are in place on the site and server structure to be alerted during any suspicious attempts of a breach, and take immediate action to be proactive.  These tools also gives us more timely processing and patching up of possible data breach entry points. 

Updates to Our Privacy Notice

This Privacy Notice may be updated periodically to reflect changes in our personal information practices. Changes to the Privacy Notice will be posted on this page.

Links to Third-Party Sites and Services

For your convenience and information, our Site may provide links to non-Elisa Solomon Jewelry sites, apps and services that may be operated by companies not affiliated with Elisa Solomon Jewelry. These companies may have their own privacy notices or policies, which we strongly suggest you review. We are not responsible for the privacy practices for any non-Elisa Solomon Jewelry sites, apps or services.

Security Disclaimer

Due to the complexity and open nature of the Internet, no transmission of data over the Internet can be 100% secure. There is always a risk that information collected by and/or displayed on the Service may be compromised or accessed notwithstanding the steps we take to secure your information. For example, a third party may unlawfully intercept or access transmissions or private communications, or other users of the Service may abuse or misuse your personal information. Accordingly, you agree that you are providing such information at your own risk.

Notice to European Users

The Data Protection Act puts obligations on users of Personal Information and sets forth principles for its use. One principle states that information must be processed fairly and lawfully. This means that citizens of the European Union are entitled to know how we intend to use Personal Information. Details are publicly available at ico.org.uk

The Data Protection Act does not generally apply to data about limited companies or partnerships, but it does cover personal data relating to sole traders and partnerships. When we receive an application from a business, we may perform a search with a credit reference agency and fraud prevention agency on the individual company directors or partners.

Personal Information may be processed and stored by Elisa Solomon Jewelry or its affiliates, service providers or agents located in the United States and other countries. By providing Personal Information directly to Elisa Solomon Jewelry, you consent to the transfer of such information outside of the European Union and to its storage and use as described herein. Please see more information into our specific providers that is outlined in this privacy page (MailChimp, Facebook, Google, etc.)

 

How to Contact Elisa Solomon Jewelry regarding your privacy concerns and questions

To update your preferences, ask us to remove your information from our mailings lists, submit a request or ask us questions about this Privacy Notice, please email us at Solomon.elisa@gmail.com

If you have questions or comments about our privacy practices, or if you want Elisa Solomon Jewelry to correct your Information or request removal of your information that is stored on our GoDaddy secure servers or our third-parties (MailChimp, Google Cloud Servers, Amazon AWS, Facebook, etc.) please submit your request via message or in writing at:

Elisa Solomon Jewelry

PO Box 335

Wyckoff, NJ 07481

You can view the previous version of our privacy policy here.