Privacy Policy - TheStarStruckCollection

Last Updated: April 29, 2025

StarStruck Brand LLC (doing business as The StarStruck Collection) respects your privacy. This Privacy Policy describes how we collect, use, share, and protect your personal information when you visit or make a purchase from our website at www.thestarstruckcollection.com (“the Site”), or otherwise engage with our services. It also explains your rights and choices under global privacy laws. We are committed to good-faith compliance with major data protection regulations worldwide, including the EU General Data Protection Regulation (GDPR)gdpr.eu, the California Consumer Privacy Act (CCPA) (as amended by CPRA), and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). By accessing or using our Site, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described, please do not use the Site.

We have structured this Policy into clear sections so you can easily find specific information:

Personal Information We Collect
How We Use Your Personal Information
Sharing and Disclosure of Personal Information
Behavioral Advertising and Analytics
Cookies and Tracking Technologies
Data Retention
Data Security and Breach Notification
Your Rights and Choices
Notice to EU/EEA Residents (GDPR)
Notice to California Residents (CCPA)
Notice to Canadian Residents (PIPEDA)
International Data Transfers
Minors’ Privacy
Updates to this Policy
Contact Information

We recommend you read this Policy in full to understand our privacy practices. If you have any questions, please contact us using the information at the end of this Policy.

Personal Information We Collect

“Personal Information” means any information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual. We collect Personal Information from you through various channels, as described below:

Device and Usage Information: When you visit our Site, we automatically collect certain technical information about your device and browsing actions. This includes details like your web browser type and version, IP address, time zone, the pages or products you view, search queries that led you to our Site, and how you interact with the Site (clicks, scrolling, mouse movements, etc). We refer to this automatically collected data as “Device Information.” We collect Device Information using technologies such as:
- Cookies: Small data files placed on your device or browser that often include a unique identifier. We use cookies to remember your preferences and improve your experience. For more information about cookies and how to disable them, you can visit [AllAboutCookies.org][12†L158-L164]. (See Cookies and Tracking Technologies below for more details.)
- Log Files: Records of actions occurring on our Site, which may include IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps. Log file data helps us diagnose server issues and administer the Site.
- Web Beacons and Tags: Small electronic files (also known as clear GIFs, pixel tags, or single-pixel GIFs) that record information about how you browse the Site, such as which emails or links you open. These are used to measure campaign effectiveness and gather usage analytics.
Order and Transaction Information: When you make a purchase or attempt to make a purchase through the Site, we collect information necessary to process the transaction. This “Order Information” includes your name, billing address, shipping address, email address, phone number, payment details (such as credit card number or other payment information), and any other information you provide during checkout. We may also collect information about your orders (e.g. products purchased, special instructions, transaction dates/amounts). If you create an account, we will collect credentials (username, password) and maintain a record of your order history for your convenience.
Communication Information: If you communicate with us via email, contact form, phone, live chat, social media, or otherwise, we collect the information you share. This may include your name, contact details, and the content of your inquiry or message. For example, if you contact customer support or submit questions, feedback, or requests, we will collect and retain those communications. We also collect any preferences you express (such as signing up for newsletters or marketing communications). Phone calls to customer service may be recorded with notice for quality and training purposes.
User-Submitted Content: We may provide opportunities for you to submit content on our Site or through our brand’s social media pages – for instance, product reviews, ratings, testimonials, comments, photos, or other content. Any information you choose to provide in these areas may be collected. Please note: Content you post publicly will be visible to others; do not include information you wish to keep private. We are not responsible for personal data you choose to make public in this way, and this Policy does not apply to information you share publicly at your own discretion.
Behavioral Advertising Data: As you browse and interact with our Site (and sometimes across other websites), we and certain third parties automatically collect data about your online activities to deliver personalized advertisements. This data may include information about your browsing history on our Site, items you viewed or added to cart, demographic estimates, and inferences about your preferences. We may also receive information for advertising purposes from partners (such as an advertising network assigning an identifier to your browser or device). We refer to this as “Behavioral Advertising Data.” It helps us and our partners display products or content that are more relevant to you. (See Behavioral Advertising and Analytics below for how we use this data and your choices.)

In addition to the categories above, we may receive certain personal information from third parties or public sources to the extent permitted by law. For example, if you log in via a social network account or use a third-party payment service, or if we run a joint marketing campaign with another brand, we might receive your information from them. We treat any such information in accordance with this Privacy Policy plus any additional restrictions imposed by the source.

Summary of Categories: For ease of reference, the categories of personal information we may have collected include identifiers (like name, email, IP address), contact details, device and internet activity information, order and payment information, commercial information (purchase history), geolocation data (e.g. approximate location from your IP or chosen currency), and inferences about preferences. Some of this information (such as Device Information and Behavioral Advertising Data) may not identify you directly, but could be linked or linkable to you and so is considered “personal data” in certain jurisdictions (for example, online identifiers can be personal data under GDPR.

We do not collect any sensitive personal information unless necessary for the services (for instance, we do not ask for Social Security numbers, driver’s license, or sensitive characteristics). Payment information (like credit card numbers) is handled via secure third-party processors (see Sharing below) and not stored in plain form on our systems. We also do not intentionally collect any health information or precise geolocation data from our customers.

How We Use Your Personal Information

We use the personal information we collect for the following purposes (reasons) and in reliance on appropriate legal bases (as required under certain laws like GDPR):

To Provide Products and Services: We use Order Information to process and fulfill your orders and transactions, which includes verifying your payment details, arranging shipping or delivery, sending order confirmations and receipts, and communicating with you about your purchase. We need this information to perform our contract with you (to deliver the goods you requested).
Communication and Customer Service: We use your contact and communication information to correspond with you, respond to inquiries, provide customer support, and notify you about important updates or issues regarding the Site or your orders. For example, we may send you service-related emails or messages (e.g. password resets, customer service replies, order status updates). We process this information to effectively serve you and, where applicable, with your consent (for example, when you request information).
Marketing and Promotional Communications: With your consent (where required by law), we may use your email address or other contact info to send you newsletters, promotions, or updates about our new products, exclusive offers and events. We also might use information about your past purchases or browsing to tailor marketing messages that we believe may interest you. You can opt-out of marketing communications at any time (see Your Rights and Choices below). We will only send you marketing emails if you have opted in, or if you made a purchase and have not opted out of receiving such messages, in accordance with applicable laws.
Personalization of User Experience: We use personal information to personalize and improve your experience on our Site. This includes remembering your preferences (like language or currency), showing you content that is relevant to you, and customizing product recommendations. For instance, Device Information and past order data help us display the correct regional settings and suggest items you might like. This processing is in our legitimate interest to enhance our services and your satisfaction.
Analytics and Site Optimization: Device Information and behavioral data are used to understand how our customers use the Site and to improve its design, functionality, and content. For example, we analyze which pages are most frequently visited, how users navigate the site, and what marketing campaigns are effective, so we can optimize site performance and user experience. We may also use this information to debug, identify and fix errors, and monitor usage trends (all of which are in our legitimate business interests to operate a smooth service).
Fraud Detection and Security: We may process personal information (especially Device Information like IP address, and Order Information like billing name/address) to screen for fraud and security risks. This includes using automated systems to detect potentially malicious or fraudulent activity (such as orders flagged for suspicious behavior or multiple failed payment attempts) and using that information to prevent harm to our business and other customers. This processing is based on our legitimate interest in maintaining the security of transactions and the Site, and in some cases to comply with legal obligations (for example, record-keeping for fraud investigations).
Behavioral Advertising: As described in the section below, we use personal data (like cookies and browsing history) to provide you with targeted advertisements or marketing campaigns we believe may be of interest to you. We also use it to measure the effectiveness of our ads. This involves profiling your preferences to some extent, but only to present relevant ads. Where required by law, we will obtain your consent for the use of non-essential cookies or profiling for advertising. You can opt-out of targeted advertising as explained in Behavioral Advertising and Analytics.
Compliance with Legal Requirements: We will use or disclose personal information as necessary to comply with applicable laws, regulations, legal processes, or governmental requests. For example, we may retain and use certain data to meet tax and accounting obligations, fulfill reporting obligations, or respond to a subpoena or court order. If we are under a legal duty to retain data or to release information to law enforcement or regulatory authorities, we will do so. This processing is based on our legal obligations.
Protection of Rights and Interests: We may use personal information where we believe it’s necessary to protect our rights, privacy, safety, or property, and/or that of you or others. This includes enforcing our Terms of Service or other agreements, investigating potential fraud, violations, or security issues, and pursuing available remedies or limiting damages in the event of a dispute.

We will not use your personal information for purposes that are incompatible with those outlined above without notifying you and obtaining your consent when required. If we plan to process personal information for a new purpose, we will update this Privacy Policy and communicate the changes or seek consent as needed.

Sharing and Disclosure of Personal Information

We value your privacy and do not sell your personal information for money. However, we do share your personal information with certain trusted third parties and service providers in order to run our business, as described below. When we share information, we take steps to ensure your data is handled safely and only for legitimate purposes. Key instances of sharing include:

Service Providers (Processors): We share personal information with third-party companies that perform services on our behalf and under our instructions. These service providers assist with various business operations such as:
- Website Hosting & Platform: Our online store is powered by Shopify. This means that information you provide (including Order Information and Device Information) is stored on Shopify’s systems. Shopify processes your personal information to enable our e-commerce functionality (product catalogue, shopping cart, checkout, etc.). We have entered into a data processing agreement with Shopify to ensure your data is protected. You can read more about how Shopify handles personal information in Shopify’s own Privacy Policy.
- Payment Processors: We use secure payment processing services (for example, payment gateways like Shopify Payments, Stripe, PayPal, or credit card acquirers) to handle payment transactions. Your payment details are transmitted directly to these providers and are subject to their privacy and security policies. We only receive limited information from payment processors (such as a confirmation that payment was completed). These third parties are authorized to use your information only as needed to process payments or comply with law.
- Shipping Partners: In order to deliver your orders, we share shipping information (name, shipping address, and in some cases phone/email for delivery updates) with our carriers or postal services (e.g., UPS, FedEx, USPS or other delivery companies). They need this information to transport products to you. We provide only the data required for fulfillment.
- Analytics Providers: We use analytics tools such as Google Analytics to understand Site traffic and usage. Google Analytics may set cookies or use similar technologies to collect Device Information and usage data (see Behavioral Advertising and Analytics below). Google acts as our service provider in this regard, meaning it processes data only on our behalf. However, Google may use aggregated data for its own analytics benchmarking. You can read how Google uses data in its privacy policy and opt out of Google Analytics tracking by using the Google Analytics Opt-out Browser Add-on.
- Advertising Partners: We work with third-party advertising networks (like Google Ads, Facebook/Meta, Instagram, Bing, etc.) to display ads for our products on other websites or platforms. For example, we may have the Facebook Pixel or Google Ads tags on our Site, which allow those companies to collect Behavioral Advertising Data (via cookies or similar) and serve ads to you and others on their networks. These advertising partners act as independent controllers of the personal information they collect (they use the data for their own purposes, e.g., to improve ad targeting across clients), though we endeavor to contractually limit their use of our data to providing services to us. See Behavioral Advertising section for how you can opt out of targeted ads.
Business Transfers: If we are involved in a potential or actual merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your information may be disclosed to the involved parties (e.g., to attorneys, accountants, consultants) and ultimately transferred to a successor or affiliate of StarStruck Brand LLC as part of that transaction. In such cases, we would require that the new entity continues to honor this Privacy Policy or not use your data in a materially different way without notice and consent.
Legal Compliance and Protection: We may disclose personal information to third parties (such as courts, law enforcement, or government agencies) if required to do so by law or if we believe in good faith that such action is necessary to: (i) comply with a legal obligation or respond to lawful requests (e.g., subpoenas, warrants, or court orders), (ii) enforce our Terms of Service or other agreements, (iii) investigate or defend against third-party claims or allegations, (iv) detect, prevent, or otherwise address fraud, security, or technical issues, or (v) protect the rights, property, security, and safety of our company, our customers, or the public. This kind of disclosure may happen with or without notice to you, as permitted by law.
With Your Consent: We will share your personal information with others outside of the above circumstances only with your consent. For example, if you agree to our sharing your information with a partner for their own marketing purposes (an “opt-in”), or if you direct us to share data in a specific way, we will do so in line with that consent. You have the right to withdraw such consent at any time (which will not affect the lawfulness of processing before withdrawal).

Important Disclaimers: When we share your information with service providers and partners, we require them to handle it in accordance with applicable law and only for our specified purposes. However, third parties are independently responsible for their own privacy practices. We do not control the privacy policies of third-party companies (including Shopify, Google, Facebook, etc.) and are not liable for their actions or omissions. We encourage you to review the privacy policies of any third-party services you interact with. In particular, any personal information you provide directly to third parties (not through our Site) is not covered by this Privacy Policy. For example, if you follow a link from our Site to a third-party website, this Policy no longer applies, and your browsing there is subject to that site’s own rules. We make no endorsement or representations regarding third-party websites or services, and we disclaim any liability for their content, security, or privacy practices. Use caution and review their policies before providing your information.

Additionally, we want to clarify that we do not “sell” personal information as traditionally understood (we do not exchange your data for money). We also do not share personal information with third parties for their own direct marketing uses without your consent. In the context of CCPA (California law), “sale” is defined broadly to include some sharing of personal data for advertising benefits. We do not believe our use of analytics and advertising cookies constitutes a “sale” under CCPA because we do not exchange data for money and our vendors use data solely to provide services to us. Nonetheless, we provide California residents the option to opt out of any potential “sale or sharing” of their data (see California Residents (CCPA) below for more information, including how to send Do-Not-Sell requests).

Behavioral Advertising and Analytics

As mentioned, we engage in interest-based advertising (also called online behavioral advertising) to deliver ads that are more likely to be relevant to your interests. Here is how it works and how you can opt out:

Use of Data for Targeted Ads: We, and third-party ad networks and marketing platforms working on our behalf, collect information about your interactions over time and across different websites or online services using cookies, pixels and other tracking technologies. This data allows us to infer your preferences or interests (for example, that you browsed a certain clothing category or product) and serve you ads related to those interests on other sites (like reminding you of items left in your cart or showcasing similar products you might like). We also may use data analytics to find audiences with similar characteristics to our customers (so-called “lookalike” targeting) on advertising platforms. The information used for targeted advertising is mainly Device and Behavioral Advertising Data (as described above), such as device identifiers, cookie data, and browsing/pageview history. We do not share identifying details like your name or contact info with advertisers for them to target you, except to the extent you yourself are using those platforms (for instance, if you’re logged into Google or Facebook, those companies use your profile to decide which ads to show – in that case, the targeting is by them using their data).

Advertising Partners: We use advertising services provided by companies such as:

Google Ads and Google Marketing Platform: which may collect info via Google advertising cookies and identifiers. Google may show you our ads on websites in its advertising network based on your interaction with our Site. You can control personalized ads from Google via your Google Ads Settings.
Facebook/Instagram Ads: which use the Facebook Pixel on our Site to track visits and actions, enabling us to show you ads on Facebook or Instagram (Meta Platforms) tailored to your activity on our Site. Meta may collect or receive information from our Site and use that information to provide measurement services and targeted ads.
Other Networks: We may use other ad networks like Bing Ads (Microsoft Advertising) or others which similarly use tracking to deliver our ads on their network of sites.

These third-party advertisers use their own cookies or tracking technologies to collect information about your online activities and browser habits. They may combine information from our Site with data from other sites to build a profile of your interests for ad targeting. Please note that the data collected by these third parties will be subject to their privacy policies. We do not have access to the raw data they collect via their pixels (we only receive aggregated reports).

Opt-Out Choices for Targeted Advertising: You have several options to limit or opt out of interest-based advertising:

Industry-Wide Opt Outs: Visit the Network Advertising Initiative’s (NAI) consumer opt-out page or the Digital Advertising Alliance (DAA) opt-out portal to opt out of interest-based ads from participating companies. For the DAA in the US, go to optout.aboutads.info. In Europe, you can visit the European Interactive Digital Advertising Alliance (EDAA) site at youronlinechoices.eu to set preferences for European ad networks. These tools usually work by placing an opt-out cookie on your browser to signal your preference. Keep in mind if you clear cookies, you may need to opt out again.
Platform Opt-Outs: Use the privacy settings and opt-out mechanisms provided by individual advertising platforms:
- Google Ads: You can opt out of Google’s personalized ads by visiting Google Ad Settings (you must be logged into your Google account)thestarstruckcollection.com. Google also honors the browser-level Global Privacy Control (GPC) signal as an opt-out of sale/sharing for California residents.
- Facebook Ads: To adjust your ad preferences on Facebook and Instagram, log into your Facebook account and navigate to Settings > Ads Settings, or use the online Facebook opt-out linkthestarstruckcollection.com. There you can control whether you see targeted ads based on data collected from partners like us.
- Bing Ads: To opt out of personalized ads with Microsoft (Bing), visit the Microsoft opt-out pagethestarstruckcollection.com.
Browser or Device Settings: Many web browsers allow you to block third-party cookies or use browser extensions to block trackers. You can adjust your browser settings to delete or prevent cookies (see Cookies and Tracking below). Some browsers and devices also offer “Do Not Track” signals or global privacy control settings. Note: Our Site currently does not respond to the old “Do Not Track” HTTP header by altering its practices, because there is no industry consensus on how to interpret it. However, we will honor any legally recognized browser signal for opt-out where required. For example, if a Global Privacy Control (GPC) signal is detected from a California consumer’s browser, we will treat it as a valid opt-out of sale/sharing request under CCPA.
Mobile Device Opt-Outs: If you receive targeted ads in mobile apps, iOS and Android devices have settings to limit ad tracking. For iOS, you can enable the “Limit Ad Tracking” setting, and for Android, you can opt out of Ads Personalization in Google settings.

Please understand that opting out of targeted advertising does not mean you will no longer see any ads from us. It means that the ads you do see will be contextual (based on the content of the site you’re visiting) or random, rather than tailored to your interests. Also, if you opt out via the methods above, but you have an account with an ad platform (like Google or Facebook), you may need to ensure your preferences are set on that account as well, because the opt-out cookie might not override an authenticated profile’s settings.

We do not control all aspects of cross-site tracking and advertising. If you clear your cookies or use a different device/browser, you might need to renew your opt-out choices. For a comprehensive understanding of how targeted advertising works and your choices, you can visit the Network Advertising Initiative’s educational page titled “Understanding Online Advertising”thestarstruckcollection.com for more information.

Cookies and Tracking Technologies

Cookies are small text files placed on your computer or device when you visit a website. We use cookies and similar tracking technologies to provide and enhance our services. This section explains our use of cookies and your choices.

Why We Use Cookies: We use cookies for several reasons, including:

Essential Functions: Some cookies are necessary for our Site to function properly. For example, they allow you to navigate the site, use the shopping cart, and checkout securely. These are often called “strictly necessary” or “essential” cookies. Without them, basic e-commerce features would not work. Because they are necessary, these cookies are active by default and, in jurisdictions like the EU/UK, do not require your consent.
Preferences: We use cookies to remember your preferences and settings, such as language, currency, items in your cart, or login status. This makes your experience more convenient (for instance, so you don’t have to re-select currency on each visit). These may be first-party cookies set by us.
Analytics and Performance: We use cookies to collect data about how users interact with our Site, which pages are visited, and any errors encountered. This helps us improve our website’s performance and design. For example, we use Google Analytics cookies to analyze site traffic (these cookies might track things like how long you stay on a page, or which site you came from). All data collected for analytics is aggregated and not used to directly identify individuals.
Advertising and Marketing: We and our advertising partners use cookies (and pixel tags) to deliver and measure targeted ads (as described in Behavioral Advertising above). Advertising cookies remember your visit to our site and allow the delivery of ads more relevant to you, limit the number of times you see an ad, and help measure the effectiveness of ad campaigns. These cookies are typically third-party cookies set by the advertising networks (for example, the Google/DoubleClick cookie, the Facebook/Meta cookie).

Cookie Consent Banner: When you first visit our Site, if you are in certain jurisdictions (such as the European Union, UK, or anywhere that requires it), you will see a cookie consent banner. This banner informs you about our use of cookies and asks for your consent to set non-essential cookies (like analytics and advertising cookies). You have the option to accept all cookies or manage your cookie preferences. We will not set non-essential cookies on your browser without your consent where law requires it. If you choose to reject certain cookies, the Site will honor that choice (except for essential cookies which cannot be turned off). Even if not required by law, we believe in being transparent about cookies, so we provide this banner globally to all users to the extent feasible.

Managing Cookies: You have the right to decide whether to accept or reject cookies (aside from the strictly necessary ones). Here are ways you can manage cookies:

Browser Settings: Most web browsers allow you to refuse or delete cookies via settings. You can usually find these settings in the “Options” or “Preferences” menu of your browser. Note that disabling cookies may affect the functionality of our Site – for example, blocking all cookies might prevent the shopping cart from working. It’s often possible to allow essential cookies but block others. Check your browser’s help documentation for how to modify cookie handling.
Third-Party Opt-Outs: As discussed in the Behavioral Advertising section, you can opt out of certain cookies set by advertising partners by using industry opt-out sites (NAI, DAA, etc.). Also, Google provides a tool to opt out of Google Analytics cookies (the browser add-on mentioned above), which prevents Google Analytics JavaScript from running.
Cookie Preferences Tool: If our Site offers a “Cookie Settings” or preferences manager (often accessible via the cookie banner or a link in the Site’s footer labeled “Cookie Preferences” or “Privacy Settings”), you can use that to adjust which categories of cookies are allowed. This is the easiest way to withdraw or grant consent for specific cookie types after your initial choice.
Do Not Track: As noted, we currently don’t respond to the legacy Do Not Track signal by disabling cookies, because of lack of standard. Use the provided tools above for cookie management.

Note: If you block or delete cookies, not all the tracking described in this Policy will completely stop. For example, blocking cookies will stop the placement of new cookies, but it might not remove existing ones unless you clear them. Also, technologies like pixels are not stored on your computer, so even if you disable cookies, tracking via pixels can still record a visit (though without a cookie ID, it’s less personalized). We continue to assess and implement appropriate consent and preference mechanisms as regulations evolve (e.g., the ePrivacy Directive/Regulation in the EU sets rules for cookies which we aim to follow.

For more detailed information about cookies, including how to see what cookies have been set on your device and how to manage or delete them, you can visit websites like AllAboutCookies or YourOnlineChoices (for EU users). These are external resources that provide general guidance on cookie practices.

Data Retention

We will retain your personal information only for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The exact duration we keep data depends on the type of information and the context in which it was collected:

Order and Transaction Data: When you make a purchase, we will maintain your Order Information in our records as long as needed to provide the products and services you requested, and for internal record-keeping. This typically means we keep purchase records for the life of your account or as long as needed to manage any warranty, returns, or customer service issues related to the order. Additionally, even if you request deletion, we may retain certain Order Information for the duration required by law (for example, for tax and financial reporting, typically 7 years in many jurisdictions) or for our legitimate business purposes such as handling chargebacks or legal claims. We securely archive older transaction records and restrict access to those unless necessary.
Account Information: If you create an online account with us, we will keep your account profile information until you deactivate your account or request deletion. Inactive accounts may be removed or anonymized after a prolonged period of inactivity, in accordance with our data retention policy, but we do not do this on a short-term basis without notice. If you ask to delete your account, we will do so (after verifying your identity and resolving any pending transactions), but may retain certain information as required (similar to order data as noted above).
Communication Records: Correspondence you send us (emails, customer support inquiries) may be retained as long as necessary to address your query and as required by our customer service policies. We often keep customer service emails for a period (e.g., 1-2 years) in case you have follow-up questions or to improve our support processes. If you unsubscribe from marketing emails, we will keep your email address on a suppression list indefinitely to ensure we do not accidentally re-add you (unless you later resubscribe).
Behavioral and Analytics Data: We typically retain analytics data and web logs for a certain period for trend analysis and security (for example, raw website logs may be kept for a few months before deletion; aggregated analytics reports may be stored longer). Cookie data is retained according to the cookie’s set expiration (some advertising cookies may persist up to 1-2 years unless cleared, whereas session cookies expire when you close your browser). We honor user choices like cookie opt-outs, so if you opt out of a certain cookie, we will (to the extent we control it) delete or anonymize data associated with that cookie where feasible. Data used for behavioral advertising is generally maintained only as long as we advertise to you, and then either deleted or anonymized.
Legal Retention: We may also retain personal information for longer if required by law or to resolve disputes. For example, if we receive a legal hold or relate to litigation, we will retain relevant data until the issue is resolved. Also, we keep information as needed to enforce our agreements or to comply with our legal obligations (such as records of consent, opt-out requests, and privacy requests).

When we no longer have a legitimate need or legal obligation to keep your personal information, we will securely dispose of it. This may involve deleting it, anonymizing or aggregating it (so it no longer can be associated with you), or isolating it from active use (archiving) until deletion is possible. We use secure destruction methods appropriate to the sensitivity of the information. For example, electronic files may be permanently erased, and physical documents securely shredded.

Please note that backup copies of data might persist for a short time in our backup systems. If we delete your data from our active systems, it’s possible it could remain in encrypted backups for a period until those backups are rotated out — during which time it will not be used except for disaster recovery.

In summary, unless otherwise required or permitted by law, if you request that we delete your personal information, we will take reasonable steps to erase it and will not use it further, aside from retaining whatever is necessary for legal compliance, resolving disputes, or enforcing our agreements.

Data Security and Breach Notification

We take data security seriously and implement a variety of technical and organizational measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. Our security measures include, but are not limited to:

Encryption: Our Site uses Secure Sockets Layer (SSL)/Transport Layer Security (TLS) technology to encrypt data in transit. This means that the information you enter (such as personal details or payment info) is encrypted before being transmitted over the internet. You can verify this by looking for “https” and the padlock icon in your browser’s address bar on our checkout and account pages. Sensitive payment data is handled by PCI-DSS compliant payment processors who tokenize or encrypt card information.
Access Controls: We limit access to personal data to employees and service providers who have a need to know such information for the purposes described in this Policy. Those who process personal information are subject to confidentiality obligations. We use authentication and authorization controls on our systems, and we segment data to restrict access (for example, administrative access to systems that store customer data is granted only to trained personnel).
Network & System Security: We maintain firewalls and intrusion detection systems to guard our network. We keep our software, website platform, and servers updated with security patches to reduce vulnerabilities. Our hosting is provided by reputable providers (such as Shopify’s secure infrastructure) with robust security protocols. We conduct periodic security assessments and monitoring to detect and address potential security threats.
Risk Management: We have procedures for identifying and managing data security risks. This includes regular training for our staff on privacy and security best practices, and incident response planning. We also require our service providers to adhere to appropriate security standards.

Despite our efforts, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security of your data. While we strive to protect your personal information, you transmit information to us at your own risk. It is important for you to also play a role in keeping your data secure. We encourage you to use unique and strong passwords for any accounts and to keep those passwords confidential. If you suspect any unauthorized access or misuse of your account or personal information, please contact us immediately.

In the event of a data breach that affects your personal information, we will act promptly to identify the cause and remediate the issue. We have a Data Breach Response Plan in place. If a breach is likely to result in a high risk to your rights and freedoms (for example, risk of identity theft, fraud, or financial harm), we will notify you and any applicable supervisory authorities within the timeframe required by law. For instance, under the GDPR we would notify the relevant data protection authority without undue delay (within 72 hours where feasible) and communicate to affected individuals when required by Article 34 GDPR. Similarly, for California residents, we will comply with state breach notification laws (e.g., California Civil Code §1798.82) which may require notice to you in writing in case of certain security incidents. Our notification to you will include, to the extent we know, details about what happened, what data was involved, what we are doing in response, and any steps you can take to protect yourself. We may notify you via email, letter, phone, or conspicuous notice on our Site, depending on legal requirements.

Please be aware that while we work hard to safeguard your information, no security program is infallible. We therefore disclaim liability for unauthorized or unlawful access to personal information, as long as we have exercised reasonable care in protecting it. In plain terms, we will do our best to prevent breaches and to notify you if one occurs, but we are not liable for the acts of cybercriminals or other third parties who gain access through no fault of our own. That said, if you have reason to believe that your data is no longer secure with us (for example, if you feel your account has been compromised), please immediately notify us so that we can take appropriate measures.

Your Rights and Choices

You have rights regarding your personal information and several choices about how we use and disclose it. We strive to honor the rights of individuals globally, and we provide mechanisms for you to exercise these rights. These include:

Right to Access: You have the right to request access to the personal information we hold about you and to obtain information about how we process it. This is sometimes called a “Data Subject Access Request.” We will provide you with a copy of your personal data in a commonly used format, if required by law (subject to some exceptions). For example, EU residents have the right to receive a copy of data per Article 15 GDPR, and California residents have the right to request the categories and specific pieces of personal information we have collected (the “Right to Know” under CCPA)oag.ca.gov.
Right to Rectification (Correction): You have the right to request that we correct or update any inaccurate or incomplete personal information that we have about you. If you believe any of your information in our records is incorrect, please let us know. For instance, you can ask us to correct a misspelled name or update an outdated email address. We may need to verify the new data you provide, but we will correct bona fide inaccuracies.
Right to Deletion: You have the right to request deletion of your personal information, also known as the “Right to be Forgotten.” Upon your request (or under circumstances where deletion is required by law), we will erase your personal data from our records, provided there is no lawful reason for us to retain it. Do note that certain data we may need to keep for a period of time (see Data Retention above) due to legal obligations or our legitimate interests (e.g., prevention of fraud or record-keeping requirements). If those exceptions apply, we will inform you in our response. California residents specifically have the right to request deletion of personal info we collected from them (with certain exceptions)oag.ca.gov, and we will direct our service providers to delete your info as well, as required by CCPA.
Right to Portability: In some cases, you have the right to receive the personal information you have provided to us in a structured, commonly used, and machine-readable format, and to have that information transmitted to another organization where technically feasible. This right, called “data portability,” applies when processing is based on your consent or on a contract with you and is carried out by automated means (as in GDPR Article 20). If you request it and the conditions apply, we will provide you a digital file of your data or transmit it to an entity you designate, if possible. For example, you could ask us to export your account data for your own reuse.
Right to Restrict Processing: You have the right to request that we restrict or suspend the processing of your personal information in certain circumstances. For example, if you contest the accuracy of data, you can request we pause processing (other than simply storing it) until we verify and update it. Or if you object to processing based on our legitimate interests, you can request restriction pending review. When processing is restricted, we will still store your data, but not use it further until the restriction is lifted (unless for legal claims or important reasons).
Right to Object: You have the right to object to our processing of your personal information in certain situations. Direct Marketing – You can always object to or opt-out of our use of your data for direct marketing purposes. If you no longer wish to receive marketing emails or SMS from us, you can click the “unsubscribe” link in an email or reply “STOP” to an SMS, or contact us to be removed from our marketing lists. We will honor those requests promptly. Legitimate Interests – If we are processing your data based on legitimate interests (see the How We Use section), you have the right to object to that processing if you feel it impacts your rights. If you lodge an objection, we will consider whether our legitimate grounds override your rights and freedoms, and we will cease processing unless we have compelling grounds or need to continue for legal reasons. For example, you can object to profiling for marketing, and we will then stop that processing.
Right to Withdraw Consent: Where we rely on your consent to process personal information (such as for sending promotional emails or for using certain cookies), you have the right to withdraw your consent at any time. Withdrawal will not affect past processing (when we had consent) but will apply going forward. For instance, you can withdraw consent by unsubscribing from a newsletter, or by changing your cookie settings to refuse analytics cookies. If you withdraw consent for a specific purpose, we will stop the processing for that purpose (assuming no other lawful basis applies).
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. This means we won’t deny you goods or services, charge you different prices, or provide a different level of quality just because you exercised your rights under applicable law. For example, if you request deletion of your data, we will not refuse to honor your orders or impose penalties. (However, note that if deletion of certain data makes it impossible to provide a service, such as delivering a product, we may have to cancel that transaction – but we will not otherwise punish you for the request.) California law specifically mandates nondiscrimination for CCPA rights, and we apply this principle to all users.
Right to Lodge a Complaint: If you have a concern or complaint about our privacy practices, please contact us first so we can try to resolve it. However, you also have the right to lodge a complaint with a supervisory authority or regulator. For example, EU residents can complain to their country’s Data Protection Authority (DPA) or the lead DPA for our processing (if one is designated). Canadian residents can complain to the Office of the Privacy Commissioner of Canada (OPC). California residents can contact the California Attorney General’s office. We have provided region-specific information below. We would appreciate the chance to address your concerns directly before you do this, so please consider reaching out to us.

These rights may vary depending on your jurisdiction. For instance, GDPR provides the full set of rights listed above to EU individuals. CCPA provides California consumers rights to know, delete, correct, opt-out, and non-discrimination (as described below). PIPEDA provides Canadians the right to access and challenge accuracy of their personal information. We extend, as a courtesy, many of these rights to all our customers where feasible, regardless of location, because we believe you should have control over your data. However, if you are not in a jurisdiction where a certain right is provided, we reserve the right to handle the request in accordance with applicable law.

How to Exercise Your Rights: To make any request regarding your personal information (access, correction, deletion, etc.), please contact us using the contact information in the Contact section at the end of this Policy. Please clearly describe your request – for example, “I am requesting a copy of my personal data” or “Please delete my account and all associated personal information.” For your privacy and security, we will need to verify your identity before fulfilling a request. We may ask you to provide information that matches what we have on file (such as confirming your name, recent order, email address, or other details) or to take certain actions from your account email/phone to validate the request. For substantial requests, we may also require a signed request or government ID (only to verify identity, which we will then delete). If you have an authorized agent making a request on your behalf (per California law, for instance), we will need written proof of the agent’s authority and still verify you (unless the agent has power of attorney).

We will respond to your request within the timeframe required by law. For example, GDPR requires response within one month, and CCPA within 45 days (with a possible 45-day extension). Our goal is to respond much sooner, but the exact time may depend on the complexity of the request and our current volume. If we need an extension, we will inform you of the reason and extension period. Responses to access requests will generally be provided in writing, usually electronically (via email). If we cannot fulfill your request, we will explain the reasons (for instance, if the request is unduly repetitive or vexatious, or if it conflicts with legal obligations).

We do not typically charge a fee for fulfilling rights requests. However, if a request is manifestly unfounded or excessive (for example, repetitive requests), we may charge a reasonable fee or refuse to act on it, as permitted by law. We will never charge for requests under CCPA.

Finally, note that if you request deletion or object to certain processing, it may affect our ability to provide you with some services. For example, if you ask us to delete all your Order Information, we will not be able to process any returns or warranty claims for past purchases. We will inform you if such impacts apply so you can make an informed decision.

Notice to EU/EEA Residents (GDPR)

If you are located in the European Union, European Economic Area (EEA), or United Kingdom, you have certain additional rights and information under the GDPR (and the UK GDPR) that we provide here. For GDPR purposes, StarStruck Brand LLC is the “data controller” of your personal information.

Legal Bases for Processing: The GDPR requires us to inform you of the legal bases for our processing of your personal data. We generally rely on one of the following bases:

Performance of a Contract: When we process personal data to fulfill a purchase or provide a service you requested (e.g., delivering an order, or administering an account), we do so on the basis that it is necessary for the performance of the contract between us. If you refuse to provide information needed to perform the contract (like shipping address or payment info), we may not be able to complete your transaction.
Consent: We process certain data based on your consent. For example, sending marketing emails, or using non-essential cookies or similar technologies on your device (where required by law) is done with your consent. You have the right to withdraw consent at any time (see Your Rights above), which will not affect processing already done but will stop future processing.
Legitimate Interests: We process some personal data for purposes of our legitimate interests (or those of third parties) provided that those interests are not overridden by your data protection rights. We have a legitimate interest in understanding our customers, improving our services, preventing fraud, and marketing our products. For instance, processing Device Information to improve website performance or to secure our Site is within our legitimate interests. When we rely on this basis, we carefully consider and balance any potential impact on your rights. You have the right to object to processing based on legitimate interests (see Your Rights above).
Legal Obligation: In some cases, we need to process personal data to comply with a legal obligation, such as keeping proper business records, honoring your data rights, or responding to lawful requests by authorities. If law requires us to collect certain data (for example, recordkeeping for tax), we will do so.
Vital Interests/Public Interest: These bases are less likely to apply. “Vital interests” would cover processing to protect someone’s life (e.g., in a life-threatening situation), which is not typical for our operations. “Public interest” processing is usually relevant for government or research, which we do not perform. We will notify you if these ever apply.

EU Data Privacy Rights: As detailed in Your Rights above, EU/EEA individuals have the right to access, rectify, erase, restrict, or object to processing of their data, as well as the right to data portability and to not be subject to certain automated decision-making. We respect all these rights. If you are in the EU/EEA and have an issue with how we handle your data, you also have the right to lodge a complaint with your national Data Protection Authority (DPA). You can find your DPA’s contact information on the European Data Protection Board’s website. For UK residents, you may contact the UK Information Commissioner’s Office (ICO). We welcome the opportunity to address your concerns directly first, so please consider reaching out to us.

International Transfers: When you provide information to us, it will be transferred to and processed in the United States (where our company is based) and possibly other countries (for example, if our service providers are located outside the EU). The US and these other countries may not have the same level of data protection laws as your home country. The European Commission has determined that the US does not currently provide an adequate level of data protection on a blanket basis (especially after the invalidation of the EU–US Privacy Shield). As a result, we rely on appropriate safeguards for transfers of personal data from the EU/EEA to the US and other countries, as permitted by GDPR Articles 45 and 46. In practice, this means:

We use Standard Contractual Clauses (SCCs): For transfers to our service providers (like Shopify, which as a processor for our store, is a Canadian company with US servers), we have agreements in place incorporating the European Commission’s approved Standard Contractual Clauses. These clauses contractually require the recipient to protect EU personal data to EU standards. Shopify’s Data Processing Addendum, for example, includes SCCs to cover EU data it processes, and Shopify also employs other measures like encryption and a robust security program.
Additional Safeguards: We also ensure, where possible, that data is encrypted in transit and at rest, and that our partners have strong security practices. Where appropriate, we may also conduct Data Transfer Impact Assessments and take supplementary measures (like pseudonymization) to protect data in transit.
Derogations (if applicable): In limited cases, we might rely on GDPR derogations (exceptions) for specific transfers – for example, if a transfer is necessary to perform a contract with you (like to fulfill an international order) or with your explicit consent. But our general practice is to rely on SCCs and similar frameworks for routine transfers.

By using our Site and providing information, EU/EEA users acknowledge that their personal data will be transferred to the US and other jurisdictions as described. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

If you have questions about our data transfer practices or want more information about the appropriate safeguards, please contact us. We can provide copies of relevant contractual terms under which your data is transferred (some portions may be redacted for confidentiality).

Representative: If required by GDPR, we will designate an EU representative in one of the EU member states. (At present, due to the scale and occasional nature of our EU processing, we have not appointed a dedicated EU representative. We will update this Policy if that changes.) Regardless, EU individuals can always reach us directly using the contact details below.

Notice to California Residents (CCPA)

If you are a resident of California, you have specific privacy rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). This section explains those rights and disclosures required by California law. It applies solely to California residents and is intended to supplement the information elsewhere in this Privacy Policy.

Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information (as defined by CCPA) about California consumers:

Identifiers: e.g., name, postal address, IP address, email address, phone number, and unique online identifiers (such as cookie IDs).
Customer Records Information: e.g., payment card numbers or other financial information (when you make a purchase), billing/shipping address, which is information described in Cal. Civ. Code §1798.80(e).
Commercial Information: e.g., records of products purchased, obtained or considered, order histories, and spending amounts.
Internet or Other Electronic Network Activity: e.g., browsing history, search history, and interactions with our Site or advertisements (this includes analytics data and Behavioral Advertising Data described above).
Geolocation Data: e.g., approximate location derived from IP address (which might indicate city or region). We do not track precise GPS location.
Audio/Visual Data: e.g., recordings of customer service calls if we notify you of recording. (We currently do not record calls, but mention this for completeness if it occurs).
Inferences: e.g., profile inferences drawn from the above data (preferences, characteristics, behavior, such as inferring your fashion preferences or interests).

We do not collect or process sensitive personal information for purposes of inferring characteristics. The only data that might fall under “sensitive personal information” (as defined in CPRA) that we collect is payment information (card details), which is used only to process transactions and not for any secondary purpose. We do not collect sensitive information like Social Security numbers, driver’s license or state ID numbers, full account passwords, precise geolocation, racial or ethnic origin, health, or biometric data.

Categories of Sources: We collect personal information directly from you (e.g., when you make a purchase or create an account), automatically through your interactions with our Site (via cookies and logs), and indirectly from service providers or partners (e.g., analytics or ad providers, or if you use a social login feature).

Business or Commercial Purposes for Collection: We collect or use personal information for the business and commercial purposes described in the “How We Use Your Personal Information” section of this Policy. In summary, these purposes include: fulfilling orders and transactions, providing customer service, verifying customer information, marketing and advertising, analytics, improving our services, fraud prevention, and compliance with legal obligations.

Disclosure of Personal Information: In the past 12 months, we have disclosed the above categories of personal information to third parties for our business or commercial purposes. The categories of third parties to whom we disclosed information (corresponding to each category of PI) include: our service providers (e.g., payment processors, Shopify platform, IT support, shipping carriers – who fall under “service provider” or “contractor” definitions of CCPA), analytics providers (e.g., Google Analytics), advertising partners (e.g., Facebook, Google Ads, which may be considered third parties or service providers as per our contracts), and other recipients as needed for legal compliance or business transfers. We have not sold personal information to third parties for monetary consideration. We have also not knowingly sold or shared (for targeted advertising) the personal information of minors under 16 years of age.

“Sale” and “Sharing” of Personal Information: Under CCPA’s broad definitions, “sale” includes selling, renting, releasing, disclosing, disseminating, making available, or transferring personal information to another business or third party for monetary or other valuable consideration. “Sharing” is defined as disclosing personal info to a third party for cross-context behavioral advertising (targeted advertising) for the benefit of a business. We do not sell your personal information for money. We do engage in some targeted advertising as described, which could be considered “sharing” under CCPA’s definition. To the extent our use of third-party advertising cookies or pixels on the Site is considered a “sale” or “sharing” of personal info (because it may involve third-party advertising companies getting access to identifiers and usage data to show ads), California residents have the right to opt out of that. We explain how you can exercise that right below.

Your California Privacy Rights: Under CCPA/CPRA, California residents have the following rights:

Right to Know: You have the right to request that we disclose to you the specific pieces of personal information we have collected about you in the 12 months preceding your request, and to get information about our data practices. This includes the categories of personal information we collected, the categories of sources, the business or commercial purposes for collecting (or selling/sharing) the information, the categories of third parties with whom we disclosed the information, and the categories of information (if any) we sold or sharedoag.ca.gov. Much of this information is provided in this Privacy Policy. Upon verification of a valid request, we will provide the specific information in a portable format (unless doing so is impossible or unduly burdensome). Please note you may request this information up to twice in a 12-month period as per CCPA.
Right to Delete: You have the right to request that we delete any personal information we collected from you and retained, subject to certain exceptionsoag.ca.gov. Once we receive and confirm a verifiable deletion request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. CCPA allows certain exceptions – for example, we may retain data needed to complete the transaction for which it was collected, detect security incidents, comply with legal obligations, or other reasons outlined in the law. We will inform you if any such exception applies when responding to your request.
Right to Correct: Under the CPRA amendments, you have the right to request correction of inaccurate personal information that we maintain about youoag.ca.govoag.ca.gov. Upon receiving a verifiable request, we will use commercially reasonable efforts to correct the inaccurate information (considering the nature of the information and purpose of processing). In some cases, we may instead delete the contested information if correction is not feasible and if acceptable under law.
Right to Opt-Out of Sale or Sharing: You have the right to opt out of the sale of your personal information or the sharing of your personal information for cross-context behavioral advertising. As noted, while we do not sell data for money, we do allow certain third-party cookies that might be considered a “sale/sharing” under CCPA. If you are a California resident, you can exercise your opt-out right by using the following methods:
- Global Privacy Control (GPC): We honor the GPC signal. If our website detects a GPC signal from your browser (which is a browser setting that indicates you want to opt out of data sales/sharing), we will treat it as a valid opt-out request for your device or browser going forward.
- Do Not Sell My Info: You may also contact us via email at starstruckclothing@icloud.com with the subject “CCPA Do Not Sell Opt-Out” and provide your name, and relevant identifiers (like email or cookie ID if known) and we will manually opt you out of any sale/sharing of data linked to you. If we have a cookie management tool or link on the Site labeled “Do Not Sell or Share My Personal Information”, you can click that and set your preferences, which will opt out of advertising cookies.
- Advertising Cookies: Additionally, you can follow the cookie opt-out steps in the Behavioral Advertising section above (such as using the industry opt-outs or browser controls). While those methods are not specific to CCPA, they achieve the effect of opting you out of targeted ads.
Once you opt out, we will not sell or share your personal information unless you later provide consent allowing us to do so. If you opt out by GPC or via our site settings, the opt-out will be linked to your browser via cookies; if you clear cookies, the signal may be lost, so using GPC (which is persistent in the browser) is recommended.
Right to Limit Use of Sensitive Personal Information: The CPRA gives consumers the right to limit how businesses use and disclose “sensitive personal information” if it is used for purposes beyond what’s necessary to provide goods or services. As noted, we do not use sensitive personal information (like payment details) for any purpose other than fulfilling your order (which is considered necessary). We do not collect or use sensitive data for inferring characteristics or for any secondary purpose that would trigger the right to limit. Therefore, this right is not applicable to our practices at this time. If in the future we engage in such processing, we will provide a clear “Limit Use of Sensitive Info” link and option.
Right of No Retaliation/Non-Discrimination: You have the right not to receive discriminatory treatment by us for the exercise of your CCPA privacy rights. In other words, as stated in Your Rights, we will not deny you service, charge you different prices, or provide a different level of service just because you exercised your rights under CCPAoag.ca.gov. If you have legitimately exercised your privacy rights, we will continue to treat you equally. However, if deletion of certain data means we cannot provide a certain service (for example, if you ask us to delete your account entirely, we cannot very well continue to provide account services), that is a logical consequence and not discrimination. We may also offer financial incentives (like discounts or rewards) in exchange for personal information (e.g., an email sign-up discount), but those programs will have separate terms and require opt-in consent, and we will ensure they are permitted by CCPA (and you can opt out of them at any time without losing other services).

Submitting Requests: If you are a California resident and wish to exercise your Right to Know, Delete, or Correct, you (or your authorized agent) may submit a request to us by contacting us at starstruckclothing@icloud.com or calling us at +1 602-800-8900 (toll-free number, if required). Please specify that you are making a “California CCPA Request” and describe whether it is a request to know, delete, or correct. We will need to verify your identity to process requests (to ensure we are providing data to the right person or deleting the right account). The verification procedure may involve matching information you provide with our records and/or asking for additional confirmation. For a request to know or delete, we are required to verify identity to a “reasonable degree of certainty” or “reasonably high degree” depending on sensitivity of data (meaning we may ask for at least 2-3 pieces of info to match our records). For authorized agents, we require proof of written permission from you and we may still verify you directly.

We will acknowledge receipt of your request within 10 business days and provide information on how we will process it. We aim to respond substantively within 45 calendar days. If we need more time (up to an additional 45 days, totaling 90 days), we will let you know the reason for the delay. Any disclosures we provide will cover the 12-month period preceding your request, or per law, beyond 12 months if you request data collected after January 1, 2022 (CPRA allows requesting beyond 12 months for data collected after that date, unless it proves impossible or would require disproportionate effort, in which case we will only provide 12 months of data).

For a Right to Know request, we will either provide the information requested or explain if we cannot (due to an exemption). For deletion requests, we will either confirm deletion or explain what we have retained and why (if an exemption applies). For correction, we will confirm we have corrected the info or that we have no records matching what you want corrected (or need more info).

California “Shine the Light” Law: Separately from CCPA, California Civil Code §1798.83 (known as the “Shine the Light” law) allows customers to request certain information about our disclosure of personal information to third parties for their direct marketing purposes in the preceding calendar year. We do not disclose personal information to unaffiliated third parties for their own direct marketing use without your consent. Therefore, we believe we have no disclosure obligations under that law. If you are a California resident and wish to inquire about any such potential sharing, you can contact us as well. We will provide the required information if applicable or confirm that we do not engage in such sharing.

Notice to Canadian Residents (PIPEDA)

If you are located in Canada, the collection, use, and disclosure of your personal information are governed by Canada’s federal Personal Information Protection and Electronic Documents Act (PIPEDA) and/or equivalent provincial private sector privacy laws (if applicable). We are committed to handling personal information in accordance with PIPEDA’s principles, which include accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.

We wish to highlight the following for Canadian users:

Consent: By providing us with personal information, you consent to our collection, use, and disclosure of that information as described in this Privacy Policy. We will generally seek your consent at the time of collection or when doing a new activity with your data. In certain cases, your consent may be implied (for example, when you provide your address to ship a product, it’s implied we can use it for that purpose). You have the right to withdraw your consent at any time, subject to legal or contractual restrictions (and with reasonable notice). To withdraw consent, contact us. We will inform you of the implications of withdrawing consent (for example, we cannot fulfill an order without your shipping info).
Access and Correction: You have the right to request access to the personal information we hold about you and to request corrections for any inaccuracies. Upon written request and authentication of identity, we will provide you with your personal information under our control, information about its use and disclosures, and allow you to challenge the accuracy and completeness of your information and have it amended as appropriate. We may not be able to provide information that is subject to legal privilege, contains personal information of others, or if it cannot be disclosed for legal reasons. If we cannot provide certain information, we will let you know the reasons (unless prohibited). We will respond to access requests within a reasonable time (generally within 30 days) and at minimal or no cost to you (no fee for initial request; if you require additional copies or the request is excessive, we will advise of any cost before proceeding).
Data Storage and Transfers: Personal information of Canadian users will be transferred to and stored on servers in the United States (and possibly other countries) as described under International Data Transfers. Canadian privacy laws require that we notify you that your data may be accessible to law enforcement and national security authorities in those foreign jurisdictions. For example, data stored in the U.S. may be accessible to U.S. authorities under U.S. law. By using our services, you consent to this transfer and understand the associated risks. We will protect that information with appropriate safeguards no matter where it is processed, in line with this Policy.
Safeguards: We protect personal information with security safeguards appropriate to the sensitivity of the information, as detailed in Data Security above. This includes physical, organizational, and technological measures. In the unlikely event of a security breach involving your personal information that poses a real risk of significant harm, we will notify you and the Privacy Commissioner of Canada (and any relevant provincial Privacy Commissioners) as required by law.
Challenging Compliance: If you have inquiries or concerns about our privacy practices, or if you wish to make a complaint, you may contact our Privacy Officer (see Contact Information below). We will investigate all complaints and respond as soon as possible. If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada (OPC) or your provincial privacy commissioner (if applicable, e.g., Alberta, British Columbia, Quebec have private-sector privacy laws and regulators). The OPC’s website (priv.gc.ca) provides information on how to file a complaint.

We will not refuse you products or services if you choose to exercise your privacy rights or file a complaint. We are accountable for the personal information under our control and have designated personnel who are responsible for ensuring compliance with PIPEDA principles. Any questions about our compliance or this Policy can be directed to us as outlined below.

International Data Transfers

StarStruck Brand LLC is headquartered in the United States, and our Site is operated from the U.S. If you are accessing our services from outside the United States, be aware that your personal information will likely be transferred to, stored in, and processed in the United States and other countries. These countries (including the US) may not have the same level of data protection laws as your home country. However, we take steps to ensure that your privacy is protected consistent with this Policy wherever your data is processed.

Jurisdiction of Processing: The personal information that we collect from you may be transferred to and processed by third parties mentioned in the Sharing section that are located in countries other than your own. For example, if you are in the EU or Canada, your data will likely be transferred to the US (where our servers and many of our service providers are). It might also go to other jurisdictions: our platform provider (Shopify) is Canadian with servers globally; our payment processors might route data worldwide; our email service or other software might use cloud servers in the US or EU.

Safeguards: When we transfer personal data internationally, we will do so in accordance with applicable privacy laws. As noted in the GDPR section, for personal data originating from the EU/EEA, we rely on Standard Contractual Clauses or other approved mechanisms. For data from Canada, we ensure that recipients provide a comparable level of protection as required by Canadian law (which may involve similar contractual agreements). For data from other countries, we comply with their requirements for cross-border transfer (e.g., for UK, we use UK-approved SCCs; for Switzerland, Swiss-U.S. safeguards; for other countries, we ensure compliance or secure consent as needed).

By using our Site or providing us personal information, you consent to the transfer of information to the United States or any other country in which we or our affiliates, partners, or service providers maintain facilities, subject to applicable laws and the provisions of this Policy. We understand this is a big step for trust, and we do not take it lightly – we will handle your data with care no matter where it is processed.

However, it is important to note that different countries have different laws. Your information may become subject to the laws of the country(s) in which it is transferred. For instance, information stored in the US may be accessed by US law enforcement or governmental agencies under lawful orders (such as under the Patriot Act, FISA, etc.). Similarly, if our data is stored in Canada or the EU, local authorities could access it under local laws. While this is generally unlikely to affect typical customer data, we want you to be aware of this possibility.

If you do not want your information transferred to other countries or outside of your country of residence, please do not use our Site or services. By transacting with us, you explicitly acknowledge and agree to such transfer.

We will update this section if we join or comply with any official cross-border frameworks (for example, if a new EU–US data transfer framework or Privacy Shield successor comes into effect and we certify to it). As of the date above, we rely on contractual and legal methods as described.

Minors’ Privacy

Protecting the privacy of minors is especially important. Our Site and services are not intended for individuals under the age of 18, and we do not knowingly collect personal information from anyone under 13 years of age. If you are under 18, you should use the Site only with the involvement of a parent or guardian. If you are under 13, please do not provide any personal information to us – we explicitly request that children under 13 not use or submit information through our Site.

We do not target our products or services toward children, and we do not knowingly allow minors under 18 to make purchases without parental consent. By using this Site, you represent that you are at least 18 (or that you are using the Site under the supervision of a parent or guardian who agrees to this Policy).

If we learn that we have inadvertently collected personal information from a child under 13 (or under the applicable age of consent in certain jurisdictions, which may be 16 for the EU in some cases), we will take immediate steps to delete such information from our records. For example, if a child under 13 were to sign up for a newsletter with their email, and we realize their age, we would remove that email from our list.

If you are a parent or guardian and you believe that your child under the age of 13 (or relevant age) has provided us with personal information, please contact us immediately (see Contact Information below). We will work promptly to identify and delete that information.

We also want to note that we do not knowingly “sell” personal information of minors under 16 (as defined under CCPA). If a minor between 13 and 16 years old uses the Site (contrary to our intended use) and somehow interacts with cookies or provides data, we will honor opt-out signals and ensure no data is sold or shared if we become aware of the user’s age.

In summary, our policy is that individuals under 18 should not use the Site without permission and supervision, and those under 13 should not use it at all. We discourage minors from engaging with our brand online except through parent-controlled channels. We are not liable for any unauthorized use by minors as it is against our stated terms. If you are a minor, please seek guidance from your parent or guardian before interacting with any website, including ours.

Updates to this Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We reserve the right to amend this Policy at our discretion. When we make changes, we will post the updated Privacy Policy on this page and update the “Last Updated” date at the top for your awareness. The updated Policy will be effective as of that date.

If we make material changes to how we collect, use, or share your personal information, we will notify you by prominent means. This could include a notice on our homepage, a pop-up or banner on the Site, or an email notification to the address we have on file for you. The form of notice may vary depending on the nature of the change. For example, if we were to start using personal information for a new purpose not previously disclosed, we might seek your consent or give you the opportunity to opt in or out, as required by applicable law.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices and your privacy rights. It is important that you keep your contact information with us up to date so that we can reach you if needed regarding policy changes.

If you continue to use our Site or services after a Privacy Policy update, you will be deemed to have accepted the changes. In other words, your continued use of the Site following the posting of an updated Policy signifies your acceptance of those changes, except where otherwise required (e.g., obtaining explicit consent for something). If you do not agree with the changes, you should stop using the Site and can request us to delete your personal information if you wish.

For any older versions of this Privacy Policy, you may contact us to obtain a copy. We maintain archives of our privacy notices to comply with record-keeping requirements.

Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please do not hesitate to contact us. We are here to help and aim to address any issues promptly and transparently.

Data Protection / Privacy Officer:
StarStruck Brand LLC has appointed a privacy officer to oversee compliance with this Policy. While we may not be legally required to have a formal Data Protection Officer under GDPR (given the nature of our business), we treat the role seriously. You may contact our privacy team or officer as follows:

Email: starstruckclothing@icloud.com
This is our dedicated email address for privacy inquiries, data requests, and concerns. Please include “Privacy Inquiry” or a similar subject line so we can direct it to the appropriate personnel. If you are exercising a specific right (e.g., data access request), you may specify that in the subject for clarity.
Postal Mail:
Privacy Officer
StarStruck Brand LLC
717 Riverside Drive
Memphis, Tennessee 38103
United States You can send us a written request or question at the above mailing address. Please mark the letter “Attn: Privacy Officer – Privacy Inquiry”. If you are mailing a rights request, please ensure it is signed and that you provide contact information for us to reach you to verify and respond.
Phone: +1 (602) 800-8900 (Customer Service)
You may call our customer service line and state that you have a privacy question or request. Our representatives will either assist you or direct you to the privacy officer. Please note that for formal requests (like access or deletion), we will likely ask you to also provide the request in writing (email is fine) so we have a record.

We will respond to legitimate inquiries as soon as reasonably possible, generally within 30 days or sooner if required by law. If you are contacting us to exercise your rights, please refer to the guidelines in the sections above for what information to include so we can verify and process your request efficiently.

Regulatory Contact: If you feel we have not addressed your privacy-related issue satisfactorily, you may contact the appropriate data protection authority. For EU residents, this would be your local Data Protection Authority (or the lead authority in the country of our EU representative, if appointed). For UK residents, the ICO (ico.org.uk). For Canadian residents, the Office of the Privacy Commissioner of Canada (priv.gc.ca) or your provincial commissioner. For California residents, the California Attorney General’s Office or the forthcoming California Privacy Protection Agency (once fully operational for complaints). We of course hope to resolve any issue directly with you first.

No Contractual Relationship: This Privacy Policy is a statement of our practices and your rights for your information. It is not a contract and does not create any contractual rights or obligations between us and any party, nor does it impose on StarStruck Brand LLC any duties or liabilities beyond those imposed by applicable privacy laws. We provide our services subject to this Privacy Policy and our Terms of Service (available on our Site). In the event of any conflict between this Policy and the Terms of Service regarding privacy matters, this Policy will prevail.

Thank you for reading our Privacy Policy. We value your trust in StarStruck Brand LLC and are dedicated to protecting your personal information.

Shop by

On Sale

Personal Information We Collect

How We Use Your Personal Information

Sharing and Disclosure of Personal Information

Behavioral Advertising and Analytics

Cookies and Tracking Technologies

Data Retention

Data Security and Breach Notification

Your Rights and Choices

Notice to EU/EEA Residents (GDPR)

Notice to California Residents (CCPA)

Notice to Canadian Residents (PIPEDA)

International Data Transfers

Minors’ Privacy

Updates to this Policy

Contact Information

Contact Us

Add Your Heading Text Here

Cop 20% off ya First Order. Subscribe to get plugged in.

Wait! before you leave…

Recommended Products

We care about your privacy

Review Cart

Your cart is empty

Shop by

On Sale