CCPA Notice

CALIFORNIA PRIVACY NOTICE

Your California Privacy Rights Under CCPA/CPRA

Introduction

This California Privacy Notice ("Notice") supplements the information contained in our general Privacy Policy and applies solely to visitors, users, and customers who reside in the State of California ("consumers" or "you").

We adopt this Notice to comply with the California Consumer Privacy Act of 2018 ("CCPA") as amended by the California Privacy Rights Act of 2020 ("CPRA") and other applicable California privacy laws. Any terms defined in the CCPA/CPRA have the same meaning when used in this Notice.

This Notice describes how DoorToCart, operated by icicosmetic Ltd ("we," "us," or "our"), collects, uses, discloses, and otherwise processes personal information of California residents, and explains the rights California residents have under California law.

Scope

This Notice applies to personal information we collect:

  • On our website at www.doortocart.com
  • Through email, text, and other electronic communications
  • When you interact with our advertising on third-party websites and applications
  • Through customer service interactions

This Notice does not apply to:

  • Information collected from job applicants, employees, or contractors
  • Business-to-business communications
  • Information exempt from CCPA (e.g., certain financial or medical information covered by other laws)

Information We Collect

In the preceding 12 months, we have collected the following categories of personal information from California consumers:

Categories of Personal Information Collected

Category Examples Collected Source
A. Identifiers Name, email address, postal address, phone number, IP address, account name, unique personal identifier ✅ Yes Directly from you; Automatically collected
B. Personal Information (Cal. Civ. Code § 1798.80(e)) Name, address, telephone number, credit card number (partial), bank account number (partial) ✅ Yes Directly from you
C. Protected Classification Characteristics Age, gender (if voluntarily provided) ✅ Limited Directly from you (optional)
D. Commercial Information Products purchased, obtained, or considered; purchase history; shopping preferences ✅ Yes Directly from you; Automatically collected
E. Biometric Information Fingerprints, facial recognition data, voiceprints ❌ No Not collected
F. Internet or Network Activity Browsing history on our site, search history, interaction with our website and ads ✅ Yes Automatically collected
G. Geolocation Data Approximate location based on IP address ✅ Yes Automatically collected
H. Sensory Data Audio, visual, or similar information (e.g., customer service calls if recorded) ✅ Limited Directly from you
I. Professional or Employment Information Current or past job title, employer (if provided) ❌ No Not collected
J. Non-Public Education Information Education records ❌ No Not collected
K. Inferences Preferences, characteristics, behavior, attitudes based on collected information ✅ Yes Derived from other categories
L. Sensitive Personal Information See Sensitive Personal Information section below ✅ Limited Directly from you

Sensitive Personal Information

Under the CPRA, "Sensitive Personal Information" includes certain categories that require additional protections. We collect the following sensitive personal information:

Sensitive Category Collected Purpose
Social Security Number ❌ No Not collected
Driver's License / State ID / Passport ❌ No Not collected
Account Login with Password ✅ Yes Account creation and security
Financial Account Information ✅ Limited Payment processing (handled by third-party processors)
Precise Geolocation ❌ No Not collected
Racial or Ethnic Origin ❌ No Not collected
Religious or Philosophical Beliefs ❌ No Not collected
Union Membership ❌ No Not collected
Contents of Mail, Email, Text (non-directed to us) ❌ No Not collected
Genetic Data ❌ No Not collected
Biometric Data for Identification ❌ No Not collected
Health Information ❌ No Not collected
Sex Life or Sexual Orientation ❌ No Not collected

Note: We only use sensitive personal information for purposes permitted under the CPRA, specifically for processing transactions and maintaining security. We do not use sensitive personal information for advertising, profiling, or purposes beyond what is necessary to provide our services.

Sources of Personal Information

We collect personal information from the following sources:

Directly From You:

  • When you create an account
  • When you make a purchase
  • When you subscribe to our newsletter
  • When you contact customer service
  • When you participate in promotions or surveys
  • When you submit product reviews

Automatically Collected:

  • Through cookies and similar technologies when you browse our website
  • Through server logs recording your IP address and browser information
  • Through pixels and tags in emails we send

From Third Parties:

  • Payment processors (transaction confirmation)
  • Advertising networks (ad interactions)
  • Analytics providers (aggregated website usage)
  • Social media platforms (if you interact with our social content)
  • Shipping carriers (delivery confirmation)

How We Use Your Personal Information

We use the personal information we collect for the following business and commercial purposes:

Purpose Categories Used
Fulfill Orders — Process transactions, ship products, and handle returns A, B, D, G
Customer Service — Respond to inquiries, resolve issues, and provide support A, B, D, H
Account Management — Create and manage your account, remember preferences A, B, D, L
Marketing & Advertising — Send promotional emails, display targeted ads, and measure ad effectiveness A, D, F, K
Website Improvement — Analyze usage patterns, optimize user experience, and troubleshoot issues A, F, G, K
Security & Fraud Prevention — Detect and prevent fraudulent transactions and unauthorized access A, B, D, F, G, L
Legal Compliance — Comply with applicable laws, regulations, and legal processes A, B, D
Research & Analytics — Understand shopping trends and customer preferences D, F, K

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Disclosure of Personal Information

In the preceding 12 months, we have disclosed the following categories of personal information for a business purpose:

Category Disclosed To
A. Identifiers Service providers, shipping carriers, payment processors
B. Personal Information Payment processors, shipping carriers
D. Commercial Information Service providers, analytics providers
F. Internet/Network Activity Analytics providers, advertising networks
G. Geolocation Data Analytics providers, advertising networks
K. Inferences Advertising networks

Categories of Third Parties:

We disclose personal information to the following categories of third parties:

  • Service Providers — Companies that perform services on our behalf (e.g., payment processing, shipping, email marketing, customer service tools)
  • Shipping Carriers — To deliver your orders (e.g., USPS, UPS, FedEx, DHL)
  • Payment Processors — To process transactions securely (e.g., Shopify Payments, PayPal, Stripe)
  • Analytics Providers — To help us understand website usage (e.g., Google Analytics)
  • Advertising Partners — To deliver and measure advertisements (e.g., Meta, Google Ads)
  • Legal & Regulatory — When required by law or to protect our rights

Sale and Sharing of Personal Information

Important Definitions Under CCPA/CPRA:

  • "Sale" means the disclosure of personal information for monetary or other valuable consideration
  • "Sharing" means the disclosure of personal information for cross-context behavioral advertising purposes

Do We "Sell" Personal Information?

We do NOT sell your personal information in the traditional sense (i.e., for direct monetary payment).

However, under the broad CCPA/CPRA definitions, certain disclosures to advertising partners (such as sharing identifiers and browsing activity for targeted advertising) may be considered a "sale" or "sharing."

Categories of Personal Information Sold or Shared

In the preceding 12 months, we may have "sold" or "shared" the following categories of personal information for targeted advertising purposes:

Category Sold/Shared With Purpose
A. Identifiers (device ID, IP address) Advertising networks Targeted advertising
D. Commercial Information (products viewed) Advertising networks Targeted advertising
F. Internet/Network Activity Advertising networks Targeted advertising
K. Inferences Advertising networks Targeted advertising

Advertising Partners:

  • Meta (Facebook/Instagram)
  • Google Ads
  • Pinterest
  • TikTok

Your Right to Opt-Out

You have the right to opt out of the "sale" or "sharing" of your personal information. See "Right to Opt-Out" below for instructions.

Personal Information of Minors

We do not have actual knowledge that we sell or share the personal information of consumers under 16 years of age. Our website is not directed to individuals under 16.

Your California Privacy Rights

As a California resident, you have the following rights under the CCPA/CPRA:

1. Right to Know

You have the right to request that we disclose:

  • The categories of personal information we have collected about you
  • The categories of sources from which we collected your personal information
  • Our business or commercial purpose for collecting, selling, or sharing your personal information
  • The categories of third parties with whom we share your personal information
  • The specific pieces of personal information we have collected about you

Limitations: We are not required to provide this information more than twice in a 12-month period.

2. Right to Delete

You have the right to request that we delete personal information we have collected from you, subject to certain exceptions.

Exceptions: We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  • Complete a transaction or provide a service you requested
  • Detect and protect against security incidents, fraud, or illegal activity
  • Debug and repair errors
  • Exercise free speech or other legal rights
  • Comply with legal obligations
  • Conduct research in the public interest (with your consent)
  • Enable internal uses reasonably aligned with your expectations

3. Right to Correct

You have the right to request that we correct inaccurate personal information we maintain about you.

We will use commercially reasonable efforts to correct the inaccurate information, taking into account the nature of the information and the purposes for processing it.

4. Right to Opt-Out of Sale/Sharing

You have the right to direct us to not sell or share your personal information at any time ("opt-out").

How to Opt-Out:

  1. Online: Email us at support@doortocart.com with subject line "Do Not Sell or Share My Personal Information"
  2. Global Privacy Control (GPC): Enable GPC in your browser. We honor GPC signals as a valid opt-out request.
  3. Advertising Partners: Opt out directly through:

Once you opt out, we will not sell or share your personal information unless you subsequently provide express authorization.

5. Right to Limit Use of Sensitive Personal Information

You have the right to limit our use of your sensitive personal information to only what is necessary to perform the services or provide the goods you requested.

Note: We only use sensitive personal information (account credentials, partial payment information) for processing transactions and maintaining account security — purposes that do not require a limitation option under the CPRA.

6. Right to Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights. Specifically, we will not:

  • Deny you goods or services
  • Charge you different prices or rates
  • Provide you with a different level or quality of goods or services
  • Suggest that you may receive a different price or level of service

How to Exercise Your Rights

To exercise any of the rights described above, please submit a verifiable consumer request by:

Email: support@doortocart.com Subject Line: California Privacy Request — [Right You Are Exercising]

Include in Your Request:

  • Your full name
  • Email address associated with your account (if applicable)
  • The specific right you wish to exercise
  • Sufficient information to verify your identity

Verification Process

When you submit a request, we must verify your identity before processing it. Our verification process depends on the type of request:

Request Type Verification Required
Right to Know (Categories) Match 2 data points (e.g., name + email)
Right to Know (Specific Pieces) Match 3 data points + signed declaration
Right to Delete Match 2-3 data points depending on sensitivity
Right to Correct Match 2-3 data points depending on sensitivity
Right to Opt-Out Reasonable verification (typically email confirmation)

Verification Methods:

  • Confirming information you previously provided (name, email, address, order history)
  • Sending a verification link to your email address
  • Asking security questions about recent orders

If we cannot verify your identity with reasonable certainty, we may request additional information or deny the request.

Authorized Agents

You may designate an authorized agent to make a request on your behalf. To do so:

  1. Provide the agent with written permission signed by you
  2. Have the agent submit the written permission along with the request
  3. We may still require you to verify your identity directly with us
  4. We may require the agent to demonstrate they have authority to act on your behalf

If the agent has power of attorney under California Probate Code sections 4121 to 4130, we may waive the above requirements and accept a copy of the power of attorney document.

Response Timing

We will respond to verifiable consumer requests within the following timeframes:

Action Timeframe
Acknowledge receipt of request Within 10 business days
Respond to request Within 45 calendar days
Extension (if needed) Additional 45 days with notice

If we need more time, we will inform you of the reason and extension period in writing.

Data Retention

We retain personal information for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal obligations
  • Resolve disputes
  • Enforce our agreements
Data Type Retention Period
Account information Until account deletion + 3 years
Order history 7 years (tax/legal compliance)
Customer service records 3 years
Marketing preferences Until opt-out or account deletion
Website analytics 26 months (aggregated/anonymized longer)
Cookies Varies (see Cookie Policy)

Financial Incentives

We may offer financial incentives, including discounts or other benefits, for providing your personal information (such as signing up for our email newsletter).

Current Programs:

Program Incentive Personal Information Collected
Email Newsletter Signup [X]% discount on first order Email address, name (optional)
Account Registration Access to order history, faster checkout Name, email, address
Loyalty/Rewards Program Points, discounts (if applicable) Name, email, purchase history

Value of Your Data: The value of the incentive is reasonably related to the value your data provides to us, based on:

  • Revenue generated from email marketing campaigns
  • Customer retention rates for registered users
  • Costs of administering the program

Opting In/Out:

  • You can opt into these programs by signing up through our website
  • You can opt out at any time by unsubscribing from emails or contacting us
  • Opting out does not affect your ability to make purchases

California "Shine the Light" Law

California Civil Code Section 1798.83 permits California residents to request a list of third parties to whom we have disclosed personal information for their direct marketing purposes during the preceding calendar year.

Our Disclosure: We do not share personal information with third parties for their own direct marketing purposes. We only share information with service providers who process data on our behalf or with advertising partners for targeted advertising (which you can opt out of as described above).

If you have questions about this disclosure, contact us at support@doortocart.com.

Changes to This Notice

We reserve the right to amend this Notice at our discretion and at any time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this Notice
  • Post the revised Notice on our website
  • Notify you by email if you have an account with us (for significant changes)

Your continued use of our website after changes are posted constitutes your acceptance of the revised Notice.

Contact Us

If you have any questions or comments about this Notice, our privacy practices, your California privacy rights, or if you need to access this Notice in an alternative format due to a disability, please contact us:

Email: support@doortocart.com Subject Line: California Privacy Inquiry

Mailing Address:
icicosmetic Ltd
Office 6623 58 Peregrine Road,
Hainault, Ilford, Essex,
United Kingdom, IG6 3SZ

Response Time: We aim to respond to all inquiries within 3-5 business days.

Additional California Rights

Do Not Track Disclosure: Some browsers offer a "Do Not Track" (DNT) feature. Our website does not currently respond to DNT signals because there is no industry-wide standard. However, we honor Global Privacy Control (GPC) signals.

Removal of Content for Minors (California Business & Professions Code § 22581): California residents under 18 who have registered to use our website may request removal of content they have publicly posted. Contact us at support@doortocart.com to make such a request. Note that removal does not ensure complete erasure of the content from the internet.

This California Privacy Notice was last updated on 16 Jan 2025.