Privacy Policy

Effective Date: 26 September 2025

We respect the privacy of our partnered businesses, their employees and staff, and all visitors to Luck Berry Mall. This Privacy Policy explains how we collect, use, disclose, store, and protect information. It also describes your rights under applicable U.S. laws and how to contact us with questions.

1. Who We Are

For our public website, Luck Berry Mall acts as a controller/business, meaning we determine the purposes and means of processing personal data collected through Luck Berry Mall. For each partner’s Business Store, we generally act as that company’s service provider/processor (e.g., under the CCPA and other state laws), carrying out order processing and related functions strictly under that company’s instructions. This distinction ensures that businesses remain in control of their own employee data, while we provide the technical and operational support needed to fulfill orders and maintain the platform securely.

2. Information We Collect

We collect information from both businesses and employees to deliver our services effectively, ensure security, and comply with legal obligations. This includes information provided directly by you, data generated automatically through your use of Luck Berry Mall, and information shared by your employer if you are using a Business Store. Below are the categories of information we collect:

  • Identifiers: This includes details such as your name, email address, phone number, and login credentials. These are used to create accounts, verify your identity, allow you to log in securely, and communicate important service or order-related information.
  • Business Information: Information like company name, logos, artwork, and billing contacts. We collect this from partner companies to set up their Business Store, display branded items, and manage billing relationships.
  • Order Data: Information about products purchased, sizes selected, shipping and billing addresses, payment confirmation, and purchase history. This data is required to process, deliver, and support your orders, as well as to maintain accurate records for compliance.
  • Technical Data: Device type, IP address, browser version, operating system, activity logs, and approximate location. This data helps us secure Luck Berry Mall, troubleshoot errors, optimize performance, and detect potential unauthorized access.
  • Communications: Records of emails, chats, web forms, or calls you send us. This is used to respond to inquiries, provide support, and improve our customer service.
  • Preferences: Saved addresses, size preferences, shopping carts, cookie consents, and notification settings. These make your experience faster, more convenient, and more personalized when you return to Luck Berry Mall.

3. How We Use Information

We use the information we collect in multiple ways to deliver our services, maintain security, comply with legal requirements, and create a better user experience. This includes everything from processing transactions and managing accounts, to improving site performance and enhancing communication. By using your data responsibly, we ensure that Luck Berry Mall and our Business Stores run smoothly, securely, and efficiently. This section explains not just what we do with your data but why these actions are essential for both day-to-day operations and long-term reliability.

  • Provide Services: We use your information to create and manage Business Stores, process orders accurately, and ensure that purchased items are produced and delivered on time. This includes coordinating with payment providers, shipping carriers, and business partners to complete transactions.
  • Account Management: Data is used to verify user identity, protect against unauthorized access, reset passwords, and keep accounts accurate and up to date. It also allows us to personalize your experience by remembering saved preferences and order history.
  • Communication: We rely on your contact details to send order confirmations, shipping notifications, service updates, and security alerts. We also use this information to respond to inquiries, handle complaints, and provide tailored customer support.
  • Analytics and Improvements: We analyze aggregated technical and behavioral data to understand how users interact with Luck Berry Mall. This helps us fix errors, enhance site speed, improve navigation, and introduce new features based on real user needs.
  • Legal Compliance: Information is retained and processed to meet tax, accounting, and regulatory obligations. It is also used to resolve disputes, enforce contracts, investigate fraud, and comply with lawful requests from authorities.
  • Security and Fraud Prevention: We use identifiers, technical logs, and behavioral data to detect suspicious activity, block malicious traffic, and safeguard accounts and transactions.
  • Marketing and Awareness: Where permitted by law and with your consent, we may use limited information to share updates, promotional content, or educational resources relevant to our services.
  • Business Operations: Internal reporting, auditing, staff training, and planning rely on collected data to ensure we continue to provide reliable and efficient services.

4. How We Share Information

We take your privacy seriously and do not sell personal data under any circumstances. However, in order to provide services, operate Luck Berry Mall effectively, and comply with legal obligations, there are limited situations in which we share information. Below we describe these circumstances in detail so you understand when and why your data may be disclosed:

  • Service Providers: We share necessary information with trusted third parties such as payment processors, shipping carriers, cloud hosting services, email delivery tools, fraud detection vendors, and analytics providers. These partners are contractually bound to handle your information securely and only use it for the services they provide on our behalf.
  • Business Partners: When you use a Business Store, certain order information may be shared with your employer or the business that sponsors the store. This allows them to monitor employee orders, manage budgets, track participation, and ensure the success of their merchandise program.
  • Legal Obligations: We may disclose data when required to comply with applicable laws, regulations, or valid legal processes such as subpoenas or court orders. We may also share information if it is necessary to protect our rights, investigate fraud, or respond to governmental requests.
  • Business Transfers: If Luck Berry Mall undergoes a merger, acquisition, bankruptcy, or sale of assets, customer and business data may be transferred as part of that transaction. In such cases, we will ensure that the successor entity upholds the commitments made in this Privacy Policy.
  • Security and Safety: In situations where we must investigate, prevent, or respond to potential threats, malicious activity, or violations of our terms, we may share relevant information with law enforcement or cybersecurity experts to safeguard users and systems.
  • With Your Consent: In certain cases, we may ask for your explicit consent to share information for purposes not covered above. For example, if we introduce optional integrations or marketing collaborations, we will clearly explain how your information will be used and obtain your permission first.

5. Data Retention

We retain personal and business information only as long as it is necessary for the purposes described in this policy, which may include fulfilling orders, meeting contractual or legal obligations, resolving disputes, or supporting security investigations. Retention periods vary depending on the type of data, applicable legal requirements, industry best practices, and the specific context in which the data was collected. Where possible, we establish defined retention schedules and securely delete or anonymize information once it is no longer needed.

  • Orders and Financial Records: Retained for at least 7 years to comply with accounting, auditing, and tax obligations. These records include invoices, payment confirmations, and tax-related documents required by law. In some cases, longer retention may be necessary if disputes, audits, or ongoing investigations are involved.
  • User Accounts: Maintained while the account remains active so that users can log in, view history, and manage preferences. If inactive for an extended period (e.g., 24 months), we may deactivate or delete accounts subject to legal requirements. Backup copies of account details may remain in our secure archives for a limited time after deletion to ensure integrity.
  • Business Records: Logos, designs, contract details, and company information are retained while the Business Store is active. After closure, we keep them for a limited period to handle disputes, enforce contracts, or comply with legal claims. Some records, such as signed agreements, may need to be stored longer due to corporate governance or legal requirements.
  • Technical Logs: Security and performance logs (such as IP addresses, login attempts, and error reports) are usually kept for 12–24 months. In some cases, these may be retained longer to support security investigations, regulatory compliance, or performance analysis.
  • Communications: Support tickets, emails, and chat records are retained for customer service history and quality assurance, generally for 24 months. If communications are linked to disputes, fraud investigations, or compliance issues, they may be kept longer.
  • Marketing Preferences: Records of consent or opt-out choices for email marketing and notifications are retained for as long as required to honor your preferences and demonstrate compliance with applicable laws.
  • Legal and Compliance Records: Data relevant to litigation, audits, or regulatory investigations may be retained beyond standard periods until such matters are fully resolved.

We may retain anonymized or aggregated data that no longer identifies individuals for research, analytics, benchmarking, and reporting purposes. Such data is stripped of all personal identifiers and used to study trends, improve services, develop new features, and publish insights without compromising user privacy.

6. Data Security

We recognize that protecting your information is one of the most important responsibilities we have. This section outlines the safeguards, policies, and ongoing measures we use to secure your data, prevent unauthorized access, and ensure the reliability of Luck Berry Mall’s systems.
We take strong measures to secure your data:

  • Encryption: Payments and sensitive transmissions are encrypted using TLS to protect your information while it moves across networks. Sensitive data such as payment card details are never transmitted in plain text and may also be encrypted at rest for additional security.
  • Access Controls: Access to sensitive data is limited to authorized personnel only, supported by multi-factor authentication, role-based permissions, and regular access reviews. These measures ensure that only those with a legitimate business need can view protected data.
  • Monitoring Systems: We maintain intrusion detection systems, advanced firewalls, malware scanning, and detailed audit logs to identify suspicious activity. These tools allow us to detect and respond quickly to unauthorized access attempts or unusual patterns of behavior.
  • Regular Testing: Our systems undergo regular security assessments, penetration tests, and vulnerability scans conducted by both internal teams and external security experts. Findings are tracked and remediated promptly to continuously strengthen our defenses.
  • Compliance: We adhere to strict industry standards such as PCI-DSS for payment processing, and we regularly review vendor security practices. We also monitor compliance with applicable privacy regulations and update our protocols as needed.
  • Data Backups and Recovery: Secure backups are performed on a routine basis and stored in redundant, protected environments. Tested recovery procedures ensure that your data can be restored promptly in the event of hardware failure or other disruptions.
  • Employee Training: Staff with access to sensitive systems receive ongoing security and privacy training to ensure they follow best practices and recognize potential threats.
  • Incident Response: We maintain a documented incident response plan that outlines the steps for containing, investigating, and reporting security events to minimize risk and comply with notification requirements.

No system is completely secure, but we take all reasonable steps to protect your data. In addition to our preventive measures, we maintain breach detection and notification procedures that comply with U.S. legal requirements. If a security incident occurs, we will promptly investigate, contain the issue, notify affected users where legally required, and provide guidance on steps you can take to protect yourself.

7. Your Rights

Depending on your state, you may have specific privacy rights granted under local laws. These rights are designed to give you greater control over your personal information, improve transparency, and ensure that businesses handle your data responsibly. The scope and type of rights vary from state to state, but generally include the ability to access, update, delete, or restrict the use of your personal information, as well as protections against unfair treatment for exercising these rights. Depending on your state, you may have rights to:

  • Access: You have the right to request a copy of your personal data that we hold, including details of how it is used and with whom it is shared. This transparency allows you to verify the lawfulness of our processing and stay informed about how your information is handled.
  • Correction: If any of your personal information is inaccurate, incomplete, or outdated, you can request that we update or correct it. Keeping your data accurate ensures that orders, communications, and account information are properly maintained.
  • Deletion: You may request that we delete certain personal information, subject to legal, regulatory, or contractual obligations that may require us to retain some data. For example, we may need to keep financial records for tax compliance, but we will honor deletion requests wherever possible.
  • Opt-Out: You can opt out of receiving marketing emails, promotional communications, or specific types of data processing such as targeted advertising. Even if you opt out, we may still send non-promotional messages related to your orders or account.
  • Data Portability: In some cases, you may request to receive your personal data in a structured, commonly used, and machine-readable format, or have us transmit it to another service provider where technically feasible.
  • Restriction of Processing: You may request that we limit how we process certain personal data while disputes are resolved or when you contest the accuracy of the information.
  • Non-Discrimination: Exercising your privacy rights will never result in denial of service, increased prices, or reduced quality. We respect your rights and will treat all requests fairly and without prejudice.

We do not sell personal information, rent it to marketers, or share it for cross-context behavioral advertising, and we have no plans to change this commitment in the future.

8. U.S. State Privacy Notices

This section explains how different U.S. state privacy laws apply to residents and what additional rights may be available. While federal law does not yet provide a single comprehensive privacy framework, many states have enacted their own regulations. We are committed to honoring these requirements, adapting our practices as laws evolve, and giving clear guidance on how residents can exercise their rights.

  • California (CCPA/CPRA): Residents of California have robust rights, including the right to know what categories of personal information we collect, the right to access a copy of specific information we hold, the right to delete certain information (subject to exceptions), the right to correct inaccuracies, and the right to opt out of the sale or sharing of personal information. California law also grants the right to limit the use of sensitive personal information and protections against discrimination for exercising privacy rights.
  • Colorado, Connecticut, Virginia, Utah: Residents of these states have similar rights, including the ability to access personal data we hold about them, request corrections to inaccurate information, and request deletion of personal data subject to legal or contractual exceptions. They also have the right to opt out of targeted advertising, certain profiling activities, or the sale of personal data. Some states additionally require us to honor universal opt-out mechanisms or global privacy control signals.
  • Nevada: Nevada residents have the right to opt out of the sale of personal information. While Luck Berry Mall does not sell personal information, we provide this notice to confirm that Nevada residents can submit a verified request to opt out at any time.
  • Other States: As more U.S. states pass privacy legislation, Luck Berry Mall will update this section to reflect additional rights and obligations. We are committed to honoring state-specific requirements and providing transparency for all users.

9. Children’s Privacy

Luck Berry Mall is not intended for children under the age of 13, and we do not knowingly collect or solicit personal information from minors. If you are under 13, please do not use our services or provide any information through Luck Berry Mall. Parents or guardians who believe their child has shared information with us should contact us immediately so we can review the case and delete the data if necessary. We also encourage parents to monitor their children’s online activities to help protect their privacy.

10. International Users

Luck Berry Mall operates in the United States. If you access from outside the U.S., your data will be transferred to and processed in the U.S., where privacy laws may differ from those in your country. We implement safeguards such as contractual protections, encryption, and limited access controls to help ensure your information receives adequate protection. By using Luck Berry Mall from outside the U.S., you consent to this transfer and acknowledge that your data will be handled according to this Privacy Policy.

11. Payments and Third Parties

This section explains how Luck Berry Mall works with outside providers and services to process transactions, deliver orders, and support the overall platform. While we rely on third parties for certain functions, all relationships are carefully vetted, contractual protections are in place, and data shared is limited to what is necessary for the service being provided.

  • Payments: All payments are processed securely by third-party providers who specialize in financial transactions. We do not store card details on our servers. These providers use encryption and industry certifications (such as PCI-DSS) to protect your payment information, and transactions are monitored for fraud prevention.
  • Shipping: To fulfill your orders, delivery information including recipient name, address, and contact details may be shared with carriers. This ensures accurate delivery and enables carriers to provide tracking updates or confirm delivery.
  • Analytics and Support Tools: Limited data may be shared with trusted providers that supply analytics, error tracking, customer service chat systems, or survey platforms. These tools help us understand user behavior, resolve issues quickly, and improve service quality. Data shared is restricted to what is necessary for the tool to function.
  • Third-Party Links: Luck Berry Mall may contain links to external services such as partner websites, social media platforms, or third-party integrations. Clicking these links may direct you to sites governed by their own privacy policies. We encourage you to review those policies as we do not control and are not responsible for their practices.
  • Integrations and Optional Services: If you choose to connect Luck Berry Mall with optional third-party services, we will clearly explain what information is shared and seek your consent before enabling those integrations.

12. Cookie Policy

Luck Berry Mall uses cookies and similar technologies to ensure proper functionality, enhance user experience, support analytics, and protect security. Cookies are small text files stored on your device that help us recognize your browser, remember your settings, and track usage for improvements. They also allow us to provide personalized content, maintain session continuity, measure marketing effectiveness, and understand how visitors engage with our services. Some cookies are placed directly by Luck Berry Mall, while others may be set by trusted third parties such as analytics or payment providers. These tools collectively help us maintain a reliable platform, deliver tailored experiences, and keep our services efficient and secure.

  • Strictly Necessary Cookies: These are vital for the core functionality of Luck Berry Mall, enabling you to log in, add items to your cart, and complete the checkout process. Without them, the platform would not work properly. They also help maintain session integrity and protect against fraudulent activity.
  • Functional Cookies: These cookies remember choices you make such as preferred language, display settings, and saved addresses. They enhance usability by ensuring you don’t need to re-enter details every time you visit. They may also store accessibility preferences and personalization settings.
  • Performance Cookies: Used to measure how Luck Berry Mall performs in real-world usage. They collect data about page load times, error messages, and response speeds. This information helps us troubleshoot problems, optimize performance, and ensure a smoother experience across different devices and networks.
  • Analytics Cookies: Provide detailed insights into user interactions such as navigation paths, time spent on pages, and features most used. By analyzing these patterns, we improve our design, tailor content, and prioritize updates that matter most to our users. These cookies are usually aggregated and anonymized.
  • Advertising Cookies: Help measure the success of promotional campaigns and display content or offers relevant to you, where permitted by law. Unlike some platforms, we do not sell your data or use it for cross-context behavioral advertising. Instead, these cookies may simply ensure you don’t see the same advertisement repeatedly.
  • Third-Party Cookies: Set by trusted external providers such as payment gateways, shipping carriers, chat tools, or analytics platforms. Their purpose can include fraud detection, payment verification, or additional site features. These cookies are governed by the policies of the third parties who place them.
  • Social Media Cookies: If you interact with social media integrations (such as sharing products on Facebook or LinkedIn), these cookies may track engagement and allow those platforms to tailor content or measure campaign reach.

Managing Cookies: You may block, delete, or limit cookies via browser settings or our cookie preference banner. Disabling essential cookies may prevent you from using key features.

Consent: By using Luck Berry Mall, you agree to our use of cookies. Where legally required, we will provide cookie banners or settings to capture explicit consent.

13. Changes to This Policy

We may update this Policy to reflect changes in law or our practices. Updates will be posted here with a new effective date. Please review regularly.

14. Contact Us

For any questions about this Privacy Policy, or to exercise your privacy rights such as access, correction, or deletion requests, please contact us. You may reach us directly or submit your request through the Contact Us page on our website. Our team is available to assist you and ensure your concerns are addressed promptly.