Privacy Policy

Consider the Lilies Stores, an Ecommerce Retail Marketplace Services Company

483 Moreland Ave NE #6

Atlanta, GA 30307

Phone: (678) 773-4134

Our website address is: https://littlefivepoints.com.

Your personal data, such as name, email address, personal account preferences; transactional data, such as purchase information; and technical data, such as information about cookies is  used to support your experience throughout this website, to manage access to your account, and to enable vendor capabilities should you desire to join the marketplace as a vendor.

Personal data is not just created by a your interactions with our site. Personal data is also generated from technical processes such as contact forms, comments, cookies, analytics, and third party embeds.

By default, our CMS, WordPress, does not collect any personal data about visitors, and only collects the data shown on the User Profile screen from registered users. We do not collect bank or card information.  This information is collected in the transaction process by our payment gateway square.com or Paypal if chosen.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

In this subsection you should note what analytics package you use, how users can opt out of analytics tracking, and a link to your analytics provider’s privacy policy, if any.

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Visitor comments may be checked through an automated spam detection service.

Consider the Lilies Stores an Ecommerce Retail Marketplace Services Company

483 Moreland Ave NE #6

Atlanta, GA 30307

Phone: (678) 773-4134

screen-shot-2016-11-16-at-17-15-11

SSL creates a secure connection between two machines or devices over the Web or an internal network, safeguarding and allowing sensitive data to be privately transmitted.

An SSL certificate is issued after verifying the authenticity of a website and identity of its owner, as indicated by the ‘S’ in https.

Many payment gateways require it. We strongly recommend it. And customers visiting your WooCommerce store see it as a sign of trustworthiness and expect to see the padlock in the address bar when browsing, buying, and entering their account and payment details.

What is SSL and HTTPS?

SSL (Secure Socket Layer) is a protocol used on the Web for:

    Encrypting website data sent from the browser to the server, and vice versa, so it’s protected

    Authenticating your website so visitors know your identity has been verified

HTTPS is/means HTTP with SSL.

    Just as “http://” means “this is a website,” seeing “https://” means “this is a website, and it’s using SSL to encrypt data and authenticate the website.”

    – WP Engine

The security team will conduct quarterly assessments for data protection.

The assessment involves a review of activity logs and the security of all data, application activity, usage data, email security..

Based on the results of the assessment, the team will determine if new security measures are needed

If a breach is discovered, the assessment and the supporting information shall be  specific and address these facts:

    Evaluate the definiteness of the information discovered and the certainty of the presence of a breach

    Consideration of who engaged in unauthorized use or to whom the information was disclosed without authorization;

    The type and amount of data involved;

    The cause of the breach, and the entity responsible for the breach, either User, Consider the Lilies, or Partner, Pressable, Square, Paypal.

A breach shall be considered as “discovered” as of the first day on which such a breach is known to Consider the Lilies Stores, or, by exercising reasonable diligence would have been known to the organization (including breaches caused by the organization’s users, or partners). Consider the Lilies Stores shall be deemed to have knowledge of a breach if such breach is known or by exercising reasonable diligence would have been known, to any person, excluding the person(s) committing the breach, who are members or partners of the organization.

An acquisition, access, use or disclosure of data must constitute a violation of the data privacy policy to constitute a breach.  A use or disclosure of data that is incident to a permissible use or disclosure and occurs despite safeguards and correct procedures would not qualify as a potential breach as it would not be a violation of the Privacy Policy .   The organization has the burden of proof for demonstrating that the data usage or disclosure did not constitute a breach.

In the event of discovery of a potential breach, including unauthorized access to user data, the organization shall:

    Temporarily freeze logins and suspend marketplace operation

    Conduct an investigation and risk assessment

    Notify affected parties

    Evaluate if external notifications are required.

Upon discovery of a breach, notice shall be made to the affected users no later than 72 hours after the discovery of the breach.  In addition, incidents will also be reported to stakeholders, including donors and board members, and to the authorities.

The notice shall be written in plain language and must contain the following information:

    A brief description of what happened, the date of the breach, and the date of the discovery of the breach;

    A description of  information that was compromised in the breach, if known;

    Steps affected users should take to protect data from potential misuse resulting from the breach.

    A brief description of what the organization is doing to investigate the breach, to limit impact to individuals and users, and to prevent further breaches.

    Contact information for affected paries to ask questions or obtain additional information, which may include a telephone number, an e-mail address, a web site, or postal address.

Affected parties will be notified via email within the timeframe for reporting breaches outlined above.

 Creation of Breach Records

If any organizational or user data is compromised, the following information will be collected and recorded for each breach:

    Current status of the incident

    Summary of the incident

    Incidents related to this incident

    Actions taken by all handlers on this incident

    Assessments related to the incident

    Contact information for involved parties (e.g., owners, administrators)

    Evidence gathered during the incident investigation

    Comments from handlers

    Rectification steps to be taken

The team will determine the appropriate course of action for rectification.  These include restoring the marketplace to normal operation, confirming that the marketplace systems are working normally, and rectifying vulnerabilities to prevent future breach conditions. Rectfication may involve restoring sites from backups, rebuilding the site, replacing compromised files, installing patches, changing passwords, or tightening network security

A complete analysis of the breach and handling of it will be carried out by the team and the leadership. Information gleaned will be dispensed to staff and used to build more effective security systems.

Individuals who wish to make complaints concerning the organization’s user privacy policies and procedures or its compliance with such policies and procedures can contact us at littlefivepoints.com

The organization may not intimidate, threaten, coerce, discriminate against, or take other retaliatory action against any individual for the exercise by the individual of any privacy right.