Privacy Policy – Northwind Trade

Your privacy is not an afterthought at Northwind Trade LLC – it is a foundational principle. When you visit our website northwindtrade.shop, purchase a Bed Throw, Blanket, Duvet Cover, Pillow Insert, or Quilt + Comforter, or communicate with our team, you trust us with your personal information. This Privacy Policy explains exactly what data we collect, how we use it, who we share it with, and what rights you have over your own information. We have written this policy in plain, straightforward English, avoiding legal jargon wherever possible. We want you to feel confident and secure when you interact with our brand.

This Privacy Policy applies to all users of northwindtrade.shop (the “Site”), customers who purchase our products, and individuals who contact us via email (anhnln1512@gmail.com), phone (+840329633706), or postal mail (1209 MOUNTAIN ROAD PL NE, STE R, ALBUQUERQUE, NM 87110). By using the Site or providing us with your personal information, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. If you do not agree, please do not use the Site or provide us with your data.

We may update this Privacy Policy from time to time. Material changes will be posted on this page with an updated “Last Revised” date at the bottom. Your continued use of the Site after any changes constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

Information We Collect
How We Collect Your Information
How We Use Your Information
Legal Bases for Processing (GDPR and Other Laws)
Sharing and Disclosure of Information
International Data Transfers
Cookies and Tracking Technologies
Your Privacy Rights and Choices
Data Security
Data Retention
Children’s Privacy
California Privacy Rights (CCPA)
Nevada Privacy Rights
Virginia, Colorado, Connecticut, Utah Privacy Rights
European Union and UK Privacy Rights (GDPR)
Third-Party Links and Services
Do Not Track Signals
Changes to This Privacy Policy
Contact Information and Data Protection Officer

1. Information We Collect

We collect several categories of personal information depending on how you interact with us. “Personal information” means any data that can reasonably identify you as an individual, either alone or in combination with other data.

1.1 Information You Provide Directly to Us

Contact and Account Information

Full name
Billing address
Shipping address(es)
Email address
Phone number (if provided)
Account login credentials (username and hashed password) if you create an account

Order and Payment Information

Products purchased, quantities, sizes, colors, prices
Order number and order history
Payment method type (e.g., Visa, Mastercard, Apple Pay) – but not your full credit card number (Stripe handles that)
Shipping preferences and delivery instructions
Gift card codes (if used)

Communications with Us

Email correspondence sent to anhnln1512@gmail.com
Phone call recordings or notes (we may record calls for quality assurance and training purposes with your consent where required by law)
Live chat transcripts (when available)
Customer support tickets and resolution notes
Feedback, product reviews, and survey responses

Marketing and Promotional Information

Your preferences for receiving marketing emails
Coupon codes you have used or requested
Participation in contests, sweepstakes, or referral programs

1.2 Information We Collect Automatically (Through Cookies and Similar Technologies)

When you browse the Site, our servers and third-party tools automatically collect certain technical information, including:

Device information: IP address, browser type and version, operating system, device type (desktop, mobile, tablet), screen resolution.
Usage data: Pages visited, time and date of visit, time spent on each page, clicks, scrolling behavior, search queries, referring website (e.g., Google or Facebook), exit pages.
Location data: Approximate geographic location derived from IP address (city and region level). We do not collect precise GPS location unless you grant explicit permission (which we do not request).
Session identifiers: Unique IDs stored in cookies to remember your cart contents, login status, and preferences.

1.3 Information from Third Parties

We may receive information about you from other sources, including:

Payment processors (Stripe): Stripe provides us with a payment token and the last four digits of your credit card, card type, and expiration date. Stripe does not share your full card number with us.
Shipping carriers (USPS, UPS, FedEx): When we generate a shipping label, the carrier receives your name, address, and phone number (if provided). They may share delivery status and exception notifications with us.
Fraud prevention services: We use Stripe Radar and other tools that may provide risk scores or flags based on your IP address, device fingerprint, and transaction history.
Advertising platforms (Google Ads, Meta/Facebook, Pinterest): If you click on our ad, these platforms may share conversion data (e.g., that you made a purchase) without identifying you personally unless you are logged into their service.
Email service providers: We use email marketing platforms (e.g., Klaviyo, Mailchimp) that track open rates and click-throughs on our emails.

1.4 Sensitive Personal Information

We do not knowingly collect sensitive personal information such as Social Security numbers, driver’s license numbers, racial or ethnic origin, political opinions, religious beliefs, biometric data, health data, or sexual orientation. If we inadvertently receive such information, we will delete it promptly. Please do not share sensitive information with us.

2. How We Collect Your Information

Method	Description	Examples
Direct input	You type information into forms on our Site.	Account registration, checkout, contact form, product review submission.
Cookies and tracking pixels	Small text files or code snippets placed on your browser or device.	Remembering your cart, analytics (Google Analytics), advertising retargeting.
Server logs	Our web server automatically records requests.	IP address, time of request, page URL.
Email tracking	Pixels embedded in our emails.	Whether you opened an email, which links you clicked.
Phone calls	With your consent (where required).	Call recording for training and quality assurance.
Third-party integrations	Data passed from Stripe, shipping carriers, etc.	Payment confirmation, delivery status updates.

3. How We Use Your Information

We use your personal information only for legitimate business purposes, as described below.

3.1 To Process and Fulfill Your Orders

Verify payment and prevent fraud (via Stripe).
Pack and ship your Bed Throws, Duvet Covers, Pillow Inserts, Quilts, and Comforters to the address you provide.
Send order confirmations, shipping updates, and delivery notifications.
Process returns, exchanges, and refunds under our Refund and Return Policy.
Provide customer support and respond to your inquiries.

Legal basis (for GDPR): Performance of a contract.

3.2 To Improve and Personalize Your Experience

Analyze browsing behavior to optimize our website layout and product recommendations.
Remember items in your shopping cart if you leave and return.
Show you products that are relevant to your size and style preferences.
Improve our product offerings based on aggregate purchase data (e.g., “70% of customers who bought this Quilt also bought this Pillow Insert”).

Legal basis: Legitimate interests (improving our services) or consent (for cookies, where required).

3.3 To Communicate With You (Marketing and Promotions)

Send you promotional emails about new products, sales, and exclusive offers if you have opted in (you can unsubscribe at any time).
Administer contests, sweepstakes, and referral programs.
Send you abandoned cart reminders (if you added items but did not complete checkout).
Request product reviews after your purchase.

Legal basis: Consent (for marketing emails) or legitimate interests (abandoned cart reminders – we provide opt-out).

3.4 For Legal Compliance and Fraud Prevention

Detect, investigate, and prevent fraudulent transactions or abuse of our policies.
Comply with applicable laws, regulations, court orders, or government requests.
Enforce our Terms and Conditions and other agreements.
Protect the rights, property, or safety of Northwind Trade LLC, our customers, or others.

Legal basis: Legal obligation or legitimate interests.

3.5 For Internal Analytics and Business Operations

Generate sales reports, inventory forecasts, and marketing performance metrics.
Conduct internal audits and quality assurance.
Train our customer service team using anonymized or recorded calls (with consent).

Legal basis: Legitimate interests (business efficiency and improvement).

4. Legal Bases for Processing (GDPR and Other Laws)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal information under the following legal bases as defined in the General Data Protection Regulation (GDPR):

Processing Activity	Legal Basis
Order fulfillment, shipping, returns	Performance of a contract (Article 6(1)(b))
Customer service communications	Performance of a contract or legitimate interests (Article 6(1)(f))
Marketing emails (with opt-in)	Consent (Article 6(1)(a))
Fraud prevention and legal compliance	Legal obligation (Article 6(1)(c)) or legitimate interests (Article 6(1)(f))
Analytics and website improvement	Legitimate interests (Article 6(1)(f)) – we balance your rights against our business needs
Cookies (non-essential)	Consent (where required by ePrivacy Directive)

You have the right to withdraw consent at any time (e.g., by unsubscribing from emails or changing your cookie preferences). Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

5. Sharing and Disclosure of Information

We do not sell your personal information to third parties. We do not rent or trade email lists. However, we share your data with trusted third-party service providers who help us operate our business. These providers are contractually obligated to use your data only for the specific services we request and to protect it with appropriate security measures.

5.1 Service Providers (Processors)

Category	Third Party	Data Shared	Purpose
Payment processing	Stripe (stripe.com)	Payment token, last 4 digits of card, billing address, email	Process payments, prevent fraud
Email marketing	Klaviyo / Mailchimp	Email address, name, order history (anonymized for some metrics)	Send promotional emails, abandoned cart reminders, order confirmations
Shipping carriers	USPS, UPS, FedEx	Name, shipping address, phone number, email (for tracking notifications)	Deliver your order
Website hosting & analytics	Shopify (our platform), Google Analytics	IP address, browsing behavior, device information	Host the Site, analyze traffic
Customer support	Gmail (Google Workspace), Zendesk (if implemented)	Email content, order number, name	Respond to inquiries, manage tickets
Fraud prevention	Stripe Radar, Signifyd (if used)	IP address, device fingerprint, order details	Block fraudulent transactions
Product reviews	Judge.me / Yotpo (if used)	Name (optional), email, order number	Collect and display reviews

5.2 Legal Compliance and Safety

We may disclose your personal information if required by law, subpoena, court order, or government regulation. We may also disclose information to:

Enforce our Terms and Conditions or other policies.
Protect the rights, property, or safety of Northwind Trade LLC, our customers, or the public.
Respond to an emergency involving the risk of death or serious physical injury.

5.3 Business Transfers

If Northwind Trade LLC is involved in a merger, acquisition, bankruptcy, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Site before your data becomes subject to a different privacy policy.

5.4 Aggregate and Anonymized Data

We may share aggregated, anonymized data (which cannot reasonably identify you) with third parties for research, marketing, or analytics purposes. For example, “15% of our customers who buy a Duvet Cover also buy a Pillow Insert within 30 days.”

6. International Data Transfers

Northwind Trade LLC is based in the United States (Albuquerque, New Mexico). If you are located outside the US, your personal information will be transferred to and processed in the US. US data protection laws may not be equivalent to those in your country.

6.1 For EEA, UK, and Swiss Customers

We transfer data from the EEA, UK, and Switzerland to the US only under one or more of the following legal mechanisms:

Standard Contractual Clauses (SCCs) adopted by the European Commission, which impose data protection obligations on the data importer (us). You may request a copy of the SCCs by contacting anhnln1512@gmail.com.
Adequacy decisions: The European Commission has determined that some countries provide adequate protection. The US does not currently have an adequacy decision for general data transfers, so we rely on SCCs.

Our key service providers (Stripe, Shopify, Google, Klaviyo) also participate in the EU-US Data Privacy Framework (if applicable) or provide their own SCCs. Please review their privacy policies for details.

6.2 Your Rights Regarding International Transfers

You have the right to object to the transfer of your data to the US. However, if you object, we may not be able to process your order or provide our services. In that case, we will ask you not to use the Site.

7. Cookies and Tracking Technologies

Cookies are small text files stored on your device when you visit a website. We use cookies and similar technologies (pixels, web beacons, local storage) to enhance your experience on northwindtrade.shop.

7.1 Types of Cookies We Use

Category	Purpose	Examples	Expiration
Essential (Strictly Necessary)	Enable core functionality: shopping cart, checkout, login, security. Cannot be disabled.	`cart`, `secure_session_id`, `_shopify_y`	Session or up to 2 weeks
Functional	Remember your preferences (language, region, saved items).	`currency`, `locale`	Up to 1 year
Analytics / Performance	Collect anonymous usage data to improve the Site.	Google Analytics (`_ga`, `_gid`), Hotjar	Up to 2 years
Targeting / Advertising	Track your browsing across websites to show relevant ads on Google, Facebook, etc.	`_fbp`, `_gcl_au`, `test_cookie`	Up to 90 days

7.2 Your Cookie Choices

Browser settings: Most browsers allow you to block or delete cookies. However, blocking essential cookies will prevent you from using our checkout. Instructions:
- Chrome: Settings → Privacy and security → Cookies and other site data.
- Safari: Preferences → Privacy → Block all cookies.
- Firefox: Options → Privacy & Security → Cookies and Site Data.
Cookie consent banner: When you first visit our Site, you will see a banner allowing you to accept or reject non-essential cookies (analytics and targeting). You can change your preferences at any time by clicking the “Cookie Preferences” link in the footer.
Google Analytics opt-out: Install the Google Analytics Opt-out Browser Add-on.
Interest-based advertising: Opt out of personalized ads via the Digital Advertising Alliance or your device settings (Limit Ad Tracking on iOS, Opt out of Ads Personalization on Android).

7.3 Do Not Track (DNT)

Some browsers have a “Do Not Track” feature that signals websites not to track you. Our Site does not currently respond to DNT signals because there is no consistent industry standard. However, you can control cookies as described above.

8. Your Privacy Rights and Choices

Depending on where you live, you may have certain rights regarding your personal information. We honor these rights for all customers, regardless of location, to the extent feasible.

8.1 General Rights (Applicable to All Users)

Access: You may request a copy of the personal information we hold about you.
Correction: You may ask us to correct inaccurate or incomplete information.
Deletion: You may request that we delete your personal information, subject to legal exceptions (e.g., we need to retain order records for tax purposes).
Objection/Restriction: You may object to certain processing (e.g., marketing emails) or request that we temporarily restrict processing.
Portability: You may request a machine-readable copy of your data (e.g., JSON or CSV) to transfer to another company.

8.2 How to Exercise Your Rights

The fastest way is to email anhnln1512@gmail.com with the subject line “PRIVACY REQUEST – [Your Right]”. Please include:

Your full name and email address used on our Site.
Specific details of your request (e.g., “I want to access all my order history and account data” or “Please delete my account”).
Proof of identity (we may ask for a copy of a government ID or a signed declaration to prevent unauthorized access).

We will respond within 30 days (or sooner where required by law). If your request is complex, we may extend the response period by an additional 30 days and notify you of the extension.

8.3 Opt-Out of Marketing Emails

You can unsubscribe from our promotional emails by clicking the “Unsubscribe” link at the bottom of any marketing email. You will continue to receive transactional emails (order confirmations, shipping updates) because they are necessary for your purchase. If you wish to stop all emails (including transactional), you must close your account and request deletion of your data, but then you will not be able to place future orders.

8.4 No Discrimination

We will not discriminate against you for exercising your privacy rights. You will not be denied goods or services, charged different prices, or receive a different level of service solely because you made a privacy request (unless the request prevents us from fulfilling an order, e.g., if you ask to be deleted before your order ships).

9. Data Security

We take the security of your personal information extremely seriously. We implement a combination of technical, administrative, and physical safeguards designed to protect against unauthorized access, use, alteration, or destruction.

9.1 Technical Measures

Encryption in transit: All data transmitted between your browser and our Site is encrypted using TLS 1.2 or higher (look for the padlock icon in your browser address bar).
Encryption at rest: Personal information stored on our servers (e.g., order history) is encrypted using AES-256.
Payment tokenization: As noted, we never store full credit card numbers. Stripe handles all payment data separately.
Access controls: Only specific employees (customer service, warehouse managers) have access to your personal information, and only when necessary to perform their jobs. Access is logged and audited.
Firewalls and intrusion detection: Our hosting provider (Shopify) and we use firewalls and monitoring systems to detect unauthorized access attempts.

9.2 Administrative Measures

Employee training: All Northwind Trade LLC employees receive annual privacy and security training. They sign confidentiality agreements.
Vendor assessments: Before we share data with any third-party service provider, we review their security practices and require them to sign data processing agreements.
Incident response plan: In the event of a data breach, we have a plan to contain the breach, notify affected individuals and regulators as required by law, and prevent future incidents.

9.3 Limits of Security

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. If you have reason to believe that your interaction with us is no longer secure (e.g., you suspect a breach of your account), please notify us immediately at anhnln1512@gmail.com.

9.4 Breach Notification

If we become aware of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours (where required by law, such as under GDPR). Notification will be sent to the email address we have on file for you.

10. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

10.1 Specific Retention Periods

Type of Data	Retention Period	Rationale
Order records (name, address, product purchased, price)	7 years from the date of last order	US tax law requires us to maintain sales records for audit purposes (IRS Section 6001).
Customer account information (email, hashed password, saved addresses)	Until you delete your account, plus 30 days	To allow you to log in and access order history. After deletion, we may retain anonymized order data.
Marketing email consent records	5 years from last interaction	To prove that you opted in, as required by CAN-SPAM and GDPR.
Customer service emails and chat transcripts	3 years from last message	To resolve disputes and train our team.
Website analytics (Google Analytics)	14 months (default)	To analyze trends; data is aggregated or anonymized after that.
Payment tokens (from Stripe)	As long as Stripe retains them – typically 2 years after last transaction	Stripe’s retention policy governs.

10.2 Deletion Requests

If you request deletion of your personal information, we will delete or anonymize your data within 30 days, except where retention is required by law (e.g., tax records). In that case, we will isolate the data from further processing until the retention period expires.

10.3 Inactive Accounts

If you have an account with us and have not placed an order or logged in for 5 years, we may send you a notice asking if you wish to keep the account active. If you do not respond within 30 days, we will delete your account and all associated personal information (except anonymized order history required for tax purposes).

11. Children’s Privacy

Our Site and products are intended for adults aged 18 years and older. We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at anhnln1512@gmail.com. We will take steps to delete that information promptly.

If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will delete it as soon as possible. We do not use any third-party services that knowingly collect data from children (e.g., Google Analytics is configured to not track users under 13).

12. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA) grant you additional rights. This section applies to you.

12.1 Categories of Personal Information Collected (CCPA)

In the past 12 months, we have collected the following categories of personal information from California residents:

Category	Examples	Collected?
Identifiers	Name, email address, IP address, phone number, shipping/billing address	Yes
Customer records (Cal. Civ. Code § 1798.80(e))	Credit card type, last 4 digits (not full number), purchase history	Yes
Commercial information	Products purchased, returns, order value	Yes
Internet activity	Browsing history, search queries, interaction with our Site	Yes
Geolocation data	Approximate location derived from IP address	Yes
Inferences	Preferences, shopping behavior, likelihood to purchase	Yes

We do not collect sensitive personal information as defined by CPRA (SSN, driver’s license, precise geolocation, etc.).

12.2 Sources of Personal Information (CCPA)

We collect the categories listed above from:

You directly (when you provide information).
Your devices automatically (cookies, logs).
Service providers (Stripe, shipping carriers).

12.3 Business Purposes for Collection (CCPA)

We collect and use your personal information for the business purposes described in Section 3 of this policy, including:

Performing services (fulfilling orders, processing payments).
Auditing interactions (counting ad impressions, reviewing compliance).
Security and fraud detection.
Debugging and repairing errors.
Short-term transient use (e.g., showing you items in your cart).
Internal research and product development.
Quality control and improvement.

12.4 Sharing for Cross-Context Behavioral Advertising (CCPA)

We do not “sell” personal information as defined by the CCPA (i.e., exchanging data for monetary compensation). However, we do “share” personal information for cross-context behavioral advertising (e.g., using Google Ads or Facebook Pixel to show you ads based on your browsing on our Site). You have the right to opt out of this sharing.

To opt out of the sharing of your personal information for cross-context behavioral advertising, please:

Click the “Your Privacy Choices” link in the footer of our Site (this will set a Global Privacy Control signal, if supported by your browser).
Or email anhnln1512@gmail.com with “CCPA OPT-OUT – SHARING” in the subject line.

12.5 CCPA Rights – California Residents

You have the right to:

Know what personal information we have collected about you, including categories, sources, purposes, and third parties with whom it is shared.
Request deletion of your personal information (subject to exceptions).
Opt out of the sharing of your personal information for cross-context behavioral advertising.
Correct inaccurate personal information.
Limit the use of sensitive personal information (we do not collect sensitive PI).
Non-discrimination as described in Section 8.4.

To exercise your CCPA rights, email anhnln1512@gmail.com with “CCPA REQUEST – [Right]” in the subject line. You may also call +840329633706 (Monday–Friday, 10 AM – 6 PM MT). We will verify your identity by asking for your name, email address, and order number from a recent purchase. Authorized agents may submit requests on your behalf with written permission.

We will respond to verifiable requests within 45 days (extendable by another 45 days if necessary). There is no fee for making a request, unless the request is excessive or repetitive.

12.6 California’s Shine the Light Law (Civil Code § 1798.83)

California residents may request a list of third parties to whom we have disclosed their personal information for direct marketing purposes during the preceding calendar year. We do not share personal information with third parties for their own direct marketing purposes without your consent. To request this information, email anhnln1512@gmail.com with “Shine the Light Request” in the subject line.

13. Nevada Privacy Rights

Nevada residents have the right to opt out of the sale of their personal information. As stated above, we do not sell personal information. However, if you wish to submit an opt-out request (to be effective if we ever change our practices), please email anhnln1512@gmail.com with “Nevada Opt-Out” and provide your name and email address.

14. Virginia, Colorado, Connecticut, Utah Privacy Rights

If you are a resident of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), or Utah (UCPA), you have similar rights to those under the CCPA, including:

Right to access, correct, delete, and port your data.
Right to opt out of the processing of your personal information for targeted advertising (which we do via cookies – see Section 7).
Right to opt out of the sale of your data (we do not sell).
Right to appeal a denial of your request (within a reasonable timeframe).

To exercise these rights, email anhnln1512@gmail.com with your state name in the subject line (e.g., “Virginia Privacy Request”). We will respond within 45 days. If we deny your request, we will provide a reason and instructions for appealing.

15. European Union and UK Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the General Data Protection Regulation (GDPR) and its UK equivalent apply.

15.1 Your GDPR Rights

You have the following rights:

Right	Description
Right to be informed	You have the right to know how we collect and use your data (this Privacy Policy fulfills that).
Right of access	You can request a copy of your personal data (Subject Access Request).
Right to rectification	You can correct inaccurate or incomplete data.
Right to erasure (right to be forgotten)	You can request deletion of your data, subject to legal retention obligations.
Right to restrict processing	You can ask us to temporarily stop processing your data under certain circumstances (e.g., if you contest its accuracy).
Right to data portability	You can request a machine-readable copy of your data to transfer to another controller.
Right to object	You can object to processing based on legitimate interests (including direct marketing).
Rights related to automated decision-making	We do not use fully automated decision-making that has legal effects on you. Stripe may use automated fraud scoring, but you may request human review by contacting us.

15.2 How to Exercise GDPR Rights

Email anhnln1512@gmail.com with “GDPR REQUEST – [Right]” in the subject line. We may ask for proof of identity (passport or national ID with sensitive data redacted). We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, the CNIL in France, or the DPC in Ireland).

15.3 UK Representative

For UK residents, our representative under the UK GDPR can be contacted at anhnln1512@gmail.com (please note “UK GDPR Representative” in the subject line). We are a small business and do not have a physical presence in the UK; however, we comply with UK data protection law.

15.4 EU Representative

For EEA residents, our EU representative is not required under Article 27 of the GDPR because we do not systematically monitor data subjects in the EU at scale, and our processing is occasional and low-risk. If you are an EU resident and need to contact us, please use anhnln1512@gmail.com.

16. Third-Party Links and Services

Our Site may contain links to third-party websites, including social media platforms (Facebook, Instagram, Pinterest), payment pages (Stripe checkout that appears embedded but is actually Stripe’s domain), and carrier tracking pages. When you click on a link to a third-party site, you leave northwindtrade.shop. We have no control over and assume no responsibility for the privacy practices or content of those third-party sites. We encourage you to read their privacy policies before providing any personal information.

16.1 Social Media Features

We may use social media “share” buttons or “like” buttons. Those features are hosted by the respective social media platforms and may collect your IP address, the page you are visiting, and set cookies to function properly. Your interaction with these features is governed by the privacy policy of the company providing them.

16.2 Embedded Content

Articles, videos, or product reviews may include embedded content (e.g., YouTube videos). Embedded content from other websites behaves exactly as if you visited that other website. Those websites may collect data about you, use cookies, embed third-party tracking, and monitor your interaction with the embedded content.

17. Do Not Track Signals

Some browsers offer a “Do Not Track” (DNT) feature that signals to websites that you do not wish to be tracked. As noted in Section 7.3, we do not currently change our behavior in response to DNT signals because there is no universal standard for implementing DNT. However, we honor the Global Privacy Control (GPC) signal, which is a more modern standard. If your browser sends a GPC signal (available in Brave, Firefox, and some extensions), we will treat that as a request to opt out of the sharing of your personal information for cross-context behavioral advertising (CCPA opt-out).

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The “Last Revised” date at the bottom of this page indicates when the latest version was posted.

Minor changes (e.g., clarifying wording, updating contact information) will be effective immediately upon posting.
Material changes (e.g., new categories of data collection, changes to how we share data) will be effective 30 days after posting, or earlier if required by law. We will notify you of material changes by:
- Posting a prominent notice on our Site homepage.
- Sending an email to the address associated with your account (if you have one).

Your continued use of the Site after any changes (with notice of material changes) constitutes your acceptance of the revised Privacy Policy. If you do not agree, you must stop using the Site and request deletion of your personal information.

19. Contact Information and Data Protection Officer

For privacy-related questions, to exercise your rights, to report a suspected data breach, or to reach our designated Data Protection Officer (DPO) – we have appointed an internal DPO for GDPR and CCPA compliance – please use the following contact methods.

19.1 Primary Contact

Email: anhnln1512@gmail.com
(For fastest response, put “PRIVACY” in the subject line.)

Phone: +840329633706
(Monday–Friday, 10 AM – 6 PM Mountain Time. For privacy matters, ask to speak with the Data Protection Officer.)

Postal Mail (for formal written requests):
Northwind Trade LLC – Privacy Officer
1209 MOUNTAIN ROAD PL NE, STE R
ALBUQUERQUE, NM 87110
United States

19.2 Data Protection Officer

Our Data Protection Officer is available to address concerns regarding our processing of your personal information. You may contact the DPO directly at anhnln1512@gmail.com with “ATTN: DPO” in the subject line.

19.3 Complaints to Supervisory Authorities

If you believe we have violated your privacy rights, you have the right to lodge a complaint with a supervisory authority. In the US, you may contact the Federal Trade Commission (FTC) at ftc.gov/complaint. In the EU, you may contact your local Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu/about-edpb/about-edpb/members. In the UK, the authority is the Information Commissioner’s Office (ICO) at ico.org.uk.

We ask that you contact us first so we have the opportunity to resolve your concern before you file a complaint with a regulator.

Summary – Key Privacy Facts at a Glance

Question	Answer
Do you sell my data?	No, never.
Do you share my data with advertisers?	We allow advertising pixels (Facebook, Google) that may collect browsing data for retargeting. You can opt out via cookie banner.
How long do you keep my data?	Order records: 7 years (tax). Account data: until you delete it.
Can I delete my data?	Yes, email anhnln1512@gmail.com with “PRIVACY REQUEST – Delete.”
Do you respond to Do Not Track?	Not currently, but we honor Global Privacy Control (GPC).
Is my payment info safe?	Yes – Stripe handles it; we never see full card numbers.
Who is your DPO?	Contact anhnln1512@gmail.com – we will route to our internal DPO.

Last Revised: March 31, 2026

Thank you for trusting Northwind Trade LLC with your personal information. We are committed to protecting your privacy just as much as we are committed to helping you sleep better with our premium Bed Throws, Blankets, Duvet Covers, Pillow Inserts, and Quilts + Comforters. If you have any questions or concerns, please reach out. We are here for you.

Sign up for Newsletter

Northwind Trade LLC

My account

Information