Privacy Policy

Who We Are

Joseph Ejiro LLC is a luxury demi-couture fashion brand and limited liability company registered in the State of California, United States. Our website address is josephejiro.co.

For privacy-related questions or requests, please contact us at:

Information We Collect

We collect personal information that you provide to us directly, as well as information collected automatically when you use the Site.

Information you provide directly:

• Name, email address, phone number, and billing and shipping addresses when you create an account or place an order
• Payment information (processed securely through our payment provider; we do not store full card numbers)
• Body measurements and sizing information provided when placing custom or made-to-order requests
• Communications you send us via email, contact forms, or customer service enquiries
• Newsletter and marketing opt-in information
• Comments or content posted on the Site
• Wholesale and business enquiry information

Information collected automatically:

• IP address and approximate geographic location
• Browser type, operating system, and device information
• Pages visited, time spent on the Site, and referring URLs
• Cookie identifiers and session data
• Purchase history and browsing behavior on the Site

How We Use Your Information

We use the personal information we collect for the following purposes:

• Processing and fulfilling your orders, including custom and made-to-order garments
• Communicating with you about your order status, shipping updates, and account activity
• Providing customer service and responding to your enquiries
• Processing returns, exchanges, and refunds where applicable
• Sending you marketing communications if you have opted in (you may opt out at any time)
• Improving the Site, our products, and our services
• Detecting and preventing fraud, unauthorized access, and other security issues
• Complying with applicable US federal and California state laws and regulations
• Enforcing our Terms and Conditions and other agreements

We do not sell your personal information to third parties. We do not use your personal information to make automated decisions that have a legal or similarly significant effect on you without human review.

Cookies

We use cookies and similar tracking technologies to enhance your experience on the Site. A cookie is a small text file stored on your device when you visit a website.

Types of cookies we use:

• Essential cookies — required for the Site to function, including shopping cart and checkout functionality. These cannot be disabled.
• Authentication cookies — set when you log in to your account. Login cookies last for two days; if you select "Remember Me," your login persists for two weeks. These are removed when you log out.
• Preference cookies — save your display choices and screen preferences. These last for one year.
• Comment cookies — if you leave a comment on the Site and opt in, your name, email address, and website are saved in cookies for one year for your convenience.
• Analytics cookies — help us understand how visitors use the Site so we can improve it. We may use services such as Google Analytics for this purpose.
• Marketing cookies — used to deliver relevant advertisements and track the effectiveness of our marketing campaigns, including via Meta (Facebook/Instagram) Pixel.

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the Site, including your ability to place orders.

Media and Uploaded Content

If you upload images or other media to the Site, you should avoid uploading files with embedded location data (EXIF GPS) included, as visitors to the Site may be able to download and extract that location data from publicly accessible images.

Embedded Content from Other Websites

Pages on this Site may include embedded content such as videos, images, or social media feeds from third-party platforms. Embedded content from other websites behaves in the same way as if you had visited those websites directly. Those third-party websites may collect data about you, use cookies, embed additional tracking technologies, and monitor your interaction with the embedded content, particularly if you have an account with them and are logged in.

How We Share Your Information

We do not sell your personal information. We may share your information with trusted third parties only as necessary to operate our business and fulfill your orders:

• Payment processors — to securely process your payment transactions (e.g., Stripe, PayPal, or other providers)
• Shipping and logistics providers — to fulfill and deliver your orders
• Email and marketing platforms — to send transactional and marketing communications (e.g., Mailchimp or equivalent)
• Website hosting and technology providers — to operate and maintain the Site
• Analytics providers — to understand Site usage and improve our services (e.g., Google Analytics)
• Social media platforms — through advertising pixels if you have interacted with our ads (e.g., Meta Pixel)
• Law enforcement or government authorities — if required to do so by applicable law, court order, or legal process

All third-party service providers are required to handle your information securely and only for the purposes we specify. If you request a password reset, your IP address will be included in the reset email as a security measure.

How Long We Retain Your Data

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, including for legal, accounting, and reporting obligations.

• Order and transaction records are retained for a minimum of seven (7) years in accordance with US tax and accounting requirements
• Account information is retained for as long as your account is active, and for a reasonable period thereafter
• Comments and their metadata may be retained indefinitely to support comment moderation
• Marketing opt-in records are retained until you unsubscribe or request deletion

You may request deletion of your personal data at any time (see Your Rights below). We will comply unless we are required by law to retain the information.

Data Security

We implement reasonable technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. These include secure HTTPS connections, encrypted payment processing, and access controls on our systems.

However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at he***@*********ro.co.

Your Rights Over Your Data

If you have an account on the Site, or have left comments or placed orders, you have the right to:

• Access a copy of the personal data we hold about you
• Correct inaccurate or incomplete personal data
• Request deletion of your personal data, subject to legal retention requirements
• Opt out of marketing communications at any time by clicking "Unsubscribe" in any email or contacting us directly
• Request that we restrict processing of your data in certain circumstances

To exercise any of these rights, please contact us at he***@*********ro.co. We will respond to verified requests within 30 days.

California Privacy Rights (CCPA / CPRA)

As a California resident, you have the right to:

• Know what personal information we collect, use, disclose, and sell about you
• Delete personal information we have collected, subject to certain exceptions
• Correct inaccurate personal information we hold about you
• Opt out of the sale or sharing of your personal information — we do not sell personal information
• Limit use of sensitive personal information to purposes necessary to provide our services
• Non-discrimination — we will not discriminate against you for exercising any of your privacy rights

Categories of personal information collected in the past 12 months:

• Identifiers (name, email address, IP address, account username)
• Commercial information (purchase history, payment details)
• Internet or other electronic network activity (browsing behavior on the Site)
• Geolocation data (approximate location based on IP address)
• Inferences drawn from the above to create a profile about your preferences

To submit a CCPA/CPRA request, please contact us at he***@*********ro.co with the subject line "California Privacy Request." We will verify your identity before processing your request and respond within 45 days as required by law.

You may also designate an authorized agent to make a request on your behalf by providing written authorization along with your request.

European Economic Area, United Kingdom & Switzerland — GDPR

Our lawful bases for processing your personal data are:

• Contract performance — processing necessary to fulfil your order, manage your account, and provide our services
• Legitimate interests — fraud prevention, security, improving our services, and direct marketing to existing customers (where not overridden by your interests or rights)
• Legal obligation — compliance with applicable laws and regulations
• Consent — for marketing communications and non-essential cookies, where we have obtained your explicit consent

As an EEA, UK, or Swiss resident, you have the right to:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations
• Restriction — request that we restrict processing of your data in certain circumstances
• Data portability — receive your data in a structured, machine-readable format and transfer it to another controller
• Object — object to processing based on legitimate interests or for direct marketing purposes
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing
• Lodge a complaint — lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, or your national data protection authority in the EEA)

To exercise any of these rights, please contact us at he***@*********ro.co with the subject line "GDPR Privacy Request." We will respond within 30 days. For UK residents, the relevant supervisory authority is the Information Commissioner's Office (ICO) at ico.org.uk.

Cookie consent: In accordance with the EU ePrivacy Directive and applicable national cookie laws, we obtain your consent before placing non-essential cookies on your device. You may withdraw cookie consent at any time through your browser settings.

Marketing: We will only send you marketing communications with your explicit consent. You may withdraw consent at any time by clicking "Unsubscribe" in any email or contacting us directly.

Canada — PIPEDA and Provincial Laws

We collect, use, and disclose your personal information only with your knowledge and consent, except where permitted by law. You have the right to:

• Know why we collect your personal information before or at the time of collection
• Access the personal information we hold about you
• Challenge the accuracy and completeness of your information and have it amended
• Withdraw consent at any time, subject to legal or contractual restrictions
• Lodge a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca

Quebec residents (Law 25): You have additional rights including the right to data portability, the right to de-indexation, and the right to be informed of automated decision-making. Where we use automated processing that produces legal or significant effects, you may request human review. Our Privacy Officer can be contacted at he***@*********ro.co.

Australia — Privacy Act 1988

We handle your personal information in accordance with the Australian Privacy Principles. You have the right to:

• Access the personal information we hold about you
• Request correction of personal information that is inaccurate, out of date, incomplete, or misleading
• Complain about a breach of the APPs to us in the first instance, and if unresolved, to the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au

We will generally respond to access or correction requests within 30 days. We do not use your information for direct marketing without your consent, and you may opt out of direct marketing at any time.

Brazil — LGPD

Under the LGPD, you have the right to:

• Confirm whether we process your personal data
• Access your personal data
• Correct incomplete, inaccurate, or outdated data
• Anonymize, block, or delete unnecessary or excessive data
• Request portability of your data to another service or product provider
• Delete personal data processed with your consent
• Obtain information about public and private entities with which we share your data
• Revoke consent at any time
• Lodge a complaint with the Autoridade Nacional de Proteção de Dados (ANPD)

Our lawful bases for processing under the LGPD include contract performance, legitimate interests, legal obligation, and consent where applicable. To exercise your rights, contact us at he***@*********ro.co.

Japan — Act on Protection of Personal Information (APPI)

We handle your personal information in accordance with the APPI. You have the right to:

• Request disclosure of your personal information held by us
• Request correction, addition, or deletion of your personal information if it is incorrect
• Request suspension of use or erasure of your personal information
• Request suspension of third-party provision of your personal information

Transfers of your personal data to Japan from the United States are made in compliance with applicable cross-border transfer requirements. To exercise your rights, contact us at he***@*********ro.co.

South Korea — PIPA

Under PIPA, you have the right to:

• Access, correct, delete, or suspend processing of your personal information
• Withdraw consent to collection and use of your personal information
• Lodge a complaint with the Personal Information Protection Commission (PIPC) at pipc.go.kr

We collect your personal information only for the purposes stated in this policy and retain it only for as long as necessary or as required by law. To exercise your rights, contact us at he***@*********ro.co.

Additional US State Privacy Rights

In addition to California (CCPA/CPRA), the following US states have enacted comprehensive privacy laws that may apply to you. In each case, we do not sell your personal data, and you may contact us to exercise your rights:

• Virginia (VCDPA) — residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising and profiling
• Colorado (CPA) — residents have the right to access, correct, delete, and port their personal data, and to opt out of targeted advertising, sale of data, and profiling
• Connecticut (CTDPA) — residents have the right to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising and profiling
• Utah (UCPA) — residents have the right to access, delete, and obtain a copy of their personal data, and to opt out of targeted advertising and sale of personal data
• Texas (TDPSA) — residents have the right to access, correct, delete, and obtain a copy of their personal data, and to opt out of targeted advertising, sale, and profiling
• Florida (FDBR) — residents of Florida have the right to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising and sale of personal data
• Oregon (OCPA) — residents have the right to access, correct, delete, and obtain a copy of personal data and to opt out of targeted advertising, sale, and profiling
• Montana (MCDPA) — residents have the right to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising and sale

To exercise any of the above state privacy rights, please contact us at he***@*********ro.co with the subject line "US State Privacy Request" and the state you reside in. We will respond within the timeframe required by your state's law.

We will not deny, charge different prices, or provide a different level of service to you as a result of exercising any privacy right.

Children's Privacy

The Site is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at he***@*********ro.co and we will delete it promptly. Our services are intended for individuals 18 years of age and older.

Third-Party Links

The Site may contain links to third-party websites, social media platforms, or other external services. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices or content of any third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

International Data Transfers

The Site is operated from San Diego, California, United States. If you are accessing the Site from outside the United States, your personal information will be transferred to, stored, and processed in the United States. Data protection laws in the United States may differ from those in your country.

Where we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries not deemed adequate by the European Commission, we rely on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission, or other lawful transfer mechanisms as required by applicable law.

By using the Site, you acknowledge and consent to this international transfer and processing of your personal information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this Privacy Policy periodically. Your continued use of the Site after any changes constitutes your acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal information, please contact us:

We aim to respond to all privacy-related enquiries within 5 business days.