Privacy policy
This Privacy Policy describes how tntmagic.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site.
Contact
After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us by e-mail at ron@tntmagic.com or by mail using the details provided below:
TNT Magic
Attn: Privacy
2729 Old Washington Road
Westminster MD 21157
United States
Collecting Personal Information
When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.
- Device information
- Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site. You can also add yourself to our mailing list. We will notify you of new products, events, lectures, magic shows, or announcements from TNT Magic. We may also use information or cookies on your computer for affiliate programs we are associated with. This allows us to share sales from 3D party sites and magic creators. We may also use information for remarketing and/or social media search sites.
- Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, pixels, and/or Social Media Analytics.
- Disclosure for a business purpose: shared with our parent company 3D ICC (www.3dicc.com), our processor Shopify, Google for Analytics and Marketing, Facebook Analytics and Marketing.
- Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site, what you purchased, and your interests for Marketing.
- Order information
- Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
- Source of collection: collected from you.
- Disclosure for a business purpose: shared with our processor Shopify, PayPal for payment processing, Shipping companies you select to ship items to you, Cookies for Search Companies for Re-Marketing, and Cookies Social Media for Re-Marketing.
- Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers), email address, and phone number.
- Customer support information
- Purpose of collection: We collect information you provide to understand your and respond to your support request. Information maybe used to help improve our customer service or for training purposes.
- Source of collection: We collect the information you provide for support requests.
- Disclosure for a business purpose: This information maybe be used to solve customer issues, issue refunds, send out replacements, or conduct surveys to improve our customer service process.
- Personal Information collected: Email address, phone number, physical address, order number, payment information and problem description.
- Purpose of collection: to provide customer support.
- Source of collection: collected from you
- Disclosure for a business purpose: We use Zendesk for providing customer support. Your data is kept on that 3rd party system.
Minors
The Site is not intended for individuals under the age of 3 years old. If you are 3 you are old enough to start your magic career but until you are 13 we ask that you share this site with your parents and let them do the purchasing. When you are 13, if you have your own bank account and your parents agree to let you use this site, that is great, but please discuss each purchase with your parents first! You may be able to get your parents to pay for it instead! After 18 you can do whatever you want! We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information please contact us at the address above to request deletion.
Sharing Personal Information
We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:
- We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
- We use Zendesk For support tracking: https://www.zendesk.com/company/agreements-and-terms/privacy-notice/
- We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
- We use PayPal for payment processing: https://www.paypal.com/us/legalhub/privacy-full
Behavioral Advertising
As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:
- We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
- We use Facebook Analytics to help us reach potential customers.
For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.
You can opt out of targeted advertising by:
[INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED. COMMON LINKS INCLUDE:
FACEBOOK - https://www.facebook.com/settings/?tab=adsGOOGLE - https://www.google.com/settings/ads/anonymous
Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.
Using Personal Information
We use your personal Information to provide our services to you, which includes: offering products for sale, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.
Lawful basis
Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:
- Your consent;
- The performance of the contract between you and the Site;
- Compliance with our legal obligations;
- To protect your vital interests;
- To perform a task carried out in the public interest;
- For our legitimate interests, which do not override your fundamental rights and freedoms.
Retention
When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below. In the event that your information is deleted you may lose access to purchased product information, demonstration videos, documentation, training videos, your notes and comments, and ratings. You will also be unable to make any returns or exchanges.
Automatic decision-making
If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.
We DO NOT engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.
Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.
Services that include elements of automated decision-making include:
- Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
- Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.
Selling Personal Information
We do not sell your personal information.
Your rights
GDPR
GDPR
https://www.eugdpr.org/
Breach Notification
Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This must be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
Right to Access
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them are being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
Right to be Forgotten
Also known as Data Erasure, the right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. The conditions for erasure, as outlined in article 17, include the data no longer being relevant to original purposes for processing, or a data subjects withdrawing consent. It should also be noted that this right requires controllers to compare the subjects’ rights to “the public interest in the availability of the data” when considering such requests.
Data Portability
GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine-readable format‘ and have the right to transmit that data to another controller.
Privacy by Design
Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At its core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. More specifically – ‘The controller shall..implement appropriate technical and organizational measures..in an effective way.. in order to meet the requirements of this Regulation and protect the rights of data subjects’. Article 23 calls for controllers to hold and process only the data absolutely necessary for the completion of its duties (data minimization), as well as limiting the access to personal data to those needing to act out the processing.
PRIVACY SHIELD POLICY
EU-U.S. and Swiss-U.S. Privacy Shields
This Privacy Shield Policy (this “Policy”) applies to personal information transferred to 3D Immersive Collaboration Consulting, LLC (3D ICC) in the United States from organizations subject to data protection law in the European Economic Area (EEA) (which includes the member states of the European Union (EU) plus Iceland, Liechtenstein and Norway) and from Switzerland. This Policy sets out our practices for collecting, using, maintaining, protecting and disclosing that personal information. Please see our Privacy Policy for an explanation of how we collect, use, store, and disclose information about visitors to and subscribers of our websites.
DEFINITIONS
For purposes of this Policy, the following definitions shall apply:
“3D ICC Customer” is any entity that purchases goods or services you are using from 3D ICC including the TNT Magic Virtual Magic World using the Virtend Software.
“3D ICC Reseller” is any entity that sells directly to and is the main interface between 3D ICC and a 3D ICC Customer.
“Personal information” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal information does not include information that is anonymized or aggregated.
“Sensitive information” means any personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information that concerns health or sex life, and information about criminal or administrative proceedings and sanctions.
“Employment information” means any personal information collected in order to comply with employment regulations, payments for employment, employee benefits, and tax reporting.
EU-U.S. AND SWISS-U.S. PRIVACY SHIELD PRINCIPLES
3D ICC participates in and complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from organizations subject to data protection law in the EEA and Switzerland to the United States, respectively. 3D ICC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view 3D ICC certification, visit https://www.privacyshield.gov/.
Notice
3D ICC receives data from customers of its Virtend™ program, from its website, support portal, and support requests. Some of this data includes personal information about individuals in the EEA and Switzerland, which may include basic contact information like name and email address, sales information, and information related to usage, including computer performance characteristics, and configuration information. 3D ICC uses this information for the provision of the services to its customers, customer support for such services, and reporting to meet contractual obligations to either a 3D ICC Customer or 3D ICC Reseller.
3D ICC will subject all personal information received via the Privacy Shield to the EU-U.S. and Swiss-U.S. Privacy Shield Principles. 3D ICC is subject to the investigative and enforcement authority of the Federal Trade Commission (FTC). 3D ICC may be required to disclose personal information in response to lawful requests by public authorities. 3D ICC has potential liability for onward transfers to third parties. Additionally, an individual may be allowed to invoke binding arbitration to resolve disputes under certain limited conditions.
3D ICC will also collect Employment Information for employees and contractors that it hires.
Choice
If you are not a resident of the EEA or Switzerland or we have received your information from you through our websites, applications and services, please see our Privacy Policy for information about your choices.
3D ICC will offer EEA and Swiss individuals whose personal information has been transferred to us the opportunity to choose whether the personal information it has received is to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. An individual may opt-out of such uses of their personal information by contacting us at the address given below.
3D ICC does not collect and will not use sensitive personal information.
Data Integrity and Purpose Limitation
3D ICC will use personal information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. 3D ICC will take reasonable steps to ensure that personal information is relevant to its intended use, accurate, complete and current.
Transfers to Agents
3D ICC does not currently use Agents to process data, in the event that an agent is used 3D ICC may disclose personal information to Agents, including but not limited to, providers of analytical, hosting, payment processing and other support services. Agents may have access to personal information if needed to perform their functions for 3D ICC. 3D ICC does not transfer personal information to non-Agent third parties except as required under contract to 3D ICC Resellers for purposes of reporting to 3D ICC Customers.
3D ICC will require its Agents to safeguard personal information consistent with this Policy by contract obligating the agent to provide at least the same level of protection as is required by the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Under certain circumstances, 3D ICC may bear liability for onward transfers of personal information from the EEA where its Agent processes personal information inconsistent with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, unless 3D ICC proves that it is not responsible for the event giving rise to the damages.
Access and Correction
3D ICC will grant individuals reasonable access to personal information it received pursuant to these Principles. In addition, 3D ICC will take reasonable steps to permit individuals to correct, amend, or delete such information that is demonstrated to be inaccurate or incomplete. An individual may request to access his or her information, or otherwise correct, amend, or delete his or her information pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield Principles by contacting us at the address given below.
Security
3D ICC will take reasonable and appropriate precautions to protect personal information in its possession from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Enforcement
3D ICC will conduct compliance audits of its relevant privacy practices to verify adherence to this Policy. Any employee that 3D ICC determines is in violation of this policy will be subject to disciplinary action.
Dispute Resolution – Privacy Shield
In compliance with the Privacy Shield Principles, 3D ICC commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield Policy should first contact 3D ICC at:
privacy@3dicc.com
3D Immersive Collaboration Consulting, LLC
ATTN: Privacy
2729 Old Washington Road
Westminster, MD 21157
3D ICC has further committed has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU
The panel established by the EU DPAs to resolve disputes pursuant to the Privacy Shield Framework
http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Swiss Federal Data Protection and Information Commissioner (FDPIC)
https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/links/data-protection—international.html
This Policy may be amended from time to time, consistent with the requirements of the EU-U.S. and Swiss-U.S. Privacy Shield Principles. The amended Policy will be made publicly available via 3D ICC website.
If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. [OR INSERT ALTERNATIVE INSTRUCTIONS FOR SENDING ACCESS, ERASURE, CORRECTION, AND PORTABILITY REQUESTS]
Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.
CCPA
If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.
If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address above.
Cookies
A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.
We use the following cookies to optimize your experience on our Site and to provide our services.
Cookies Necessary for the Functioning of the Store
| Name | Function | Duration |
|---|---|---|
| _ab | Used in connection with access to admin. | 2y |
| _secure_session_id | Used in connection with navigation through a storefront. | 24h |
| _shopify_country | Used in connection with checkout. | session |
| _shopify_m | Used for managing customer privacy settings. | 1y |
| _shopify_tm | Used for managing customer privacy settings. | 30min |
| _shopify_tw | Used for managing customer privacy settings. | 2w |
| _storefront_u | Used to facilitate updating customer account information. | 1min |
| _tracking_consent | Tracking preferences. | 1y |
| c | Used in connection with checkout. | 1y |
| cart | Used in connection with shopping cart. | 2w |
| cart_currency | Used in connection with shopping cart. | 2w |
| cart_sig | Used in connection with checkout. | 2w |
| cart_ts | Used in connection with checkout. | 2w |
| cart_ver | Used in connection with shopping cart. | 2w |
| checkout | Used in connection with checkout. | 4w |
| checkout_token | Used in connection with checkout. | 1y |
| dynamic_checkout_shown_on_cart | Used in connection with checkout. | 30min |
| hide_shopify_pay_for_checkout | Used in connection with checkout. | session |
| keep_alive | Used in connection with buyer localization. | 2w |
| master_device_id | Used in connection with merchant login. | 2y |
| previous_step | Used in connection with checkout. | 1y |
| remember_me | Used in connection with checkout. | 1y |
| secure_customer_sig | Used in connection with customer login. | 20y |
| shopify_pay | Used in connection with checkout. | 1y |
| shopify_pay_redirect | Used in connection with checkout. | 30 minutes, 3w or 1y depending on value |
| storefront_digest | Used in connection with customer login. | 2y |
| tracked_start_checkout | Used in connection with checkout. | 1y |
| checkout_one_experiment | Used in connection with checkout. | session |
| checkout_session_lookup | Used in connection with checkout. | 3w |
| checkout_session_token_<<token>> | Used in connection with checkout. | 3w |
| identity-state | Used in connection with customer authentication. | 24h |
| identity-state-<<token>> | Used in connection with customer authentication. | 24h |
| identity_customer_account_number | Used in connection with customer authentication. | 12w |
Reporting and Analytics
| Name | Function | Duration |
|---|---|---|
| _landing_page | Track landing pages. | 2w |
| _orig_referrer | Track landing pages. | 2w |
| _s | Shopify analytics. | 30min |
| _shopify_d | Shopify analytics. | session |
| _shopify_s | Shopify analytics. | 30min |
| _shopify_sa_p | Shopify analytics relating to marketing & referrals. | 30min |
| _shopify_sa_t | Shopify analytics relating to marketing & referrals. | 30min |
| _shopify_y | Shopify analytics. | 1y |
| _y | Shopify analytics. | 1y |
| _shopify_evids | Shopify analytics. | session |
| _shopify_ga | Shopify and Google Analytics. | session |
| customer_auth_provider | Shopify analytics. | session |
| customer_auth_session_created_at | Shopify analytics. | session |
Clicking on a link from inside our TNT Magic Mall or other advertising in the TNT Magic World may result in a cooking for an affiliate program being installed on your computer. This cooking is used for sharing the purchase price with a third party affiliate program or magic creator.
The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.
You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.
Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.
Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioral Advertising” section above.
Do Not Track
Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.
Changes
We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.
Complaints
As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact” above.
If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority see section GDPR.
Last updated: Dec, 20th 2022