← BackPrivacy PolicyTerms of Service

PRIVACY POLICY THE COLLEXN

The Collexn ("we" "us" "our") operates a retail and e-commerce store specializing in trading card games and related accessories. We collect and process personal information in connection with operating that business. By accessing https://thecollexn.com or making a purchase you accept the practices described herein.

INFORMATION WE COLLECT When you place an order or contact us we may collect: name (first and last), email address, shipping address (street city state zip country), phone number if provided, order details (products quantities prices), communications you send to us. When you visit our site we and our service providers automatically collect: IP address, browser type and version, operating system, pages visited and time spent, referring URL, date and time of access, device identifiers, approximate geolocation derived from IP. We do not knowingly collect biometric information, government identifiers, financial account credentials, or precise GPS location. Card numbers are processed directly by Square Inc. and are never stored on our servers.

HOW WE USE INFORMATION To process and fulfill orders. To respond to customer inquiries. To prevent fraud and unauthorized access. To send transactional notifications (order confirmations shipping updates). To comply with tax law sanctioned tournament reporting and retail recordkeeping obligations. To improve site performance and security. To enforce these terms and protect our legal rights. We do not sell your personal information. We do not engage in cross-context behavioral advertising. We do not share your information with third parties except service providers necessary to operate the business (Square for payments Netlify for hosting Bandai/Wizards Play Network for sanctioned tournament reporting) or as required by law.

CHILDREN We do not knowingly collect personal information from children under 13. If you believe a child under 13 has submitted information to us contact the Privacy Officer at the address below for deletion. Pursuant to the Children's Online Privacy Protection Act 15 U.S.C. §6501 et seq. and 16 C.F.R. Part 312 operators of websites directed at children must obtain verifiable parental consent before collecting information. Our Site is not directed at children under 13.

THIRD PARTIES THAT TOUCH YOUR DATA Square Inc. — point-of-sale and online payments — privacy policy at squareup.com/legal/privacy. Netlify Inc. — web hosting and form delivery. Google LLC — Google Fonts loaded via fonts.googleapis.com may log IP address. Meta Platforms Inc. — Facebook and Instagram links subject to Meta's privacy policy when clicked. Whatnot Inc. — live shows when accessed via our links. Bandai Co. Ltd. — sanctioned One Piece Card Game and Union Arena tournament reporting. Wizards of the Coast LLC / Hasbro Inc. — Wizards Play Network sanctioned Magic: The Gathering tournament reporting. Resend Inc. — transactional email delivery if used. Anthropic PBC — chat assistance for store-administration internal tooling. We are not responsible for the privacy practices of any third party.

COOKIES AND LOCAL STORAGE We use cookies and browser localStorage for: maintaining shopping cart state, preventing fraud, improving site performance, authenticated administration sessions. You can configure your browser to refuse cookies — doing so may limit site functionality. We do not respond to Do Not Track signals because there is no industry consensus on what they mean. We do not engage in targeted advertising or sale of personal data within the meaning of CCPA TDPSA or any state consumer privacy law.

LAWS THAT GOVERN HOW WE HANDLE YOUR DATA AND WHAT THEY SAY Children's Online Privacy Protection Act (COPPA) 15 U.S.C. §6501 et seq. — Prohibits operators of websites or online services directed to children under 13 from collecting personal information without verifiable parental consent. Imposes civil penalties up to $51,744 per violation as adjusted by FTC. California Consumer Privacy Act (CCPA) Cal. Civ. Code §1798.100 et seq. as amended by California Privacy Rights Act (CPRA) — Grants California residents rights to: know what personal information is collected (§1798.100), have personal information deleted (§1798.105), correct inaccurate personal information (§1798.106), opt-out of sale or sharing of personal information (§1798.120), limit use of sensitive personal information (§1798.121), non-discrimination for exercising any of these rights (§1798.125). The Collexn does not sell personal information and does not "share" personal information for cross-context behavioral advertising. Enforced by California Attorney General and California Privacy Protection Agency. Civil penalties up to $7,500 per intentional violation $2,500 per non-intentional violation. Right of action for data breach $100-$750 per consumer per incident. California Online Privacy Protection Act (CalOPPA) Cal. Bus. & Prof. Code §22575-22579 — Requires operators of commercial websites that collect personal information from California residents to post a privacy policy. This document complies. Texas Data Privacy and Security Act (TDPSA) Tex. Bus. & Com. Code §541.001 et seq. — Effective July 1 2024. Grants Texas residents rights to access correct delete obtain a copy of personal data and opt out of targeted advertising sale of personal data and certain profiling. Defines sale narrowly. We do not engage in targeted advertising and do not sell personal data within the TDPSA definition. Enforced by Texas Attorney General. Civil penalties up to $7,500 per violation. Texas Identity Theft Enforcement and Protection Act Tex. Bus. & Com. Code §521.001 et seq. — Requires reasonable security procedures to protect sensitive personal information. §521.053 requires notification to affected individuals as quickly as possible after a breach. Civil penalty up to $50,000 per violation. Texas AG may seek injunctive relief. HIPAA / HITECH (45 C.F.R. Parts 160-164) — Does not apply to The Collexn because we are not a covered entity or business associate. EU General Data Protection Regulation (GDPR) (Regulation 2016/679) and UK GDPR — Apply if we process data of EEA/UK residents. Establishes legal bases for processing (Art. 6): consent contract legal obligation vital interests public task legitimate interests. Grants data subject rights including access (Art. 15) rectification (Art. 16) erasure (Art. 17) restriction (Art. 18) portability (Art. 20) objection (Art. 21) and the right not to be subject to automated decisions (Art. 22). Requires breach notification to supervisory authority within 72 hours (Art. 33) and to data subjects without undue delay if high risk (Art. 34). Maximum administrative fines under Art. 83(5) up to €20 million or 4% of total worldwide annual turnover. We rely on Art. 6(1)(b) (contract performance) Art. 6(1)(c) (legal obligation) and Art. 6(1)(f) (legitimate interests) as lawful bases. Federal Trade Commission Act 15 U.S.C. §45 — Section 5 prohibits unfair or deceptive acts or practices. Misrepresenting privacy practices is actionable. Penalties up to $51,744 per violation as adjusted. Gramm-Leach-Bliley Act (GLBA) 15 U.S.C. §6801 et seq. — Does not apply to The Collexn because we are not a financial institution. Square Inc. handles all financial-account data subject to its own GLBA-compliant practices. PCI Data Security Standard (PCI-DSS) — Industry standard for handling cardholder data. We do not store card data. Square Inc. is a Level 1 PCI-DSS service provider. CAN-SPAM Act 15 U.S.C. §7701 et seq. — Governs commercial email. Penalties up to $51,744 per violation. We send only transactional emails (order confirmations) which are not subject to most CAN-SPAM rules. Marketing emails if any will include opt-out consistent with §7704(a). Telephone Consumer Protection Act (TCPA) 47 U.S.C. §227 — Governs SMS and automated calls. We do not currently send SMS or automated calls. If we do we will obtain prior express written consent.

DATA RETENTION We retain personal information only as long as reasonably necessary for the purposes for which it was collected or as required by law. Tax records: 7 years (IRS recordkeeping requirement 26 C.F.R. §1.6001-1). Sanctioned tournament records: as required by Wizards Play Network or Bandai TCG+ sanctioning rules. Order records: minimum 4 years (Texas comptroller retention guidelines). Server logs: 90 days unless required for security investigation. Marketing email opt-outs: indefinitely.

INTERNATIONAL TRANSFERS The Collexn operates from the United States. If you access the Site from outside the U.S. your data will be transferred to and processed in the U.S. which has data protection laws different from your country.

DATA BREACH In the event of a security breach affecting your personal data we will provide notification consistent with applicable law including 15 U.S.C. §6809 Tex. Bus. & Com. Code §521.053 California Civ. Code §1798.82 GDPR Art. 33-34 and any other applicable jurisdiction. Notification will occur as expeditiously as possible after determining the scope of the incident taking into account legitimate law-enforcement needs.

YOUR RIGHTS REGARDLESS OF JURISDICTION You may at any time request: (a) confirmation of whether we hold personal information about you (b) a copy of that information (c) correction of inaccurate information (d) deletion of information not required for tax sanctioned-tournament or fraud-prevention purposes (e) restriction on processing (f) objection to processing based on legitimate interests (g) withdrawal of consent where consent is the legal basis. Submit requests in writing to The Collexn — Privacy Officer 1300 Veterans Blvd Suite D Del Rio TX 78840. We respond within 30 days where required by applicable law (45 days under CCPA with 45-day extension allowed).

UPDATES We may update this policy at any time. Material changes will be reflected by an updated last-updated date at the bottom of the document. Continued use of the Site after changes constitutes acceptance.

CONTACT Privacy Officer The Collexn 1300 Veterans Blvd Suite D Del Rio TX 78840 USA.