Privacy Policy
Last updated: March 10, 2026
Bandley 3, LLC ("Bandley 3," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit www.bandley3.com (the "Site") or make a purchase through our store. It also describes your rights regarding your personal data and how to exercise them.
By using the Site, you acknowledge that you have read and understood this Privacy Policy. Please also review our Terms of Service, which govern your use of the Site.
1. Information We Collect
Information You Provide Directly
When you interact with the Site — for example, by creating an account, placing an order, subscribing to our mailing list, or contacting us — we may collect the following:
Identity & Contact Information: your name, email address, phone number, billing address, and shipping address.
Payment Information: payment card details and billing information. Note that payment processing is handled by Shopify Payments and/or third-party payment processors (such as Stripe or PayPal). We do not store your full payment card number on our servers.
Order Information: details about the products you purchase, order history, and any communications related to your orders.
Communications: any messages, feedback, or other correspondence you send to us.
Information Collected Automatically
When you visit the Site, certain information is collected automatically through cookies and similar technologies:
Device & Browser Information: your IP address, browser type and version, operating system, device type, and screen resolution.
Usage Data: pages visited, time spent on pages, click patterns, referring URLs, and other browsing behavior on the Site.
Location Data: approximate geographic location inferred from your IP address.
Cookies & Tracking: we use cookies, pixels, and similar technologies for essential Site functionality, analytics, and marketing. See Section 7 ("Cookies & Tracking Technologies") below for details.
Information from Third Parties
We may receive information about you from third-party services we use, such as Shopify (our e-commerce platform), analytics providers, and marketing platforms. This information is used in accordance with this Privacy Policy.
2. How We Use Your Information
We use the information we collect for the following purposes:
Order Fulfillment: processing and fulfilling your orders, managing payments, and providing shipping updates.
Customer Communication: responding to your inquiries, sending order confirmations, shipping notifications, and service-related communications.
Marketing (with your consent): sending promotional emails, newsletters, and information about new collections or offers. You may opt out at any time (see Section 5).
Site Improvement: analyzing usage patterns to improve the Site's functionality, content, and user experience.
Security & Fraud Prevention: detecting and preventing fraudulent transactions, unauthorized access, and other security threats.
Legal Compliance: complying with applicable laws, regulations, legal processes, and governmental requests.
3. Legal Bases for Processing (GDPR)
If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data on the following legal bases:
Contract Performance: processing necessary to fulfill our contract with you — for example, processing your order and delivering your purchase.
Legitimate Interests: processing necessary for our legitimate business interests, such as fraud prevention, Site security, and improving our products and services, provided these interests do not override your fundamental rights.
Consent: processing based on your explicit consent — for example, sending you marketing communications or placing non-essential cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Legal Obligation: processing necessary to comply with a legal requirement, such as tax and accounting obligations.
4. How We Share Your Information
We do not sell your personal data. We may share your information with the following categories of recipients, solely as necessary to operate our business and provide our Services:
Service Providers: third-party companies that perform functions on our behalf, including Shopify (e-commerce platform and hosting), payment processors (Stripe, PayPal, Shopify Payments), shipping and fulfillment partners, email marketing platforms, and analytics services. These providers are contractually obligated to protect your data and may only use it to perform services for us.
Business Transfers: in connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
Legal Requirements: we may disclose your information when required by law, regulation, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
We do not share your personal data with third parties for their own marketing purposes.
5. Your Rights & Choices
All Users
Marketing Opt-Out: you may unsubscribe from promotional emails at any time by clicking the "unsubscribe" link at the bottom of any marketing email, or by contacting us at hello@bandley3.com. Please note that you may continue to receive transactional communications (such as order confirmations and shipping updates) even after opting out of marketing.
Cookie Preferences: you can manage your cookie preferences through the cookie consent banner displayed on the Site, or through your browser settings. See Section 7 for more information.
European Economic Area, UK, and Swiss Residents (GDPR)
Under the General Data Protection Regulation and applicable local laws, you have the following rights regarding your personal data:
Right of Access: request a copy of the personal data we hold about you.
Right to Rectification: request correction of inaccurate or incomplete personal data.
Right to Erasure ("Right to Be Forgotten"): request deletion of your personal data, subject to certain legal exceptions.
Right to Restrict Processing: request that we limit how we use your data in certain circumstances.
Right to Data Portability: receive your personal data in a structured, commonly used, machine-readable format and, where technically feasible, have it transferred to another controller.
Right to Object: object to the processing of your personal data based on legitimate interests, including profiling and direct marketing.
Right to Withdraw Consent: where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint: you have the right to file a complaint with your local data protection supervisory authority.
To exercise any of these rights, please contact us at hello@bandley3.com. We will respond within 30 days (or sooner where required by law). We may ask you to verify your identity before processing your request.
California Residents (CCPA / CPRA)
Under the California Consumer Privacy Act and the California Privacy Rights Act, California residents have additional rights:
Right to Know: you may request information about the categories and specific pieces of personal information we have collected, the sources of collection, the purposes of collection, and the categories of third parties with whom we share it.
Right to Delete: you may request deletion of your personal information, subject to certain exceptions.
Right to Correct: you may request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing: we do not sell your personal information, nor do we share it for cross-context behavioral advertising as defined by the CCPA/CPRA.
Right to Non-Discrimination: we will not discriminate against you for exercising any of your CCPA/CPRA rights.
To exercise your California privacy rights, please contact us at hello@bandley3.com.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, including to satisfy legal, accounting, or reporting requirements. Specifically:
Order and transaction data is retained for a minimum of 7 years to comply with tax and accounting obligations.
Account data is retained for as long as your account is active. If you request account deletion, we will delete or anonymize your data within 30 days, except where retention is required by law.
Marketing data is retained until you unsubscribe or request deletion.
Analytics and cookie data is retained in accordance with the lifespans described in Section 7.
7. Cookies & Tracking Technologies
We use cookies and similar technologies on the Site. Cookies are small text files stored on your device that help us provide and improve the Site.
Essential Cookies: required for the Site to function properly — for example, maintaining your shopping cart, enabling checkout, and ensuring Site security. These cookies cannot be disabled.
Analytics Cookies: help us understand how visitors interact with the Site, including which pages are most popular and how users navigate. We may use services like Google Analytics for this purpose. These cookies are only set with your consent.
Marketing Cookies: used to deliver relevant advertisements and track the effectiveness of marketing campaigns. These cookies are only set with your consent.
When you first visit the Site, you will see a cookie consent banner that allows you to accept or decline non-essential cookies. You can change your preferences at any time through the cookie settings link in the Site footer, or by adjusting your browser settings. Declining non-essential cookies will not affect the core functionality of the Site.
Do Not Track: some browsers send a "Do Not Track" signal. We honor Do Not Track signals and do not track, plant cookies, or use advertising when a Do Not Track browser mechanism is in place.
8. International Data Transfers
We are based in the United States. If you are accessing the Site from outside the U.S. — including from the EEA, UK, or Switzerland — your personal data will be transferred to and processed in the United States. We take appropriate measures to ensure that your data is protected in accordance with this Privacy Policy and applicable data protection laws, including the use of Standard Contractual Clauses or other approved transfer mechanisms where required.
9. Data Security
We implement commercially reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. Our Site uses SSL/TLS encryption for data transmitted between your browser and our servers. However, no method of electronic storage or transmission is 100% secure, and we cannot guarantee absolute security.
10. Children's Privacy
The Site is not directed to individuals under the age of 18 (or the age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal data, please contact us at hello@bandley3.com.
11. Third-Party Links
The Site may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. The "Last updated" date at the top of this page indicates when the most recent changes were made. Material changes will be communicated via email or a prominent notice on the Site. Your continued use of the Site after changes are posted constitutes your acceptance of the updated Privacy Policy.
13. Contact Us
If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a privacy-related concern, please contact us:
Bandley 3, LLC
Email: hello@bandley3.com
For GDPR-related inquiries, you may also contact your local data protection authority. A list of EU data protection authorities can be found at edpb.europa.eu.