Privacy Policy

This Privacy Policy is issued by H.A.S. Novelties Ltd. and H.A.S. Marketing Ltd., operating under the brand name T-Shirt Elephant (collectively, “T-Shirt Elephant,” “we,” “us,” or “our”). It applies to all personal information collected through:

• Our website at www.tshirtelephant.com (the “Site”)
• Orders and inquiries submitted via email
• Orders placed by telephone
• Orders entered by a T-Shirt Elephant customer service agent on your behalf
• In-person transactions at our facility
• Any other communication channel through which you provide personal information to us

By using our Services, placing an order, or otherwise providing personal information to T-Shirt Elephant through any channel, you acknowledge that you have read and understood this Privacy Policy.

Personal Information You Provide:

• Identity information: Full name, company name (if applicable), job title
• Contact information: Email address, mailing address, shipping address, telephone number
• Payment information: Credit card details, billing address (processed securely through our payment processor; we do not store full credit card numbers on our servers)
• Order information: Product selections, quantities, sizes, colours, custom specifications, artwork files, design instructions, proof approvals
• Account information: Username, password (encrypted), order history, saved preferences
• Communications: Emails, phone call records, chat transcripts, notes from customer service interactions
• Artwork and designs: Files, logos, images, and other visual content you provide for printing

Information Collected Automatically:

• Device and browser information: IP address, browser type and version, operating system, device type, screen resolution
• Usage data: Pages visited, time spent on pages, click patterns, referring URLs, search queries used to find our site
• Cookies and similar technologies: Session identifiers, preferences, shopping cart contents (see Section 5 for details)
• Location data: General geographic location inferred from your IP address

We collect personal information through the following channels:

• Website: When you create an account, place an order, request a quote, subscribe to our newsletter, fill out a contact form, or use our online design tool
• Email: When you send us order requests, artwork, questions, or other correspondence via email
• Telephone: When you call us to place an order, inquire about services, or discuss an existing order. Our customer service agents may record order details and contact information during phone calls
• Customer service agents: When an agent places or modifies an order on your behalf based on your instructions, they collect and enter your information into our systems on behalf of T-Shirt Elephant
• In person: When you visit our facility to drop off materials, review samples, or discuss a project
• Automated technologies: Through cookies, web beacons, analytics tools, and similar technologies when you visit our website (see Section 5)

We only collect personal information that is necessary for the purposes identified in this policy. We do not collect personal information indiscriminately and will limit our collection to what is reasonable and necessary for the services you have requested.

We use the personal information we collect for the following purposes:

• Order fulfillment: Processing orders, producing custom products, managing proofs and approvals, arranging shipping and delivery
• Payment processing: Processing payments, issuing invoices, managing refunds and credits
• Customer service: Responding to inquiries, resolving issues, providing technical support, communicating about existing orders
• Account management: Creating and maintaining your account, authenticating your identity, managing your preferences
• Communication: Sending order confirmations, shipping notifications, proof approvals, invoices, and other transactional communications
• Marketing: With your consent, sending promotional emails, newsletters, and information about new products and services
• Website improvement: Analyzing usage patterns to improve our website, services, and user experience
• Legal compliance: Complying with applicable laws, regulations, and legal processes; protecting our rights and property; preventing fraud
• Business operations: Internal record-keeping, accounting, auditing, and other legitimate business purposes

We will not use your personal information for purposes beyond those identified above without first obtaining your consent, except where permitted or required by law.

Our website uses cookies and similar technologies to enhance your experience. A cookie is a small text file placed on your device by a website that enables it to recognize your browser and remember certain information.

Types of cookies we use:

• Essential cookies: Required for the website to function properly, including session management, shopping cart functionality, and security features. These cannot be disabled without affecting site functionality
• Analytics cookies: We use Google Analytics to understand how visitors use our website, including pages visited, time on site, and navigation patterns. Google Analytics collects data anonymously and reports website trends without identifying individual visitors. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on
• Payment processing cookies: Our payment processor (Stripe) uses cookies to enable secure payment processing and fraud detection. These cookies are subject to Stripe’s own privacy policy
• Preference cookies: Used to remember your preferences and settings, such as language and display preferences

Managing cookies: You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, or be notified before a cookie is set. Please note that disabling essential cookies may affect the functionality of our website, including the ability to place orders and use your shopping cart.

For more information about cookies and how to manage them, visit www.allaboutcookies.org.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes.

We may share your personal information with the following categories of recipients, solely for the purposes described in this policy:

• Service providers: Third-party companies that assist us in operating our business, including shipping and courier companies (e.g., Canada Post, UPS, FedEx), payment processors (Stripe), email service providers, web hosting providers, and analytics services (Google Analytics). These providers are contractually obligated to use your information only for the specific services they provide to us and to protect your information
• Affiliated entities: H.A.S. Novelties Ltd., H.A.S. Marketing Ltd., and any future affiliates or subsidiaries, for the purposes described in this policy
• Legal requirements: When required to do so by law, regulation, court order, or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request
• Business transfers: In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your personal information may be transferred as part of the transaction. We will notify you of any such change in ownership or control of your personal information

Non-personally identifiable, aggregated, or anonymized information may be shared with third parties for analytics, research, or marketing purposes.

T-Shirt Elephant is based in Ontario, Canada. However, some of the third-party service providers we use to operate our business (including payment processors, analytics services, and cloud hosting providers) may process or store your personal information in jurisdictions outside of Canada, including the United States.

When your personal information is transferred outside of Canada, it may be subject to the laws of the jurisdiction in which it is processed. Those laws may differ from, and may not provide the same level of protection as, Canadian privacy law. By providing your personal information to us, you consent to such transfers as necessary to fulfill the purposes identified in this policy.

We take reasonable steps to ensure that our service providers provide a comparable level of protection for personal information in accordance with PIPEDA. We require our service providers to protect your information through contractual obligations and to only use it for the specific services they provide to us.

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, or as required by law. Our general retention practices are:

• Order records: Retained for a minimum of 7 years after the order date, as required for tax, accounting, and legal compliance under Canadian law
• Account information: Retained for as long as your account remains active. If you request account deletion, we will delete or anonymize your account information within 30 days, subject to our legal retention obligations
• Artwork and design files: Retained for 2 years after the last order using the artwork, to facilitate reorders. You may request earlier deletion at any time
• Marketing and communication records: Retained until you withdraw your consent (unsubscribe), after which your information will be removed from our marketing lists within 10 business days
• Website analytics data: Retained in anonymized form and not linked to your identity
• Customer service records: Retained for 3 years after the last interaction for quality assurance and dispute resolution purposes

When personal information is no longer needed, we will securely destroy, erase, or anonymize it in accordance with our data disposal procedures.

We take the security of your personal information seriously and implement appropriate technical, administrative, and physical safeguards to protect it against unauthorized access, disclosure, alteration, or destruction. Our security measures include:

• Encryption: All data transmitted between your browser and our website is encrypted using SSL/TLS (Secure Socket Layer/Transport Layer Security) technology
• Payment security: Credit card information is processed through Stripe, a PCI-DSS Level 1 certified payment processor. Full credit card numbers are never stored on our servers
• Access controls: Personal information is accessible only to authorized personnel who require it to perform their duties, and who are subject to confidentiality obligations
• Network security: Our servers are protected by firewalls, intrusion detection systems, and regular security monitoring
• Regular assessments: We periodically review and update our security practices to address emerging threats and vulnerabilities

While we take reasonable precautions to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the best of our ability.

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), you have the following rights regarding your personal information:

• Right of access: You may request access to the personal information we hold about you. We will respond to your request within 30 days and provide you with a copy of your information, subject to limited exceptions permitted by law
• Right of correction: You may request that we correct any personal information that is inaccurate, incomplete, or out of date. We will make the necessary corrections promptly and, where appropriate, notify any third parties to whom the information has been disclosed
• Right to withdraw consent: You may withdraw your consent to the collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice. Withdrawal of consent may affect our ability to provide certain services to you
• Right to deletion: You may request that we delete your personal information where it is no longer necessary for the purposes for which it was collected, subject to our legal retention obligations
• Right to complain: If you are not satisfied with our response to your privacy concern, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at www.priv.gc.ca

To exercise any of these rights, please contact us using the information provided in Section 15 below. We may need to verify your identity before processing your request.

T-Shirt Elephant complies with Canada’s Anti-Spam Legislation (CASL, S.C. 2010, c. 23) regarding the sending of commercial electronic messages.

Transactional communications: When you place an order or engage our services through any channel, we will send you transactional electronic messages related to your order, including order confirmations, shipping notifications, proof approvals, invoices, and customer service correspondence. These messages are necessary for the performance of our services and are exempt from CASL consent requirements.

Marketing communications: We will only send you promotional or marketing communications (such as newsletters, special offers, and product announcements) with your express consent. You may provide consent by opting in through our website, by email, or verbally to a customer service agent.

Your right to unsubscribe: You may withdraw your consent to marketing communications at any time by:

• Clicking the “unsubscribe” link provided at the bottom of every marketing email
• Contacting us at [email protected]

We will process your unsubscribe request within 10 business days. Unsubscribing from marketing communications will not affect transactional messages related to your orders.

Every commercial electronic message we send includes: our business name, physical mailing address, and at least one additional method to contact us, as required by CASL.

T-Shirt Elephant does not knowingly collect personal information from children under the age of 14 without verifiable parental or guardian consent. Our website and services are not directed at children under 14.

If you are a parent or guardian and believe that your child under the age of 14 has provided personal information to T-Shirt Elephant without your consent, please contact us immediately at [email protected]. We will take steps to promptly delete such information from our records.

Individuals aged 14 and older may use our services with the authorization of a parent or legal guardian, as described in our Terms of Service.

In the event of a security breach involving your personal information that creates a real risk of significant harm to you, T-Shirt Elephant will:

• Report the breach to the Office of the Privacy Commissioner of Canada as soon as feasible, as required by PIPEDA (Division 1.1)
• Notify affected individuals as soon as feasible, providing a description of the breach, the types of personal information involved, and steps we are taking to address the breach and reduce the risk of harm
• Notify any other organizations that may be able to reduce the risk of harm to affected individuals
• Maintain records of all breaches of security safeguards for a minimum of 24 months, as required by law

“Significant harm” includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on credit record, and damage to or loss of property, as defined under PIPEDA.

T-Shirt Elephant reserves the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated “Last Updated” date. If we make material changes to how we collect, use, or disclose your personal information, we will notify you by posting a prominent notice on our website or by sending you an email notification.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy.

If you have any questions about this Privacy Policy, wish to exercise your rights under PIPEDA, or have a privacy-related concern, please contact us:

We will acknowledge receipt of your inquiry within 5 business days and provide a substantive response within 30 days, as required by PIPEDA.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada:

Please visit our Terms of Service page for details on use, disclaimers, and limitations of liability regarding the use of our website and services.

This Privacy Policy and our Terms of Service together form the complete agreement regarding your use of our services and the handling of your personal information. In the event of any conflict between this Privacy Policy and the Terms of Service regarding privacy matters, this Privacy Policy shall prevail.