Privacy Policy

1. Who We Are

Party Boutiques (“we”, “our”, “us”) is a retail party supply and event design business located at 7724 Yonge St, Thornhill, Ontario, L4J 1W2, operating the website at partyboutiques.ca. We are the organization responsible for your personal information under PIPEDA.

2. Scope of This Policy

This policy applies to personal information collected through our website, in-store transactions, telephone interactions, and email correspondence. It does not apply to our employees, whose information is governed by separate workplace policies.

3. What Personal Information We Collect

We collect personal information only for the purposes identified in Section 4. The categories we collect include:

• Identity and contact information: your name, email address, phone number, and mailing/billing/shipping address — collected when you create an account, place an order, or contact us.
• Payment information: credit or debit card details. We do not store raw card data on our servers. Payment processing is handled by Stripe, Inc., who stores and processes card data under their own PCI-DSS-compliant security programs.
• Order and transaction history: details of products purchased, order values, delivery addresses, and communications related to your orders.
• Account credentials: hashed passwords if you create a registered account. We never store plain-text passwords.
• Technical and usage data: IP address, browser type, device type, pages visited, referring URLs, and session duration — collected automatically via cookies and server logs.
• Communications: messages you send us via our contact form, email, or phone — including event inquiry details and customer service correspondence.
• Marketing preferences: your choices regarding receiving promotional communications from us.

4. Why We Collect Your Information (Purposes)

We collect and use personal information only for the following purposes:

• Processing and fulfilling your orders, including arranging delivery via Canada Post or in-store pickup
• Creating and managing your customer account
• Processing payments and preventing fraud
• Communicating with you about your order status, tracking, or issues
• Responding to your inquiries, event requests, or customer service needs
• Sending you marketing emails about promotions, products, and events — only where you have provided consent or where we have a pre-existing customer relationship and applicable law permits (you may opt out at any time)
• Improving our website, product offerings, and customer experience through analytics
• Complying with our legal obligations, including tax and accounting record-keeping requirements under federal and Ontario law

We do not sell your personal information to third parties, and we do not use it for purposes beyond those listed above without obtaining your separate consent.

5. Legal Basis and Consent

Under PIPEDA, we rely on your implied consent for the collection and use of personal information necessary to process your order and manage your customer relationship. We rely on your express, opt-in consent for marketing communications. You may withdraw consent for marketing at any time by using the unsubscribe link in any email we send you or by contacting our Privacy Officer.

Withdrawing consent for marketing does not affect the lawfulness of processing already carried out, and does not affect our ability to process information necessary to fulfill an order you have already placed.

6. Marketing Communications and CASL Consent

We send promotional emails only to customers who have given express opt-in consent, in compliance with Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23). When you check the marketing opt-in box at account creation or checkout, you are expressly authorizing Party Boutiques to send you commercial electronic messages, including promotional offers, product updates, and event announcements.

By providing express consent, you acknowledge that:

• Your receipt of marketing emails from us is authorized by you and does not constitute unsolicited commercial communication under CASL
• We are entitled to continue sending marketing emails until you withdraw consent by using the unsubscribe link included in every marketing email we send
• Consent to marketing is separate from and does not affect your transaction-related communications (order confirmations, shipping notifications, account notices), which are sent regardless of marketing preference

Unsubscribing: Every marketing email we send contains a clearly visible unsubscribe link. You may also opt out by contacting us directly. Once you unsubscribe, we will process your request and cease marketing emails within 10 business days, as required by CASL s. 11. Unsubscribing from marketing does not delete your account or affect any active orders.

We retain a record of your consent (date, method, and scope) for as long as required to demonstrate compliance with CASL.

7. Account Security and Your Responsibilities

When you create an account on partyboutiques.ca, you provide personal information including your name, email address, shipping and billing addresses, and a password. You are responsible for:

• Keeping your login credentials (email and password) strictly confidential
• Ensuring that no unauthorized person has access to your account
• All activities that occur under your account, whether or not authorized by you
• Notifying us immediately at support@partyboutiques.ca if you suspect unauthorized access to or use of your account

We store passwords in hashed, irreversible form and cannot retrieve your plain-text password. We will never ask for your password by email, phone, or any channel other than the login form on our website. If you receive any communication purporting to be from us that asks for your password, treat it as fraudulent and notify us immediately.

We are not responsible for losses or damages arising from unauthorized account access where you have failed to maintain the security of your credentials, shared your login details with a third party, or used a compromised device to access your account.

Shipping and billing addresses saved to your account are stored so that you can reuse them at checkout without re-entering them. You can add, edit, or delete saved addresses at any time through your Account settings. It is your responsibility to ensure your saved addresses are accurate before placing an order.

8. Cookies and Online Tracking

Our website uses cookies — small text files placed on your device. Some cookies are essential to make the website function (e.g., maintaining your shopping cart and session). Others collect information about how you use our site to help us improve it.

Specifically, we may use:

• Essential cookies: required for basic site functionality, including session management and cart persistence. These cannot be disabled without affecting your ability to use the site.
• Analytics cookies: used to understand how visitors interact with the site (e.g., pages visited, time on site). This data is aggregated and not used to identify individual users in most cases.
• Preference cookies: used to remember your preferences (e.g., currency, saved addresses).

Where cookies collect personal information (such as an identifiable device ID or behavioural profile), this falls under PIPEDA. You may control or disable non-essential cookies through your browser settings. Note that disabling certain cookies may affect your experience on our site.

9. Who We Share Your Information With

We share personal information only with the third parties necessary to operate our business and fulfill your orders. We require all third-party service providers to protect your information with safeguards comparable to our own. Current categories of recipients include:

• Payment processors: Stripe, Inc. — to process card and payment transactions securely
• Shipping carriers: Canada Post — to deliver your order and provide shipment tracking
• Email service providers: Resend, Inc. — to send order confirmation, shipping notification, and transactional emails on our behalf
• Website hosting and infrastructure: our hosting provider stores site data, including user accounts and order records, on servers in secure data centres
• Analytics providers: used to collect aggregated website usage statistics

We may also disclose personal information to law enforcement, regulatory authorities, or courts where required by applicable law, or where necessary to protect the rights and safety of our customers or others.

Some of our service providers are located outside Canada (e.g., in the United States). When personal information is transferred to these providers, it is subject to the laws of those jurisdictions, including lawful access by foreign authorities. We take steps to ensure comparable protection is in place through contractual safeguards.

10. How Long We Keep Your Information

We retain personal information only as long as necessary for the stated purposes or as required by law:

• Order and transaction records: retained for 7 years from the date of transaction, as required for tax and accounting compliance by the Canada Revenue Agency
• Customer account data: retained for as long as your account remains active, plus a reasonable period thereafter to resolve any disputes or fulfill legal obligations
• Marketing data: retained until you opt out, at which point we will suppress your contact details from future marketing within 10 business days
• Analytics and technical logs: retained for up to 24 months in aggregated or anonymized form

When personal information is no longer required, we destroy or de-identify it in a secure manner.

11. Your Rights Under PIPEDA

You have the following rights with respect to your personal information:

• Right of access (PIPEDA s. 4.9): You may request access to the personal information we hold about you. We will respond within 30 days of receiving your request. In some cases, we may charge a minimal fee, but we will notify you in advance.
• Right to correction (PIPEDA s. 4.9.5): If you believe information we hold is inaccurate or incomplete, you may ask us to correct it. If we disagree, we will note your claim on file.
• Right to withdraw consent: For non-essential uses (such as marketing), you may withdraw consent at any time. This will not affect our right to use your information for order fulfillment and other necessary purposes.
• Right to complain: If you believe we have not handled your personal information properly, you may file a complaint with our Privacy Officer. If you are not satisfied with our response, you may contact the Office of the Privacy Commissioner of Canada at priv.gc.ca or 1-800-282-1376.

To exercise any of these rights, contact our Privacy Officer as described in Section 13.

12. Safeguards

We protect personal information against unauthorized access, disclosure, copying, use, and modification through a combination of technical and organizational safeguards, including:

• HTTPS encryption for all data transmitted to and from our website
• Hashing of passwords — we never store plain-text credentials
• Access controls limiting employee access to personal information to those with a need to know
• Third-party payment processing through PCI-DSS-compliant providers — we do not store raw payment card numbers
• Regular security reviews of our web infrastructure

No method of transmission over the internet or electronic storage is completely secure. While we take commercially reasonable precautions, we cannot guarantee absolute security.

13. Contact Our Privacy Officer

All privacy-related inquiries, access requests, corrections, and complaints should be directed to our designated Privacy Officer:

Privacy Officer
Party Boutiques
7724 Yonge St, Thornhill, ON L4J 1W2
Email: support@partyboutiques.ca

We will acknowledge receipt of your request within 5 business days and respond fully within 30 days.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will post the updated policy on this page with a new “Last Updated” date. We encourage you to review this policy periodically. Continued use of our website following a posted update constitutes acceptance of the revised policy.