Legal & Transparency

Your Privacy,
Our Commitment

Effective May 1, 2026 GDPR Compliant CCPA Compliant Version 3.0

Privacy First GDPR Compliant Your Data · Your Rights 256-bit SSL Encryption No Data Selling — Ever Chicago Since 1987 CCPA Compliant Lifetime Commitment Privacy First GDPR Compliant Your Data · Your Rights 256-bit SSL Encryption No Data Selling — Ever Chicago Since 1987 CCPA Compliant Lifetime Commitment

Plain-Language Summary

Chicago Leather Co. collects only what is necessary to process your orders, improve your experience, and communicate with you. We never sell your personal data to third parties. You have the right to access, correct, or delete your information at any time.

Last Updated: May 1, 2026 Version 3.0 Effective Immediately

37⁺

Years of Trust

72h

Breach Notification

Day Response Guarantee

Data Sold — Ever

Data Collection

Information We Collect

When you interact with Chicago Leather Co. — whether browsing collections, placing a custom order, or contacting our atelier — we may collect the following:

Name, email address & phone number

Shipping & billing address

Payment details (tokenised — never stored raw)

Order history & purchase preferences

Browsing & interaction data

Messages & enquiry content

IP address & device / browser type

Custom order specs & measurements

We do not collect sensitive data such as biometric, genetic, or health information.

Data Processing

How We Use Your Information

We process personal data for legitimate, specified, and transparent purposes only.

→
Order Processing & Fulfilment
Confirming, preparing, shipping, and tracking your leather goods — including bespoke orders requiring precise measurements.
→
Customer Communications
Order confirmations, shipping updates, service announcements, and prompt responses to enquiries.
→
Marketing & Personalisation
With your consent: curated newsletters and exclusive offers. Opt out anytime via the unsubscribe link.
→
Website Improvement
Analysing usage patterns to improve performance, navigation, and shopping experience across all devices.
→
Fraud Prevention & Security
Detecting and preventing fraudulent transactions and unauthorised access.
→
Legal Compliance
Meeting US federal and state tax, accounting, and consumer-protection obligations.

Tracking Technologies

Cookies & Tracking

We use cookies and similar technologies to operate our site and understand visitor behaviour. Control preferences via your browser or our Cookie Preference Centre.

Category	Purpose	Duration	Type
Strictly Necessary	Cart, login session, security tokens	Session	Essential
Performance	Page-load analytics, error monitoring	13 months	Analytics
Functional	Currency, language, size preferences	12 months	Essential
Analytics	Google Analytics — aggregate traffic data	24 months	Analytics
Marketing	Retargeting, social pixels (opt-in only)	90 days	Marketing

Marketing cookies are only set with your explicit consent. You may withdraw consent at any time and your preference will be honoured on your next visit.

Third Parties

Data Sharing & Disclosure

We do not sell, rent, or trade your personal information. Data is shared only with carefully vetted partners necessary to deliver our services.

◆
Payment Processors
Stripe and PayPal use PCI-DSS Level 1 encryption. We never store raw card details on our servers.
◆
Shipping Carriers
DHL, FedEx, and UPS receive your name and address solely to fulfil delivery.
◆
Email & Marketing Platforms
Klaviyo processes email marketing under a Data Processing Agreement — only for communications you opted into.
◆
Legal & Regulatory Authorities
We may disclose information where required by law, court order, or to protect the safety of our customers.

Your Control

Your Privacy Rights

Depending on your jurisdiction, you hold the following rights. We honour all requests within 30 days.

Right of Access

Request a copy of all personal data we hold, including categories, sources, and processing purposes.

Right to Rectification

Correct any inaccurate or incomplete data by contacting us or updating your account.

III

Right to Erasure

Request deletion of your personal data, subject to legal obligations to retain certain records.

Right to Portability

Receive your data in machine-readable CSV/JSON format for transfer to another provider.

Right to Object

Object to processing based on legitimate interests, or request restriction while a dispute is resolved.

Withdraw Consent

Withdraw marketing consent at any time via the unsubscribe link or by contacting us directly.

VII

California Residents (CCPA)

Right to know, delete, and opt out of the sale of personal information. We do not sell personal information. Submit requests via email or our privacy portal.

Protection Measures

Data Security

We employ industry-standard technical and organisational measures to protect your information:

256-bit SSL/TLS encryption in transit

AES-256 encryption for data at rest

Regular security audits & penetration testing

PCI-DSS Level 1 compliant payments

MFA on all admin systems

Staff privacy & security training

In the event of a breach affecting your rights, we will notify you and relevant supervisory authorities within 72 hours of becoming aware, per applicable law.

Data Lifecycle

Data Retention

We retain personal data only as long as necessary for the purposes collected, or as required by law:

→
Order & Transaction Records
7 years — US IRS tax and accounting compliance.
→
Customer Account Data
Retained while active and for 3 years after your last interaction, then securely deleted.
→
Marketing Preferences
Until you withdraw consent. Opt-out records are kept indefinitely to honour your preference.
→
Custom Order Specifications
5 years to facilitate repeat orders, warranty claims, and quality assurance.

Global Operations

International Data Transfers

As a company serving 70+ countries, your data may be transferred to and processed in the United States or other countries. We ensure appropriate safeguards for all cross-border transfers.

For transfers from the EEA, UK, or Switzerland, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. For US transfers, we comply with CCPA, VCDPA, CPA, and CTDPA as applicable.

Age Restrictions

Children's Privacy

Our services are intended for individuals aged 18 years or older. We do not knowingly collect data from minors. If you believe a child has provided us data, contact us immediately and we will delete it promptly.

Policy Revisions

Policy Updates

When we make significant changes, we will:

→
Update the "Last Updated" date at the top of this page
→
Send an email notification to all registered account holders
→
Display a prominent notice on our homepage for 30 days

Continued use after any update constitutes acceptance of the revised policy.

Get in Touch

Contact Our Privacy Team

For any privacy-related queries, data subject requests, or concerns, please contact our Privacy Officer. We aim to respond within 5 business days and resolve fully within 30 calendar days.

◆
Privacy Officer — Chicago Leather Co.
50 East 52nd Street · Brooklyn, NY 10022 · United States
◆
Email
privacy@chicagoleatherco.com
◆
EU Supervisory Authority
EU residents may lodge a complaint with their local Data Protection Authority if data has not been handled lawfully.

Have a Privacy Question?

Our privacy team responds within 5 business days. Reach out anytime.

Your Privacy,Our Commitment