Last Updated: June 18, 2025


Code to Chic (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website [www.codetochic.com] ("Website"), use our services, or otherwise interact with us.

By accessing our website and services, you agree to the terms of this Privacy Policy.

We may collect the following categories of personal data:

• Identification Data: Name, email address, mailing address, phone number
• Technical Data: IP address, browser type, device info, time zone, pages viewed (via cookies and analytics).
• Usage Data: Information about how you use our website, services, educational content, browsing behavior, clickstream data, access times
• Marketing and Communications Data: Preferences in receiving emails and promotional content.
• Payment Information: When making purchases, we collect billing information via secure third-party processors (we do not store full payment data ourselves).

We collect personal data when you:

• Fill out forms (newsletter signups, waitlists, contact forms)
• Purchase a product, service, or digital course
• Register for a webinar, workshop, or masterclass
• Interact with our content, emails, or social media
• Use our website (via cookies and analytics tools)

We process your personal data for the following purposes:

• To deliver the products or services you request
• To provide customer support and respond to inquiries
• To improve our website, offerings, and user experience
• To send marketing communications (with your consent)
• To comply with legal obligations (e.g. tax reporting, GDPR)
• To track performance of campaigns and audience engagement.

We process your personal data for the following purposes:

• To provide and deliver services
• To personalize your experience
• To communicate with you, including marketing communications
• To improve our website, offerings, and user experience
• To comply with legal obligations

We use cookies to enhance your browsing experience and collect analytical data. You can control cookie settings through your browser preferences.

If you are located in the European Economic Area (EEA), we process your personal information under the following legal bases:

• Consent: You have given clear consent (e.g., email opt-in)
• Contract: Data is necessary to fulfill a purchase or service
• Legal Obligation: We are legally required to process the data
• Legitimate Interests: For purposes such as business analytics, improving our services, or preventing fraud (only where your rights are not overridden)

We do not sell or rent your personal data. We may share data with trusted third parties who help us run our business, including:

• Payment processors (e.g., Stripe, PayPal)
• Email marketing platforms (e.g., ConvertKit, MailerLite)
• Website hosting and analytics providers (e.g., Google Analytics)
• Course platforms or membership portals
• Legal and regulatory authorities if required by law
• Third parties in case of business transfers (e.g., merger or acquisition)

These providers are GDPR-compliant and may only use your data to perform specific tasks on our behalf.

Code to Chic is headquartered in Canada and processes personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). By using our website or services, you acknowledge that your personal data may be collected, used, processed, and stored in Canada, and may be transferred to or from other jurisdictions, including but not limited to the European Union (EU), United States, United Kingdom (UK), and Australia. Data protection laws in these jurisdictions may differ from those in your country of residence.

Where required by applicable law - including the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and Australia’s Privacy Act 1988 and Notifiable Data Breaches (NDB) scheme - we implement appropriate safeguards to protect your personal data during international transfers. Such safeguards may include:

• Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO,
• Binding Corporate Rules (BCRs), or
• Other lawful transfer mechanisms recognized under applicable data protection laws.

California residents are entitled to specific rights regarding their personal information under the CCPA/CPRA, including rights to access, deletion, and the right to opt-out of the sale or sharing of personal information. Australian residents are protected under the NDB scheme, which requires timely notification of eligible data breaches likely to cause serious harm.

By continuing to use this website and submitting personal information, you expressly consent to the collection, use, disclosure, and international transfer of your personal data as described in this Privacy Policy.

If you are located in the EU, UK, California, or Australia and wish to exercise your privacy rights or inquire about cross-border data transfers, please contact us using the details provided in the Contacting Us section.

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to provide services, comply with legal and regulatory obligations, resolve disputes, enforce our agreements, and maintain business records.

When personal data is no longer required, we take reasonable steps to securely delete, destroy, or de-identify it in accordance with our internal retention policies and applicable data protection laws.

A. Security Measures

We implement appropriate technical and organizational safeguards to protect your personal information against unauthorized access, disclosure, alteration, misuse, or destruction. These measures include, but are not limited to:

• Encryption of sensitive data in transit and at rest;
• Secure servers with restricted physical and logical access controls;
• Regular risk assessments, penetration testing, and security updates;
• Ongoing employee training in data protection and information security practices.

However, no system or method of transmission over the Internet is 100% secure. While we do our best, we cannot guarantee absolute security of your information.
Where we have given you (or where you have chosen) a password so that you can access certain areas of our site, you are responsible for keeping this password confidential.

B. Use of Third-Party Processors

When we engage third-party service providers to process personal data on our behalf, we ensure that such processors are contractually obligated to maintain adequate security measures and handle personal data in compliance with applicable data protection laws, including the GDPR, CCPA/CPRA, and the Australian Privacy Act 1988.

C. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify affected individuals and the appropriate supervisory authorities without undue delay, in accordance with applicable laws. This includes compliance with the EU GDPR (Articles 33–34), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and the Australian Notifiable Data Breaches (NDB) scheme.

If you are a resident of the European Union, you are entitled to specific rights concerning your personal data under Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR). These rights include:

A. Right of Access (Article 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to access the data and receive a copy.

B. Right to Rectification (Article 16 GDPR)
You may request the rectification of inaccurate personal data concerning you, or to have incomplete data completed.

C. Right to Erasure – ‘Right to be Forgotten’ (Article 17 GDPR)
You have the right to request the erasure of your personal data where there is no overriding legal basis for us to retain it, such as compliance with a legal obligation.

D. Right to Restriction of Processing (Article 18 GDPR)
You may request that we restrict the processing of your personal data in specific circumstances, such as when the accuracy of the data is contested or processing is unlawful.

E. Right to Data Portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller where technically feasible.

F. Right to Object (Article 21 GDPR)
You have the right to object to the processing of your personal data based on our legitimate interests, including profiling. You also have the absolute right to object to your data being processed for direct marketing purposes.

G. Right to Withdraw Consent (Article 7 GDPR)
Where processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

H. Right to Lodge a Complaint (Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority in your EU Member State if you believe that your data protection rights have been violated.

How to Exercise Your Rights:
You may exercise any of the above rights by contacting us via:
Email: admin@codetochic.com

To protect your data, we may request specific information from you to verify your identity before processing your request. We will respond within the timeframes required under applicable law.

If you are located in the United Kingdom, your personal data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws provide you with the following rights regarding your personal information:

A. Right of Access

You have the right to request access to the personal data we hold about you and to obtain a copy of that information.

B. Right to Rectification

You may request that we correct or update inaccurate or incomplete personal data we hold about you.

C. Right to Erasure (‘Right to be Forgotten’)

You may request the deletion of your personal data where there is no lawful reason for us to continue processing it.

D. Right to Restrict Processing

You can request the restriction of the processing of your personal data in specific circumstances, such as when you contest the accuracy of the data or object to the processing.

E. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request that this data be transmitted directly to another controller where technically feasible.

F. Right to Object

You may object to our processing of your personal data when we rely on legitimate interests as the legal basis. We will cease such processing unless we can demonstrate compelling legitimate grounds.

G. Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, where such a decision has legal or similarly significant effects.

H. Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

I. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK’s data protection supervisory authority:

Information Commissioner's Office (ICO)
Website: https://www.ico.org.uk
Phone: +44 (0)303 123 1113

How to Exercise Your Rights:

To exercise any of your rights listed above, please contact us at:
Email: admin@codetochic.com

We may request additional information to verify your identity before fulfilling your request, in accordance with applicable data protection laws.

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights include:

A. Right to Know

You have the right to request that we disclose:

• The categories and specific pieces of personal information we have collected about you in the preceding 12 months;
• The categories of sources from which the information was collected;
• The business or commercial purposes for collecting, selling, or sharing your personal information;
• The categories of third parties with whom we disclose personal information.

B. Right to Delete

You may request the deletion of personal information that we have collected from you, subject to certain exceptions under California law (such as if the information is needed to complete a transaction or comply with a legal obligation).

C. Right to Opt-Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information.
We do not sell personal information. If we engage in sharing as defined under CPRA (e.g., for cross-context behavioral advertising), we will provide you with notice and the ability to opt-out via a "Do Not Sell or Share My Personal Information" link or equivalent method.

D. Right to Non-Discrimination

We will not discriminate against you for exercising your rights. This means we will not:

• Deny you goods or services,
• Charge you different prices or rates,
• Provide you with a different level or quality of service,
• unless the difference is reasonably related to the value provided by your data.

E. How to Exercise Your Rights

You may submit a verifiable consumer request by contacting us through any of the following methods:

Email: admin@codetochic.com
Web form: https://codetochic.com/contact

We may need to verify your identity before fulfilling your request to ensure the protection of your personal data.

F. Authorized Agent

You may authorize another person or entity (an “authorized agent”) to submit a request on your behalf. To process such a request, we may require:

• Signed permission from you,
• Proof of the agent’s identity, and
• Verification of your own identity.

If you are a resident of the Commonwealth of Virginia, the Virginia Consumer Data Protection Act (VCDPA) grants you specific rights regarding your personal data. This section outlines your rights and how you can exercise them, as well as how Code to Chic collects, uses, and protects personal data in accordance with the VCDPA.

A. Definitions under the VCDPA

Under the VCDPA, the following definitions apply:

• “Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. It does not include de-identified data or publicly available information.
• “Sensitive data” includes data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status, precise geolocation data, genetic or biometric data, personal data collected from a known child, and data used for profiling.
• “Consumer” means a natural person who is a Virginia resident acting in an individual or household context (not in an employment or commercial context).

B. Personal Data Collected

We collect personal data that may include:

• Contact information (e.g., name, email, phone)
• Demographic details
• Style and wardrobe preferences (when provided voluntarily)
• Payment and billing information (if you purchase services)
• Website activity (via cookies and analytics tools)

We do not knowingly collect or process sensitive personal data without your explicit consent.

C. Purposes for Processing Personal Data

We collect and process your personal data for the following purposes:

• To provide and personalize our services
• To deliver educational content and style advice
• To communicate with you (newsletters, responses to inquiries, etc.)
• To manage purchases, billing, and customer accounts
• To improve website functionality and user experience
• For internal analytics and performance tracking

D. Your Rights Under the VCDPA

As a Virginia resident, you have the right to:

1. Confirm whether we process your personal data and access such data.
2. Correct inaccuracies in your personal data.
3. Delete personal data you provided to us or that we have otherwise obtained.
4. Obtain a portable copy of your personal data in a readily usable format.
5. Opt out of the processing of your personal data for:

• Targeted advertising;
• Sale of personal data;
• Profiling that results in legal or similarly significant effects concerning you.

Note: Code to Chic does not sell your personal data or use it for profiling in furtherance of decisions that produce legal or similarly significant effects. If this policy changes, you will be notified and given an opportunity to opt-out.

E. Exercising Your Rights

To exercise your rights under the VCDPA, please contact us using the information below. We will respond to your verifiable request within 45 days. If necessary, we may extend this period once for an additional 45 days, provided we notify you of the extension and a reason for the delay.

Mailing Address:
Code to Chic
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com

You may make a request twice per calendar year free of charge. If we decline to act on your request, you may appeal our decision by contacting us again. We will respond to appeals within 60 days. If your appeal is denied, you have the right to contact the Virginia Attorney General to file a complaint.

F. Data Security and Retention

We implement reasonable administrative, technical, and physical safeguards to protect your personal data. We retain personal data only for as long as needed to fulfill the purposes outlined in this Privacy Policy or as required by law.

G. Non-Discrimination

We will not discriminate against you for exercising your rights under the VCDPA. Unless permitted by law, we will not:

• Deny you goods or services;
• Charge you different prices or rates;
• Provide a different level or quality of service.

Residents of other U.S. states may have certain rights under their respective state privacy laws. As privacy legislation evolves across the United States, we are committed to maintaining transparency and providing access and control over personal data, consistent with applicable law.

A. States with Consumer Privacy Laws

If you are a resident of a U.S. state with enacted privacy laws - such as Colorado, Connecticut, Utah, or any other applicable jurisdiction - you may have the following rights:

• The right to know what personal data we collect, use, and share.
• The right to access your personal data.
• The right to correct inaccuracies in your personal data.
• The right to delete personal data under certain conditions.
• The right to opt out of: targeted advertising; sale of personal data (if applicable); profiling that results in legal or similarly significant effects.
• The right to data portability allowing you to request a copy of your personal data in a usable format.

B. Submitting a Request

If your state grants these rights, you may exercise them by submitting a verifiable consumer request using one of the following methods:

Mailing Address:
Code to Chic
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com

Please include: your full name, the nature of your request, your state of residence, and sufficient information for us to verify your identity.

We will respond to verifiable consumer requests within the timeframe required by applicable state law - typically within 45 days. If additional time is required, we will inform you of the reason and extension period.

C. Appeals Process

If we deny your request, you may have the right to appeal our decision by contacting us again. We will provide you with an explanation for the denial and instructions on how to appeal. If your appeal is unsuccessful, you may contact your state Attorney General to submit a complaint.

D. No Discrimination

We will not discriminate against you for exercising your rights under any applicable privacy law. This includes denying you services, charging different prices, or providing a different level of service.

If you are an Australian resident, you are entitled to specific rights under the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme, which are enforced by the Office of the Australian Information Commissioner (OAIC). These include:

A. Right to Access and Correction

You have the right to request access to any personal information we hold about you. You also have the right to request corrections if you believe the information we hold is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

B. Right to Lodge a Complaint

If you believe that we have not complied with the Privacy Act or the Australian Privacy Principles (APPs), you have the right to lodge a complaint with us. If you are unsatisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC).

C. Data Breach Notifications

In accordance with the NDB scheme, we are required to notify you and the OAIC if we become aware of a data breach that is likely to result in serious harm. This includes a clear description of the breach, the information involved, and recommended actions you should take in response.

How to Exercise Your Rights:

You may exercise any of the above rights by contacting us using the details below. We may request you to verify your identity before acting on your request to ensure your privacy is protected.

Mailing Address:
Code to Chic
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com

If you are a Canadian resident, you are entitled to certain rights under the Personal Information Protection and Electronic Documents Act (PIPEDA). These rights include:

• The right to access the personal information we hold about you;
• The right to request corrections to any inaccuracies in your personal information;
• The right to withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual obligations;
• The right to know how your personal information is collected, used, and disclosed;
• The right to challenge our compliance with PIPEDA.

How to Exercise Your Rights:

You may exercise any of the above rights by contacting us at:
Email: admin@codetochic.com

To help protect your privacy and maintain security, we may request specific information from you to verify your identity before processing your request. We will respond within the timeframes required by applicable Canadian privacy laws.

Our website and services are not intended for children under the age of 16. We do not knowingly collect data from minors.

Our website may include links to third-party websites. We are not responsible for the privacy practices of those websites.

We reserve the right to update this policy at any time. When we do, we will revise the "Last Updated" date at the top. Please check back periodically.

If you have questions about this policy or wish to exercise your rights, please contact:

Mailing Address:
Code to Chic
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com