Privacy Policy
Last Updated: June 18, 2025


Code to Chic™ (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your personal data when you visit our website [www.codetochic.com] ("Website"), use our services, or otherwise interact with us.

By accessing our website and services, you agree to the terms of this Privacy Policy.
1. What Information We Collect
We may collect the following categories of personal data:

  • Identification Data: Name, email address, mailing address, phone number
  • Technical Data: IP address, browser type, device info, time zone, pages viewed (via cookies and analytics).
  • Usage Data: Information about how you use our website, services, educational content, browsing behavior, clickstream data, access times
  • Marketing and Communications Data: Preferences in receiving emails and promotional content.
  • Payment Information: When making purchases, we collect billing information via secure third-party processors (we do not store full payment data ourselves).
2. How We Collect Your Data
We collect personal data when you:

  • Fill out forms (newsletter signups, waitlists, contact forms)
  • Purchase a product, service, or digital course
  • Register for a webinar, workshop, or masterclass
  • Interact with our content, emails, or social media
  • Use our website (via cookies and analytics tools)
3. Why We Use Your Information
We collect and process your personal data for the following purposes:

  • To deliver services and digital products: To fulfill your requests, process transactions, and provide access to our programs, resources, and virtual services.
  • To personalize your experience: To tailor content, recommendations, and communications based on your preferences, behavior, or engagement with our offerings.
  • To provide support and respond to inquiries: To communicate with you about your account, purchases, technical issues, or general questions you may submit.
  • To send marketing communications (with consent): To provide you with updates, promotions, offers, or other marketing messages - only where legally permitted and with appropriate consent.
  • To improve our services and website: To analyze usage data, gather feedback, and make enhancements to our offerings, user experience, and online platforms.
  • To track performance and engagement: To understand how users interact with our content, measure campaign effectiveness, and improve customer satisfaction.
  • To meet legal and regulatory requirements: To comply with applicable laws and obligations including tax reporting, recordkeeping, anti-fraud measures, and data retention.

For details on how we comply with data protection laws in your jurisdiction and your rights under applicable legislation (including GDPR, CCPA, PIPEDA, and others), please refer to the ‘Your Rights’ sections of this Privacy Policy.
4. Communications
This section explains how we communicate with you, your rights regarding those communications, and how we comply with anti-spam and data protection laws in various jurisdictions.

A. Consent to Receive Communications

By providing your contact information and engaging with Code to Chic™ (including subscribing, purchasing, or using our Website or services), you consent to receive electronic communications from us.

These may include:
  • Account-related messages (e.g., registration confirmations, updates, billing)
  • Service notifications
  • Marketing and promotional emails
  • Newsletters and event invitations
  • SMS/text messages and app notifications (where applicable)

You may withdraw consent or unsubscribe from marketing communications at any time as described below.

B. Compliance with Anti-Spam Laws

Canada (CASL):
  • We send Commercial Electronic Messages (CEMs) only with your express or implied consent as required by the Canada Anti-Spam Legislation (CASL).
  • You have the right to unsubscribe or withdraw consent at any time through links in emails or by contacting us directly.
  • We maintain records of consent and provide identification and unsubscribe mechanisms in every marketing communication.
Australia (Spam Act 2003):
  • We send commercial electronic messages only with your consent, and all marketing messages include a functional unsubscribe facility.
  • We take reasonable steps to ensure messages are not sent to addresses purchased or harvested from third parties without consent.
United States (CAN-SPAM Act):
  • We comply with the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act by including clear sender identification, a valid physical mailing address, and an easy opt-out mechanism in all commercial emails.
  • We do not send deceptive subject lines or false sender information.
European Union (GDPR & ePrivacy Directive):
  • Where applicable, we obtain explicit consent before sending marketing communications, in compliance with the General Data Protection Regulation (GDPR) and the ePrivacy Directive.
  • You have the right to access, rectify, erase, restrict processing, object to processing, and data portability of your personal data.
  • We provide clear information on how to withdraw consent and manage your communication preferences.

C. Your Rights and How to Manage Communications

  • Opting Out: All marketing and promotional communications include an unsubscribe link. You can also contact us directly at admin@codetochic.com to unsubscribe or update your preferences.
  • SMS/Text Messages: If you receive text messages, you may reply “STOP” or follow opt-out instructions in the message to unsubscribe. Message and data rates may apply.
  • Data Access and Control: You have the right to request access to your personal data, correct inaccuracies, or request deletion where permitted by law.
  • Complaints: If you believe your data privacy rights have been violated, you may contact us or lodge a complaint with your local data protection authority.
5. Cookies and Tracking Technologies
We use cookies to enhance your browsing experience and collect analytical data.

  • Canada (PIPEDA): We obtain your consent where required before placing non-essential cookies and provide clear information about their use.
  • USA (CCPA): You have the right to opt-out of the sale or sharing of your personal information for targeted advertising. Although cookies generally are not “sold,” we disclose third-party tracking practices.
  • EU (GDPR): We seek your explicit consent before using non-essential cookies and provide an easy-to-use cookie consent tool to manage preferences.
  • Australia (Spam Act): While the Spam Act primarily governs electronic marketing, we adhere to best practices by obtaining your consent for tracking technologies that may be used for marketing purposes.

You can manage cookie preferences through your browser settings. Disabling certain cookies may affect Website functionality.
6. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), we process your personal information under the following legal bases:

  • Consent: You have given clear consent (e.g., email opt-in)
  • Contract: Data is necessary to fulfill a purchase or service
  • Legal Obligation: We are legally required to process the data
  • Legitimate Interests: For purposes such as business analytics, improving our services, or preventing fraud (only where your rights are not overridden)
7. Third-Party Sharing
A. How We Share Your Information

We do not sell or rent your personal data under any circumstances. However, we may share your personal information with trusted third-party service providers who assist in operating our business, delivering our services, and improving your experience.

These third parties include, but are not limited to:
  • Payment processors (e.g., Stripe, PayPal)
  • Email marketing platforms (e.g., ConvertKit, MailerLite)
  • Website hosting and analytics providers (e.g., Google Analytics)
  • Course platforms or membership portals
  • Customer service and communication tools
  • Legal and regulatory authorities, if required by law
  • Third parties involved in a business transfer, such as a merger, acquisition, or sale of assets

We only share the minimum data necessary to fulfill specific services, and all third parties are contractually obligated to handle your data securely and lawfully. They are not permitted to use your information for any other purpose.

B. Regional Privacy Compliance

We take appropriate steps to ensure our third-party service providers meet the privacy standards required in your region:
  • Canada (PIPEDA): We require third parties to safeguard personal data in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA).
  • United States (CCPA): We disclose the categories of third parties with whom personal data is shared and require compliance with the California Consumer Privacy Act (CCPA).
  • European Union (GDPR): We only engage with data processors who provide sufficient guarantees of GDPR compliance and have signed Data Processing Agreements (DPAs) with us.
  • Australia (Privacy Act): We ensure third-party providers follow the Australian Privacy Principles (APPs) when handling your personal data.

If legally required, we may disclose your personal information in response to valid legal processes, including requests by public authorities or regulators.
8. Data Processing and International Transfers
Code to Chic™ is headquartered in Canada and processes personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). By using our website or services, you acknowledge that your personal data may be collected, used, processed, and stored in Canada, and may be transferred to or from other jurisdictions, including but not limited to the European Union (EU), United States, United Kingdom (UK), and Australia. Data protection laws in these jurisdictions may differ from those in your country of residence.

Where required by applicable law - including the EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and Australia’s Privacy Act 1988 and Notifiable Data Breaches (NDB) scheme - we implement appropriate safeguards to protect your personal data during international transfers. Such safeguards may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission or UK ICO,
  • Binding Corporate Rules (BCRs), or
  • Other lawful transfer mechanisms recognized under applicable data protection laws.

California residents are entitled to specific rights regarding their personal information under the CCPA/CPRA, including rights to access, deletion, and the right to opt-out of the sale or sharing of personal information. Australian residents are protected under the NDB scheme, which requires timely notification of eligible data breaches likely to cause serious harm.

By continuing to use this website and submitting personal information, you expressly consent to the collection, use, disclosure, and international transfer of your personal data as described in this Privacy Policy.

If you are located in the EU, UK, California, or Australia and wish to exercise your privacy rights or inquire about cross-border data transfers, please contact us using the details provided in the Contacting Us section.
9. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including providing services, complying with legal and regulatory obligations, resolving disputes, enforcing our agreements, and maintaining business records.

When personal data is no longer required, we take reasonable steps to securely delete, destroy, or de-identify it in accordance with our internal retention policies and applicable data protection laws.

  • Canada (PIPEDA): We retain your personal information for as long as necessary to fulfill the identified purposes or as required by law. You may request access to or correction of your data at any time.
  • USA (CCPA): We disclose the retention periods for personal information collected and allow California residents to request deletion of their personal data, subject to certain exceptions.
  • EU (GDPR): Personal data will be stored only for the duration necessary to meet the purposes outlined in this policy. You have the right to access, rectify, or erase your data, and to restrict or object to processing where applicable.
  • Australia (Privacy Act): We retain personal information for as long as needed for the purposes it was collected, after which it is securely destroyed or de-identified in compliance with applicable law.

You may contact us at admin@codetochic.com to inquire about your data or exercise your rights.
10. Data Security
A. Security Measures

We implement appropriate technical and organizational safeguards to protect your personal information against unauthorized access, disclosure, alteration, misuse, or destruction. These measures include, but are not limited to:

  • Encryption of sensitive data in transit and at rest;
  • Secure servers with restricted physical and logical access controls;
  • Regular risk assessments, penetration testing, and security updates;
  • Ongoing employee training in data protection and information security practices.

However, no system or method of transmission over the Internet is 100% secure. While we do our best, we cannot guarantee absolute security of your information.
Where we have given you (or where you have chosen) a password so that you can access certain areas of our site, you are responsible for keeping this password confidential.

B. Use of Third-Party Processors

When we engage third-party service providers to process personal data on our behalf, we ensure that such processors are contractually obligated to maintain adequate security measures and handle personal data in compliance with applicable data protection laws, including the GDPR, CCPA/CPRA, and the Australian Privacy Act 1988.

C. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify affected individuals and the appropriate supervisory authorities without undue delay, in accordance with applicable laws. This includes compliance with the EU GDPR (Articles 33–34), the UK GDPR, the California Consumer Privacy Act (CCPA/CPRA), and the Australian Notifiable Data Breaches (NDB) scheme.
11. Your Rights Under the General Data Protection Regulation (GDPR)
If you are a resident of the European Union, you are entitled to specific rights concerning your personal data under Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR). These rights include:

A. Right of Access (Article 15 GDPR)
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, to access the data and receive a copy.

B. Right to Rectification (Article 16 GDPR)
You may request the rectification of inaccurate personal data concerning you, or to have incomplete data completed.

C. Right to Erasure - ‘Right to be Forgotten’ (Article 17 GDPR)
You have the right to request the erasure of your personal data where there is no overriding legal basis for us to retain it, such as compliance with a legal obligation.

D. Right to Restriction of Processing (Article 18 GDPR)
You may request that we restrict the processing of your personal data in specific circumstances, such as when the accuracy of the data is contested or processing is unlawful.

E. Right to Data Portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller where technically feasible.

F. Right to Object (Article 21 GDPR)
You have the right to object to the processing of your personal data based on our legitimate interests, including profiling. You also have the absolute right to object to your data being processed for direct marketing purposes.

G. Right to Withdraw Consent (Article 7 GDPR)
Where processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

H. Right to Lodge a Complaint (Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority in your EU Member State if you believe that your data protection rights have been violated.

How to Exercise Your Rights:
You may exercise any of the above rights by contacting us via:
Email: admin@codetochic.com

To protect your data, we may request specific information from you to verify your identity before processing your request. We will respond within the timeframes required under applicable law.
12. Your Rights Under the UK General Data Protection Regulation (UK GDPR)
If you are located in the United Kingdom, your personal data is protected under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. These laws provide you with the following rights regarding your personal information:

A. Right of Access

You have the right to request access to the personal data we hold about you and to obtain a copy of that information.

B. Right to Rectification

You may request that we correct or update inaccurate or incomplete personal data we hold about you.

C. Right to Erasure (‘Right to be Forgotten’)

You may request the deletion of your personal data where there is no lawful reason for us to continue processing it.

D. Right to Restrict Processing

You can request the restriction of the processing of your personal data in specific circumstances, such as when you contest the accuracy of the data or object to the processing.

E. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to request that this data be transmitted directly to another controller where technically feasible.

F. Right to Object

You may object to our processing of your personal data when we rely on legitimate interests as the legal basis. We will cease such processing unless we can demonstrate compelling legitimate grounds.

G. Rights Related to Automated Decision-Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, where such a decision has legal or similarly significant effects.

H. Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

I. Right to Lodge a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with the UK’s data protection supervisory authority:

Information Commissioner's Office (ICO)
Website: https://www.ico.org.uk
Phone: +44 (0)303 123 1113

How to Exercise Your Rights:

To exercise any of your rights listed above, please contact us at:
Email: admin@codetochic.com

We may request additional information to verify your identity before fulfilling your request, in accordance with applicable data protection laws.
13. Your Rights Under the California Consumer Privacy Act (CCPA)
If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). These rights include:

A. Right to Know

You have the right to request that we disclose:

  • The categories and specific pieces of personal information we have collected about you in the preceding 12 months;
  • The categories of sources from which the information was collected;
  • The business or commercial purposes for collecting, selling, or sharing your personal information;
  • The categories of third parties with whom we disclose personal information.

B. Right to Delete

You may request the deletion of personal information that we have collected from you, subject to certain exceptions under California law (such as if the information is needed to complete a transaction or comply with a legal obligation).

C. Right to Opt-Out of Sale or Sharing

You have the right to opt out of the sale or sharing of your personal information.
We do not sell personal information. If we engage in sharing as defined under CPRA (e.g., for cross-context behavioral advertising), we will provide you with notice and the ability to opt-out via a "Do Not Sell or Share My Personal Information" link or equivalent method.

D. Right to Non-Discrimination

We will not discriminate against you for exercising your rights. This means we will not:

  • Deny you goods or services,
  • Charge you different prices or rates,
  • Provide you with a different level or quality of service,
  • unless the difference is reasonably related to the value provided by your data.

E. How to Exercise Your Rights

You may submit a verifiable consumer request by contacting us through any of the following methods:

Email: admin@codetochic.com
Web form: https://codetochic.com/contact

We may need to verify your identity before fulfilling your request to ensure the protection of your personal data.

F. Authorized Agent

You may authorize another person or entity (an “authorized agent”) to submit a request on your behalf. To process such a request, we may require:

  • Signed permission from you,
  • Proof of the agent’s identity, and
  • Verification of your own identity.
14. Your Rights Under the Virginia Consumer Data Protection Act (VCDPA)
If you are a resident of the Commonwealth of Virginia, the Virginia Consumer Data Protection Act (VCDPA) grants you specific rights regarding your personal data. This section outlines your rights and how you can exercise them, as well as how Code to Chic collects, uses, and protects personal data in accordance with the VCDPA.

A. Definitions under the VCDPA

Under the VCDPA, the following definitions apply:

  • “Personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person. It does not include de-identified data or publicly available information.
  • “Sensitive data” includes data revealing racial or ethnic origin, religious beliefs, mental or physical health diagnosis, sexual orientation, citizenship or immigration status, precise geolocation data, genetic or biometric data, personal data collected from a known child, and data used for profiling.
  • “Consumer” means a natural person who is a Virginia resident acting in an individual or household context (not in an employment or commercial context).

B. Personal Data Collected

We collect personal data that may include:

  • Contact information (e.g., name, email, phone)
  • Demographic details
  • Style and wardrobe preferences (when provided voluntarily)
  • Payment and billing information (if you purchase services)
  • Website activity (via cookies and analytics tools)

We do not knowingly collect or process sensitive personal data without your explicit consent.

C. Purposes for Processing Personal Data

We collect and process your personal data for the following purposes:

  • To provide and personalize our services
  • To deliver educational content and style advice
  • To communicate with you (newsletters, responses to inquiries, etc.)
  • To manage purchases, billing, and customer accounts
  • To improve website functionality and user experience
  • For internal analytics and performance tracking

D. Your Rights Under the VCDPA

As a Virginia resident, you have the right to:

  1. Confirm whether we process your personal data and access such data.
  2. Correct inaccuracies in your personal data.
  3. Delete personal data you provided to us or that we have otherwise obtained.
  4. Obtain a portable copy of your personal data in a readily usable format.
  5. Opt out of the processing of your personal data for:

  • Targeted advertising;
  • Sale of personal data;
  • Profiling that results in legal or similarly significant effects concerning you.

Note: Code to Chic™ does not sell your personal data or use it for profiling in furtherance of decisions that produce legal or similarly significant effects. If this policy changes, you will be notified and given an opportunity to opt out.

E. Exercising Your Rights

To exercise your rights under the VCDPA, please contact us using the information below. We will respond to your verifiable request within 45 days. If necessary, we may extend this period once for an additional 45 days, provided we notify you of the extension and a reason for the delay.

Mailing Address:
Code to Chic™
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com

You may make a request twice per calendar year free of charge. If we decline to act on your request, you may appeal our decision by contacting us again. We will respond to appeals within 60 days. If your appeal is denied, you have the right to contact the Virginia Attorney General to file a complaint.

F. Data Security and Retention

We implement reasonable administrative, technical, and physical safeguards to protect your personal data. We retain personal data only for as long as needed to fulfill the purposes outlined in this Privacy Policy or as required by law.

G. Non-Discrimination

We will not discriminate against you for exercising your rights under the VCDPA. Unless permitted by law, we will not:

  • Deny you goods or services;
  • Charge you different prices or rates;
  • Provide a different level or quality of service.
15. Your Rights Of Data Subjects In Other Jurisdictions (U.S.)
Residents of other U.S. states may have certain rights under their respective state privacy laws. As privacy legislation evolves across the United States, we are committed to maintaining transparency and providing access and control over personal data, consistent with applicable law.

A. States with Consumer Privacy Laws

If you are a resident of a U.S. state with enacted privacy laws - such as Colorado, Connecticut, Utah, or any other applicable jurisdiction - you may have the following rights:

  • The right to know what personal data we collect, use, and share.
  • The right to access your personal data.
  • The right to correct inaccuracies in your personal data.
  • The right to delete personal data under certain conditions.
  • The right to opt out of: targeted advertising; sale of personal data (if applicable); profiling that results in legal or similarly significant effects.
  • The right to data portability allowing you to request a copy of your personal data in a usable format.

B. Submitting a Request

If your state grants these rights, you may exercise them by submitting a verifiable consumer request using one of the following methods:

Mailing Address:
Code to Chic™
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com

Please include: your full name, the nature of your request, your state of residence, and sufficient information for us to verify your identity.

We will respond to verifiable consumer requests within the timeframe required by applicable state law - typically within 45 days. If additional time is required, we will inform you of the reason and extension period.

C. Appeals Process

If we deny your request, you may have the right to appeal our decision by contacting us again. We will provide you with an explanation for the denial and instructions on how to appeal. If your appeal is unsuccessful, you may contact your state Attorney General to submit a complaint.

D. No Discrimination

We will not discriminate against you for exercising your rights under any applicable privacy law. This includes denying you services, charging different prices, or providing a different level of service.
16. Your Rights Under the Australia Privacy Act 1988 and Notifiable Data Breaches (NDB) Scheme
If you are an Australian resident, you are entitled to specific rights under the Privacy Act 1988 (Cth) and the Notifiable Data Breaches (NDB) scheme, which are enforced by the Office of the Australian Information Commissioner (OAIC). These include:

A. Right to Access and Correction

You have the right to request access to any personal information we hold about you. You also have the right to request corrections if you believe the information we hold is inaccurate, out-of-date, incomplete, irrelevant, or misleading.

B. Right to Lodge a Complaint

If you believe that we have not complied with the Privacy Act or the Australian Privacy Principles (APPs), you have the right to lodge a complaint with us. If you are unsatisfied with our response, you may escalate the matter to the Office of the Australian Information Commissioner (OAIC).

C. Data Breach Notifications

In accordance with the NDB scheme, we are required to notify you and the OAIC if we become aware of a data breach that is likely to result in serious harm. This includes a clear description of the breach, the information involved, and recommended actions you should take in response.

How to Exercise Your Rights:

You may exercise any of the above rights by contacting us using the details below. We may request you to verify your identity before acting on your request to ensure your privacy is protected.

Mailing Address:
Code to Chic™
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com
17. Your Rights Under the Personal Information Protection and Electronic Documents Act (PIPEDA)
If you are a Canadian resident, you are entitled to certain rights under the Personal Information Protection and Electronic Documents Act (PIPEDA). These rights include:

  • The right to access the personal information we hold about you;
  • The right to request corrections to any inaccuracies in your personal information;
  • The right to withdraw your consent to the collection, use, or disclosure of your personal information, subject to legal or contractual obligations;
  • The right to know how your personal information is collected, used, and disclosed;
  • The right to challenge our compliance with PIPEDA.

How to Exercise Your Rights:

You may exercise any of the above rights by contacting us at:
Email: admin@codetochic.com

To help protect your privacy and maintain security, we may request specific information from you to verify your identity before processing your request. We will respond within the timeframes required by applicable Canadian privacy laws.
18. Children’s Privacy
Our website and services are not intended for children under the age of 16. We do not knowingly collect data from minors.
19. Third-Party Links
Our Website may contain links to third-party websites or resources. These are provided for your convenience or reference only.

We do not control, endorse, or assume responsibility for the content, privacy policies, or practices of any third-party websites. Once you leave our Website, your activities and information are governed by the terms and policies of the external site you visit.

We encourage you to review the privacy policies and terms of use of any third-party sites you interact with.
20. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time, without prior notice, to reflect changes in our practices, legal requirements, or service offerings. When we make changes, we will update the “Last Updated” date at the top of this page.

We encourage you to review this Privacy Policy periodically to stay informed about how we collect, use, and protect your information. Your continued use of the Website or our services after any changes constitutes your acceptance of the revised policy.
21. Contact Us
If you have questions about this policy or wish to exercise your rights, please contact:

Mailing Address:
Code to Chic™
Suite 320, 500 Rocky Vista Gardens NW
Calgary, Alberta T3G0C3
Canada
Email: admin@codetochic.com