Privacy Policy
1. Introduction
At girlstoking.com (“we”, “us”, or “our”), we are committed to protecting your privacy and safeguarding your personal data. We recognize the importance of transparency, accountability, and your trust. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By using our website, you agree to the practices described herein.
2. Scope & Data Controller
This Privacy Policy applies to your use of the website girlstoking.com and any associated services, products, or features that reference this Privacy Policy. We act as the data controller of your personal data for the purposes of the GDPR. As such, we determine the purposes and means of processing your personal data.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
3.1 Usage Data
Includes information about how you use our website and services. This data includes your browser type and version, IP address, referring URLs, device identifiers, time zone settings, and usage behaviors during each session.
3.2 Account Data
Data you provide during account registration or profile creation, comprising your name, billing and shipping addresses, email address, and phone number.
3.3 Profile Data
Information related to your interests, product selections, purchase history, and behavioral data derived from your interactions with girlstoking.com, as well as preferences and feedback.
3.4 Communication Data
Includes your submitted queries, support requests, messages sent to our customer service team, and any correspondence through contact forms or other communication methods.
3.5 Technical Data
Data collected from your device such as operating system, hardware model, browser plug-ins, and Internet service identifiers used to access our platform.
3.6 Transaction Data
Includes details concerning payments made, order history, billing completion, delivery preferences, and shipping confirmations, excluding sensitive payment card information.
3.7 Preference Data
Marketing preferences, subscription settings, product interests, and consent choices related to targeted communications or promotions.
4. Legal Bases for Processing
We rely on the following lawful bases to collect and process your personal data under the GDPR:
– Consent: When you explicitly agree to our processing, e.g., subscribing to newsletters or accepting cookies.
– Contract: When processing is necessary to fulfill a contract or precontractual conditions (e.g., to deliver purchased items or manage an account).
– Legitimate Interests: To analyze usage trends, improve our services, manage our business, and detect or prevent fraud, provided such interests are not overridden by your rights.
– Legal Obligation: To comply with laws and regulations applicable to us.
– Public Interest: As required by judicial or governmental proceedings.
5. Your Rights
Subject to applicable law, you may exercise the following rights concerning your personal data:
– Right to Access: You have the right to request a copy of the personal data we hold about you.
– Right to Rectification: You can request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You may request deletion of your personal data under certain circumstances.
– Right to Restriction: You have the right to limit the processing of your data.
– Right to Data Portability: You may request to receive your data in a portable format or transfer it to another controller.
– Right to Object: You may object to processing based on legitimate interest or direct marketing.
– Right Not to Be Subject to Automated Decision-Making: You have the right to not be subject to profiling or automated decisions that significantly affect you.
For California residents under the CCPA, you further have:
– The right to know the categories and specific pieces of personal information we collect;
– The right to opt-out of the sale of your personal information (Note: girlstoking.com does not sell personal data);
– The right to nondiscrimination for exercising your consumer rights.
To exercise these rights, contact us at [email protected].
6. Security Measures
We employ technical and organizational safeguards to protect your personal data, including:
– Encryption: Data encryption protocols are employed for data at rest and in transit.
– Access Controls: Role-based access and authentication for authorized personnel only.
– Data Backups: Secure backups are maintained to ensure data integrity.
– Staff Training: Ongoing training ensures our team remains compliant with data protection best practices.
Despite our efforts, no method of data transmission or storage is entirely secure. You acknowledge this risk when using our website.
7. International Transfers
Your personal information may be transferred outside your country of residence, including to countries that may not have equivalent data protection standards. Where applicable, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission to ensure adequate levels of data protection for international data transfers.
8. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected or to comply with legal, regulatory, tax, accounting, or reporting obligations. Retention periods vary depending on the type of data and are as follows:
– Usage and Technical Data: 12 months
– Account and Profile Data: As long as the account remains active
– Communication Data: 24 months after last user interaction
– Transaction Data: 7 years for financial and legal requirements
– Preference Data: Until consent is withdrawn or updated
9. Cookie Policy
We use cookies and similar technologies on girlstoking.com to provide functionality, analyze traffic, and enhance user experience. The types of cookies include:
– Essential Cookies: Necessary for core website functionality (e.g., login, navigation).
– Functional Cookies: Enable enhanced functionality and personalization.
– Analytics Cookies: Collect data on user behavior for service improvements.
– Performance Cookies: Measure and improve the performance of our site.
10. Cookie Management & Compliance
Users can manage cookie preferences through our cookie consent tool or via browser settings. Under GDPR and CCPA, you have the right to decline non-essential cookies and revoke your consent at any time. You will not be denied service or discriminated against for exercising your rights.
11. Children’s Privacy
girlstoking.com is not intended for children under the age of 13. We do not knowingly collect or process personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at [email protected] so that we can investigate and delete the information.
12. Updates to this Policy
We reserve the right to update this Privacy Policy at any time to reflect changes in law, our data practices, or the functionality of girlstoking.com. Where legally required, we will notify you of significant updates through account notifications, banners, or emails.
13. Contact Us
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your legal rights, please contact us at:
Email: [email protected]
We are committed to full compliance with applicable data protection regulations. Your privacy matters to us. Please reach out if you need assistance understanding or exercising your rights regarding your personal data.