Privacy Policy for girlstoking.com
1. Introduction
At girlstoking.com, we are steadfast in our commitment to safeguarding the privacy, security, and personal data of our users. We understand the value of trust and are dedicated to handling your information in a manner that respects your rights and complies with all applicable data protection laws. This Privacy Policy outlines how we collect, use, store, and protect your personal data, ensuring full compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy regulations.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all data collected through your interactions with girlstoking.com, whether through the website, communication channels, or transactions. girlstoking.com acts as the “data controller” with respect to your personal data collected within the scope of this Policy. If you have questions or concerns regarding how your data is managed, please contact us at [email protected].
3. Categories of Data Processed
To provide you with the best experience possible, we may collect, use, and store various categories of personal data, as delineated below:
a) Usage Data
Includes information about how you interact with the website, such as IP address, browser type, device identifiers, referral sources, pages visited, and session duration. This is used to monitor performance and improve user experience.
b) Account Data
If you create an account or make a purchase, we may collect your name, email address, billing and shipping address, phone number, and account credentials.
c) Profile Data
Includes data related to your interests, preferences, purchase history, feedback, and behavioral activity on the site, such as saved items or interactions with products.
d) Communication Data
Records of your correspondence with us, including inquiries, support requests, complaint history, and other contact-related interactions.
e) Technical Data
Details about your device and system, such as operating system, hardware model, screen resolution, language preferences, and system configurations.
f) Transaction Data
Includes details regarding purchases or orders made through the site, such as payment method, delivery details, and transaction status. Payment processing is conducted through third-party providers compliant with PCI-DSS standards.
g) Preference Data
Includes data related to your marketing preferences, newsletter subscriptions, product interests, and participation in promotional campaigns.
4. Legal Bases for Processing
We process your personal data under one or more of the following lawful bases set forth under GDPR and other privacy regulations:
– Consent – When you voluntarily provide data, such as registering your account or opting into marketing communications.
– Performance of Contract – When processing is necessary to fulfill contractual obligations, such as fulfilling an order or responding to customer inquiries.
– Legitimate Interest – When processing supports activities such as data security, fraud prevention, or website enhancement, balanced against your fundamental rights.
– Compliance with Legal Obligations – When required to comply with legal mandates or respond to lawful governmental requests.
5. Your Rights
As a data subject, you are entitled to invoke specific rights under GDPR and CCPA, including:
– Right of Access – Request a copy of the personal data we hold about you.
– Right to Rectification – Request that inaccurate or incomplete data be corrected or completed.
– Right to Erasure (“Right to Be Forgotten”) – Request deletion of your personal data, subject to legal and contractual limitations.
– Right to Restriction – Request that we limit how we process your data under certain circumstances.
– Right to Data Portability – Request transmission of your data directly to another controller, where technically feasible.
– Right to Object – Object to the processing of your personal data for direct marketing purposes or based on our legitimate interests.
– Right to Non-Discrimination – Under CCPA, you have the right not to receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We employ a combination of technical, administrative, and physical safeguards to protect personal data, such as:
– End-to-end data encryption during storage and transmission.
– Robust access control and authentication protocols.
– Secure server environments and routine vulnerability monitoring.
– Scheduled data backups and disaster recovery planning.
– Staff training to ensure awareness and compliance with data protection practices.
While we strive to use commercially acceptable means to protect your data, no method of transmission or storage is 100% secure.
7. International Data Transfers
Due to the global nature of the internet, your personal data may be transferred to and processed in jurisdictions outside of your home country. Whenever data is transferred internationally, we implement adequate safeguards, such as Standard Contractual Clauses approved by the European Commission and adherence to local regulations, to ensure your data is treated securely and lawfully.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, accounting, or regulatory requirements. General retention periods include:
– Usage Data: 12 months
– Account and Profile Data: Duration of account plus 6 years
– Communication Data: 3 years after last interaction
– Technical Data: 12 months
– Transaction Data: 7 years (for tax/legal compliance)
– Preference Data: Updated as per your latest submission
Once the applicable retention period concludes, your data will be securely deleted or anonymized.
9. Cookie Policy
girlstoking.com uses cookies and similar tracking technologies to optimize user experience, enhance security, and improve our services. Cookies fall into the following categories:
– Essential Cookies – Required for basic site functionality and security. These cannot be disabled.
– Functional Cookies – Allow the website to remember user preferences, such as login details and language settings.
– Analytics Cookies – Help us understand user behavior for site optimization by collecting anonymized data.
– Performance Cookies – Monitor system performance to identify and resolve technical issues.
Refer to our cookie management tools to view each cookie’s purpose and duration.
10. Cookie Management and GDPR/CCPA Compliance
You may manage your cookie preferences directly through the cookie consent banner displayed upon your first visit to girlstoking.com. This system enables you to accept or decline non-essential cookies in compliance with GDPR.
Under CCPA, you may also opt-out of the sale of personal data, where applicable, and request disclosure of data collected via cookies. To exercise these rights, you may contact us at [email protected] or use any in-site privacy preference tools.
You may also adjust your browser settings to block or delete cookies at any time; however, this may impair some functions of the site.
11. Children’s Privacy
girlstoking.com is not intended for use by children under the age of 13, and we do not knowingly collect personal data from individuals in this age group. If we become aware that we have collected personal data from a child under 13 without verified parental consent, we will take steps to promptly delete the data.
12. Policy Updates and User Notifications
This Privacy Policy may be revised periodically to reflect changes in legal requirements, technology, or business practices. When material changes occur, we will provide prominent notification on girlstoking.com or by directly contacting you through provided channels. We encourage you to review this Policy regularly to stay informed about how we are protecting your data.
13. Contact Us
If you have any questions regarding this Privacy Policy or wish to exercise your rights, please reach out to us at:
Email: [email protected]
We are committed to maintaining the highest level of data protection and transparency. Your trust is important to us, and we welcome any questions or comments concerning your privacy rights or how we process your data.