Privacy Policy
1. Introduction
At ursulasebastine.com (“we,” “our,” or “us”), your privacy is of paramount importance. We are committed to protecting your personal data and upholding your rights under applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018, as amended (“CCPA”). This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit or interact with our website and services.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of ursulasebastine.com (“Website”), and any related online services or communications. We act as the data controller in relation to the processing of your personal data under GDPR, meaning that we determine the purposes and means of processing your data. If you are a California resident, this policy also serves as our notice of collection pursuant to the CCPA.
3. Categories of Data Processed
We may process the following categories of personal data, either provided by you directly or collected automatically through your interaction with our Website.
A. Usage Data:
– Browser type/version
– IP address
– Time zone setting and location
– Access times and page interactions
– Session duration
– Referring URLs
B. Account Data:
– Full name
– Email address
– Physical address
– Telephone number
C. Profile Data:
– Purchase history
– User preferences and saved items
– Behavioral interaction with the Website
– Interests and bespoke settings
D. Communication Data:
– Contents of customer support inquiries
– Messages sent via contact forms
– Email correspondences
– Feedback and dispute resolutions
E. Technical Data:
– Device identifiers
– Operating system and platform details
– Network/browser settings
– Error logs and diagnostics
F. Transaction Data:
– Payment method details (processed via third-party providers)
– Delivery address
– Order and billing information
G. Preference Data:
– Communication and marketing preferences
– Record of consent to marketing materials
– Product categories of interest
4. Legal Bases for Processing
We process your personal data in accordance with applicable legal grounds, including:
– Consent: Where you have explicitly consented to the processing (e.g., for marketing communications).
– Contract: Where processing is necessary for the performance of an agreement with you, such as to provide products or services.
– Legal Obligation: Where we are required to comply with a legal obligation.
– Legitimate Interests: Where we process data to pursue our legitimate business interests provided your rights do not override such interests, including to improve our Website, understand usage patterns, and prevent fraud.
5. Your Rights
As a user under GDPR and the CCPA, you may exercise the following rights:
Under GDPR:
– Right of Access: Request access to your personal data and related information.
– Right to Rectification: Correct incomplete or inaccurate data.
– Right to Erasure: Request deletion of your personal data, subject to legal limitations.
– Right to Restriction: Restrict processing under certain conditions.
– Right to Data Portability: Receive data in a structured, commonly used, machine-readable format.
– Right to Object: Object to processing for direct marketing or based on legitimate interest.
Under CCPA:
– Right to Know: Request disclosure of categories and specific pieces of information collected.
– Right to Delete: Request deletion of your personal information.
– Right to Opt-Out: Opt out of the sale or sharing of personal data (we do not sell data).
– Right to Non-Discrimination: You will not be penalized for exercising your rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We employ a combination of technical and organizational safeguards to ensure the confidentiality, integrity, and availability of your personal data. These measures include but are not limited to:
– SSL/TLS encryption for data transmission
– Role-based access controls and authentication protocols
– Regular data backups to secure storage
– Security awareness training for team members
– Secure coding practices and vulnerability assessment
7. International Transfers
If your data is transferred outside the European Economic Area (EEA) or other data-protected jurisdictions, we ensure these transfers comply with applicable law. We implement Standard Contractual Clauses (SCCs) and supplementary measures to provide an adequate level of data protection. By using our Website, you acknowledge that your data may be transferred to jurisdictions which may not offer equivalent data protections, but we take all necessary steps to safeguard your data during such transfers.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods include:
– Account Data: Retained for the duration of your account and up to 6 years thereafter for compliance.
– Transaction Data: Retained for 7 years for auditing and tax obligations.
– Communication Data: Retained for 3 years post-interaction.
– Technical and Usage Data: Retained for up to 2 years for analytics purposes.
– Marketing Preferences: Retained until user withdraws consent or unsubscribes.
9. Cookie Policy
Our Website uses cookies and similar technologies to enhance user experience, deliver core functionality, and analyze Website usage.
Types of cookies include:
– Essential Cookies: Necessary for navigation and core functionalities; cannot be disabled.
– Functional Cookies: Enable enhanced personalization features.
– Analytics Cookies: Gather statistics about website usage to improve performance.
– Performance Cookies: Monitor errors and responsiveness to ensure availability.
10. Cookie Management and Compliance
Upon your first visit to ursulasebastine.com, you are presented with a cookie banner that allows you to manage preferences in compliance with GDPR and CCPA. You may revoke consent or modify preferences at any time through the footer link of the Website or your browser settings. We do not deploy non-essential cookies until you have given consent.
Do Not Track (DNT) requests from browsers are respected to the extent that existing industry protocols allow.
11. Protection of Minors
This Website is not intended for, nor directed at, children under the age of 13. We do not knowingly collect personal data from individuals under 13 years of age. If we become aware that data has been collected from a minor without verified parental consent, we will take appropriate steps to delete such data from our systems.
12. Changes to This Policy
We reserve the right to update or amend this Privacy Policy at any time in order to reflect legal, technical, or operational changes. When changes occur, we will update the content promptly and provide notice within the Website, consistent with legal obligations.
13. Contacting Us
If you have any questions, requests, or concerns regarding your personal data, this Privacy Policy, or your rights under applicable law, you may contact us at:
Email: [email protected]
We are committed to complying with all applicable data protection laws and protecting your privacy. Please do not hesitate to reach out to us with any privacy-related inquiries.