Privacy Policy
1. Introduction
At discoverthebabadook.com, your privacy is of paramount importance to us. We are firmly committed to protecting the personal information of our users and ensuring transparency in how we collect, use, store, and protect your data. This Privacy Policy outlines our practices regarding the collection and processing of personal data and reflects our ongoing commitment to compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We prioritize your privacy by design and by default.
2. Scope of the Policy and Role of the Data Controller
This Privacy Policy applies to all visitors, users, and others who access or interact with the website located at discoverthebabadook.com (hereinafter referred to as “the Site”). For the purposes of the GDPR and applicable data protection legislation, discoverthebabadook.com is the data controller responsible for the processing of personal information collected through the Site.
If you have any questions about our privacy practices, you may contact us at: [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data:
a. Usage Data:
This includes information such as your IP address, browser type and version, operating system, referring URLs, pages visited, time spent on pages, and other diagnostic data acquired through your interaction with the Site.
b. Account Data:
If you create an account or submit your information, we may collect your full name, billing/shipping address, email address, and phone number.
c. Profile Data:
This covers your preferences, purchase history, favorite products, and user behavior (such as wishlists, saved settings), which help us personalize and enhance your experience.
d. Communication Data:
Includes data you provide when you contact us for customer support, feedback, or inquiries, such as messages, contact requests, and email correspondence.
e. Technical Data:
This includes technical identifiers and other data required for proper site operation—such as device identifiers, screen resolution, language selections, time zone settings, and system configurations.
f. Transaction Data:
Includes details pertaining to purchases made through discoverthebabadook.com, such as items bought, payment method, fulfillment details, shipping status, and transaction identifiers. Payment data is handled securely through third-party payment processors, and we do not store full financial credentials.
g. Preference Data:
Covers your marketing and communication preferences, opt-in and opt-out choices, and interests related to products and promotions.
4. Legal Bases for Processing
Our processing of personal data is grounded in one or more of the following legal bases:
– Consent: Where you have freely given us clear permission (e.g., for marketing emails or cookies).
– Contractual Necessity: To fulfill commitments under a contractual relationship (e.g., account creation, order delivery).
– Legal Obligation: Where necessary to comply with a legal obligation.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your fundamental rights or freedoms (e.g., fraud prevention, analytics, improving the Site).
5. Your Data Subject Rights
You have specific rights under the GDPR, CCPA, or other applicable laws. These include:
– Right of Access: You may request access to your personal data we maintain.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, subject to legal exceptions.
– Right to Restriction: You may request limited processing under certain conditions.
– Right to Data Portability: You may request to receive your data in a structured, commonly used format and have it transmitted to another controller.
– Right to Object: You may object to certain types of processing, including direct marketing.
– Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, please contact us at [email protected]. We will verify your identity prior to processing your request.
6. Security Measures
We implement appropriate technical and organizational measures designed to secure your personal data against unauthorized access, alteration, disclosure, or destruction. These include, but are not limited to:
– Encryption of data in transit and at rest
– Role-based access control and authentication measures
– Regular security audits and vulnerability assessments
– Employee privacy and security training
– Secure system configurations and data backup protocols
7. International Data Transfers
Your information may be processed or stored outside of your local jurisdiction, including in countries that may not provide the same level of protection as your jurisdiction. Where necessary, we implement safeguards such as Standard Contractual Clauses approved by the European Commission or rely on other legally valid transfer mechanisms to ensure your data is protected according to applicable law.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying legal, regulatory, tax, accounting, or reporting requirements. Retention periods vary depending on the type of data:
– Usage & Technical Data: Retained for 12 months for analytics and security.
– Account & Profile Data: Retained for as long as the user account remains active + 3 years thereafter.
– Transaction Data: Retained for 7 years to comply with financial record-keeping obligations.
– Communication Data: Retained for up to 3 years post-interaction.
– Preference Data: Retained until consent is withdrawn or preferences are updated.
9. Cookie Policy
The Site uses cookies and similar tracking technologies to enhance your experience. These include:
– Essential Cookies: Required for website functionality (e.g., login, shopping cart).
– Functional Cookies: Remember choices such as language or region.
– Analytics Cookies: Help us understand usage patterns and improve our services (e.g., Google Analytics).
– Performance & Optimization Cookies: Monitor performance and ensure availability and reliability.
10. Cookie Management and Compliance
You have the ability to control and manage your cookie preferences through our cookie banner and settings page. First-time visitors will be presented with options to Accept or Manage Cookies in compliance with GDPR and CCPA requirements.
Additionally, you may change settings within your web browser to block or delete cookies. Please note that disabling certain cookies may impair the functionality of the Site.
For California residents, you have the right to opt-out of the “sale” of your personal information as defined by the CCPA. We do not sell your personal information in the traditional sense but use certain tools that may be interpreted as selling data under CCPA. You can opt out of such practices through our “Do Not Sell My Personal Information” link.
11. Children’s Privacy
This Site is not directed to children under the age of 13, and we do not knowingly collect personal information from them. If we become aware that personal data has been collected from a child under this age without verifiable parental consent, we will take appropriate steps to delete the data. Parents or guardians who believe we have collected personal data from a child may contact us at [email protected].
12. Updates to This Policy
We reserve the right to amend or update this Privacy Policy at any time to reflect changes in legal, regulatory, or operational requirements, or our data processing practices. Substantial changes will be communicated via the Site or directly through contact channels you have provided.
We encourage you to review this Policy periodically for any updates.
13. Contact Us
If you have questions, concerns, or wish to exercise any of your data protection rights, please contact us at:
Email: [email protected]
We are committed to resolving privacy-related concerns promptly and transparently.
Conclusion
We are committed to upholding the highest standards of data privacy and protection in accordance with applicable data protection laws. For any concerns related to your personal data or this Privacy Policy, please do not hesitate to contact us at [email protected].