Privacy Policy
Sweet Glow Mama (“we,” “us,” or “our”) is committed to protecting your privacy and safeguarding the personal information you share with us. This Privacy Policy outlines our data collection, processing, and protection practices to ensure transparency and integrity in how we manage personal information. We are dedicated to upholding the principles of data minimization, fairness, and accountability in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant laws.
1. Scope of This Policy and Data Controller Role
This Privacy Policy applies to the personal data collected by us through our website, sweetglowmama.com, and any associated services, communications, or e-commerce features operated therein. For purposes of applicable data protection law, the data controller responsible for your personal data is Sweet Glow Mama.
Our processing of your data is governed by this Privacy Policy except where separate terms are provided. By accessing or using sweetglowmama.com, you acknowledge that you have read and understood this policy.
2. Categories of Data Processed
We may collect and process the following categories of personal data:
– Usage Data: Includes information about your use of our website, browsing actions, IP address, browser type and version, referring URLs, time zone settings, page interaction data, and session information.
– Account Data: Includes your first and last name, billing and shipping address, email address, and optionally, your phone number when creating an account or placing an order.
– Profile Data: Includes your preferences, purchase history, wish lists, and behavioral patterns on the site.
– Communication Data: Includes communications you submit through contact forms, customer service inquiries, email correspondences, and message logs.
– Technical Data: Includes information about the device and technology used to access sweetglowmama.com, such as operating system, hardware, unique device identifiers, and browser settings.
– Transaction Data: Includes payment method details (processed by third-party providers), order details, shipping information, delivery status, and refund processing.
– Preference Data: Includes data associated with your marketing subscriptions, email communication preferences, and product interest information collected through questionnaires or browsing behavior.
3. Legal Bases for Processing
We process your personal data lawfully under the following legal bases:
– Performance of Contract: Where the processing is necessary to fulfill your purchase orders or requests (e.g., account creation, order delivery).
– Consent: Where you voluntarily provide your personal data for marketing communications or accept cookies. You may withdraw consent at any time without affecting the lawfulness of prior processing.
– Legitimate Interests: Where processing is necessary for our business interests — such as fraud prevention, website improvement, direct marketing (within legal bounds), and responding to inquiries — provided these interests are not overridden by your rights and freedoms.
– Compliance with Legal Obligations: Where processing is required for compliance with tax, consumer rights, or regulatory laws.
4. Your Rights
As a data subject, subject to limitations under applicable law, you have the following rights:
– Right of Access – To obtain confirmation about whether and how we process your personal data and to request a copy of it.
– Right to Rectification – To request correction of any inaccurate or incomplete personal data.
– Right to Erasure – To request deletion of personal data, especially in cases where it is no longer necessary or where consent is withdrawn.
– Right to Restriction – To request the limitation of processing under specified circumstances.
– Right to Data Portability – To receive your personal data in a structured, commonly used, machine-readable format and have that data transmitted to another controller, where technically feasible.
– Right to Object – To object to processing carried out based on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent – Where processing is based on consent, you have the right to withdraw it at any time.
To exercise any of these rights, contact us at [email protected].
5. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with personal data. Our safeguards include, but are not limited to:
– Secure socket layer (SSL) encryption for data in transit
– Secure data storage and password hashing
– Role-based access control and user authentication
– Regular security reviews and vulnerability testing
– Staff training on data protection best practices
– System backups and disaster recovery protocols
6. International Data Transfers
Where we transfer personal data outside the country in which it was collected, including to service providers and processors located in jurisdictions that may not offer the same level of data protection laws, we ensure appropriate safeguards are in place. This includes the use of:
– Standard Contractual Clauses approved by the European Commission
– Data processing agreements with our vendors
– Regional compliance programs such as the UK or Swiss addendums, as needed
You may request more information on these safeguards by contacting us.
7. Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy, including for satisfying legal, accounting, and regulatory requirements. Our retention periods are determined as follows:
– Account and Profile Data: Retained while the account is active or as needed for legitimate business purposes.
– Transactional Data: Retained for a minimum of 6 years for financial and accounting compliance.
– Cookie and Tracking Data: Retained according to cookie type (see Cookie Policy) with expiration aligned to purposes (from session-based to up to 2 years).
– Communication Logs: Retained for up to 3 years following the conclusion of support interaction.
– Marketing Preference Data: Retained until consent is withdrawn or for up to 5 years for record-keeping.
8. Cookies and Tracking Technologies
We use cookies and similar tracking technologies on sweetglowmama.com to enhance user experience, analyze performance, and enable personalized advertising. Our cookie categories include:
– Essential Cookies: Required for core website functionality such as secure checkout and login authentication.
– Functional Cookies: Allow personalization of content and remember preferences across sessions.
– Analytics Cookies: Collect anonymous data to help us understand how visitors interact with the website and improve user experience (e.g., Google Analytics).
– Performance and Advertising Cookies: Track browsing behavior for statistics and targeted marketing (e.g., to display personalized product ads).
9. Cookie Management and Compliance
Upon your first visit, we will request your consent to non-essential cookies via a cookie banner in accordance with GDPR and CCPA requirements. You may manage cookie preferences via your browser settings or use the cookie settings panel at the bottom of the website page.
Under CCPA, you may also request that we do not “sell” your personal information (as defined by CCPA) by submitting a Do Not Sell My Personal Information request via [email protected].
10. Children’s Privacy
sweetglowmama.com is not directed to or intended for use by children under the age of 13. We do not knowingly collect or process personal data from children without verifiable parental consent. If we discover that a child under 13 has provided us with personal data, we will take steps to delete such data promptly.
If you believe we may have collected data from a child under 13, please contact us immediately at [email protected].
11. Policy Updates
We reserve the right to modify this Privacy Policy at any time in order to reflect legal, technological, or operational changes. We encourage you to review this page periodically. Where required by law, we will provide direct notice of substantial policy changes, which may include updated banners, email notifications, or user prompts at sweetglowmama.com.
12. Contact Information
If you have any questions, requests, or concerns related to this Privacy Policy or the handling of your personal data, you may contact us at:
Sweet Glow Mama
Email: [email protected]
Website: sweetglowmama.com
We are committed to maintaining legal compliance with all applicable data protection frameworks. Please reach out if you wish to exercise your data rights or raise concerns regarding privacy on sweetglowmama.com.