Privacy Policy for FragmentedFrida.com
1. Introduction
At FragmentedFrida.com, we are steadfast in our commitment to protecting and respecting your privacy. This Privacy Policy sets forth the ways in which we collect, use, store, and disclose personal data in compliance with applicable data protection regulations, including the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). We recognize the importance of safeguarding your personal information and are dedicated to upholding the highest standards of privacy and data security.
2. Scope of This Policy & Role as Data Controller
This Privacy Policy applies to all users of the website located at fragmentedfrida.com (“Website”). This Policy governs how personal data is collected and processed when users engage with the Website, including account creation, online purchases, customer support interactions, subscription to communications, and general browsing.
FragmentedFrida.com, and its designated representatives, act as the data controller with respect to your personal data in accordance with the GDPR. As data controller, we determine the purposes and means of processing personal data collected through this Website.
3. Categories of Data We Collect
We may process various categories of personal data, including but not limited to the following:
a. Usage Data:
Includes data about how users interact with our Website such as IP address, browser type and version, device type, time zone settings, pages visited, clickstream data, and session duration.
b. Account Data:
Collected when you create an account or place an order. This includes your full name, billing address, shipping address, email address, and telephone number.
c. Profile Data:
Includes your purchase history, preferences, saved items, wish lists, and behavioral trends while engaging with the Website.
d. Communication Data:
Includes correspondence through email or website contact forms, customer service requests, inquiries, and feedback.
e. Technical Data:
Includes device identifiers, operating system details, browser plug-ins, internet service provider, and screen resolution.
f. Transaction Data:
Includes information regarding product orders, delivery arrangements, invoice details, and selected payment methods. Please note we do not store full credit/debit card details; payment processing is handled by PCI-DSS-compliant third-party providers.
g. Preference Data:
Includes your marketing preferences, communication consents, and areas of interest indicated on fragmentedfrida.com or inferred from your behavior.
4. Legal Bases for Processing Personal Data
We process personal data only where lawful under GDPR and other applicable laws. The legal bases include:
– Consent: In instances where we request your express consent for specific processing activities such as sending promotional emails.
– Contract: Where processing is necessary for the performance of a contract (e.g., fulfillment of an online purchase).
– Legal Obligation: When necessary to comply with statutory obligations.
– Legitimate Interests: For purposes such as website functionality, analytics, fraud prevention, and customer service, provided your rights and freedoms are not overridden.
5. Your Rights
Data subjects are afforded the following rights under the GDPR and CCPA, subject to applicable limitations:
– Right of Access: To obtain confirmation and access to your personal data we hold.
– Right to Rectification: To request correction of inaccurate or incomplete personal data.
– Right to Erasure (“Right to be Forgotten”): To request deletion of personal data where there is no lawful basis for continued processing.
– Right to Restriction of Processing: To restrict or suspend the processing of your data in certain circumstance.
– Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
– Right to Object: To object to processing based on legitimate interests or for direct marketing purposes.
– Right Not to Be Discriminated Against (CCPA): You will not be denied goods or services, charged differently, or provided a different level of service for exercising these rights.
You may exercise your rights by contacting us at [email protected].
6. Security Measures
We implement strict technical and organizational measures to ensure your personal information is kept secure. These measures include:
– Encryption of data in transit and at rest using industry-standard protocols.
– Controlled access to personal data limited to authorized personnel only.
– Regular system updates and monitoring for vulnerabilities.
– Periodic backups and disaster recovery planning.
– Security and privacy awareness training for staff.
7. International Transfers
If personal data is transferred outside the European Economic Area (EEA), we implement safeguards consistent with GDPR requirements, including:
– Use of the European Commission’s Standard Contractual Clauses (SCCs).
– Verification that recipient countries offer an adequate level of data protection.
– Additional contractual, organizational, and technical measures as required.
By using fragmentedfrida.com, you acknowledge and consent to the transfer of your data outside your jurisdiction when necessary for our operations.
8. Data Retention
Personal data is retained for no longer than necessary to fulfill the purposes for which it was collected and to meet legal, accounting, or reporting requirements. Retention periods include:
– Usage and Technical Data: Retained for up to 24 months for analytical purposes.
– Account and Profile Data: Retained for the duration of the active account and up to 6 years thereafter for legal or tax compliance.
– Transaction Data: Retained for 7 years in line with financial regulations.
– Communication Data: Retained up to 3 years from the date of last interaction.
– Preference Data: Retained until consent is withdrawn or data is no longer necessary.
9. Cookie Policy
fragmentedfrida.com uses cookies and similar technologies for various purposes:
– Essential Cookies: Necessary for core website functionality, such as basket features and secure login.
– Functional Cookies: Enhance user experience, remembering preferences or saved settings.
– Analytics Cookies: Help us understand how visitors use the Website, assess performance, and improve content (e.g., Google Analytics).
– Performance and Customization Cookies: Track user behavior to personalize and optimize experience.
Cookies do not collect personal identifiers unless you have explicitly provided them by engaging with account features.
10. Cookie Management & CCPA/GDPR Compliance
On your first visit, you will be presented with a cookie banner allowing you to manage cookie preferences in compliance with GDPR and CCPA requirements. You have the option to:
– Accept all cookies.
– Reject non-essential cookies.
– Customize cookie settings at any time via your browser or website tools.
If you are a California resident, the CCPA grants you the right to opt out of the “sale” of personal data and to access or delete cookies that store personal identifiers. We honor browser-based opt-out signals and provide mechanisms to exercise such rights in our cookie preferences portal.
11. Children’s Privacy
FragmentedFrida.com is not directed to children under 13 years of age, and we do not knowingly collect personal data from such individuals. If we learn or have reason to believe that a child under 13 has provided personal data, we will promptly delete such information from our records. Parents or guardians who believe their child has provided us with personal data are encouraged to contact us at [email protected].
12. Policy Updates & Notification
We reserve the right to amend this Privacy Policy to reflect changes in legal obligations, best practices, or operational requirements. In the event of material changes, we will take reasonable steps to notify users via email, Website banners, or account notifications. We encourage you to review this Policy periodically to remain informed of how your personal data is processed.
13. Contact Us
For questions, requests, complaints, or concerns regarding this Privacy Policy or the handling of your personal data, please contact:
Email: [email protected]
Website: https://fragmentedfrida.com/contact
We are committed to resolving privacy concerns diligently and transparently.
FragmentedFrida.com is fully committed to maintaining compliance with GDPR, CCPA, and data protection best practices. Should you wish to make a request related to your personal information or simply need clarification, you may reach out at any time to [email protected].