PRIVACY POLICY
1. Introduction
At Tiny Tin Lady (“we,” “us,” or “our”), accessible via tinytinlady.com (“the Website”), we take your privacy and the protection of your personal data seriously. We are committed to respecting and safeguarding the privacy of all individuals who interact with our Website, products, and services. This Privacy Policy outlines our practices concerning the collection, use, disclosure, and protection of your personal information, in compliance with all relevant data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We emphasize transparency, user control, and responsible data handling in all our operations.
2. Scope and Role as Data Controller
This Privacy Policy applies to personal data collected through our Website, tinytinlady.com, and any related digital platforms or communications. For the purpose of data protection legislation, we act as the “Data Controller” in relation to the personal information you provide. This means we determine the purposes and means by which your personal data is processed.
3. Categories of Data We Process
We may collect and process various categories of information about you, depending on your interactions with our services:
a. Usage Data: Includes information about how you interact with our Website, such as your IP address, browser type, time zone settings, referral sources, session duration, pages visited, and device identifiers.
b. Account Data: Provided by you directly, this may include your full name, mailing address, email address, phone number, and account credentials when setting up an account or making a purchase.
c. Profile Data: Information related to your preferences, behavior on the Website, purchase history, and responses to surveys or promotional offers.
d. Communication Data: Includes records of your communication with us, such as emails, live chat messages, contact form submissions, and support requests.
e. Technical Data: Comprises information about the devices and systems you use to access tinytinlady.com, such as operating system, browser version, screen resolution, language settings, and hardware configuration.
f. Transaction Data: Includes details about purchases you make through tinytinlady.com, such as billing information, shipping addresses, payment methods (processed securely by third-party payment providers), and order history.
g. Preference Data: Your indicated choices regarding marketing communications, preferred content, and product interest areas.
4. Legal Bases for Processing Personal Data
We rely on the following legal bases to lawfully process your personal data under the GDPR:
– Consent: Where you have given clear consent for us to process your data for specific purposes, such as receiving marketing emails.
– Contractual Necessity: When processing is essential for the performance of a contract with you, including order fulfillment and providing access to account features.
– Legal Obligation: Where we are required to comply with applicable legal mandates.
– Legitimate Interests: When processing is necessary for our legitimate interests, provided that your fundamental rights and freedoms do not override those interests. Examples include improving our Website, preventing fraud, and communicating with you.
Under the CCPA, we collect and process data as “businesses” for the legitimate purposes outlined above and do not sell personal data as defined by applicable California law.
5. Your Data Protection Rights
Under the GDPR and CCPA, you are entitled to specific rights regarding your personal data:
– Right of Access: You may request confirmation as to whether we are processing your personal data and obtain a copy of that data.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request the deletion of your personal data under certain legal grounds.
– Right to Restriction: You may ask us to restrict processing when you contest the accuracy of data, object to its processing, or when the processing is unlawful.
– Right to Data Portability: You may request to receive your data in a commonly used, machine-readable format and to have it transmitted to another controller.
To exercise these rights, please contact us at [email protected]. We will respond to valid requests in accordance with applicable laws and within a reasonable timeframe.
6. Security Measures
We implement robust organizational, technical, and administrative measures to secure your data against unauthorized access, disclosure, alteration, or destruction. These include:
– End-to-end encryption of data transmissions,
– Secure socket layer (SSL) use throughout the Website,
– Access controls and role-based permissions,
– Periodic system audits and vulnerability assessments,
– Routine data backups and secure storage,
– Staff awareness and data protection training.
Nevertheless, no system can be guaranteed 100% secure. We encourage you to use strong passwords, remain vigilant with credentials, and notify us promptly of any security concerns.
7. International Data Transfers
As we may use cloud-based services or third-party processors located outside your jurisdiction, your personal data could be transferred to and stored in countries with different data protection laws. Where applicable, we rely on:
– Standard Contractual Clauses approved by the European Commission,
– Adequacy decisions,
– Binding Corporate Rules or equivalent safeguards to ensure the lawful and secure transfer of your information.
By using the Website, you acknowledge and agree to such transfers, subject to applicable legal protections.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, and reporting requirements. Retention periods vary by data type:
– Usage and Technical Data: up to 26 months for analytics purposes;
– Account, Profile, and Transaction Data: up to 7 years for legal compliance (e.g., financial/tax records);
– Communication Data: retained for up to 3 years post-interaction;
– Preference Data: until withdrawn or otherwise updated.
Upon expiration of the retention period, data is securely deleted or irreversibly anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies on tinytinlady.com to enhance user experience, measure performance, and personalize content. Cookies are placed on your device and may include:
– Essential Cookies: Necessary to operate core features including login, carts, and secure access.
– Functional Cookies: Support enhanced functionality like remembering login preferences or language selection.
– Analytics Cookies: Collect aggregate data about page visits, bounce rates, and user interaction to improve performance. These may include third-party tools such as Google Analytics.
– Performance Cookies: Help us understand Website speed and usability, optimize loading times, and ensure efficient delivery.
10. Cookie Management and Compliance
You may manage your cookie preferences using our website’s cookie consent tool, which allows you to accept or reject non-essential cookies in accordance with GDPR and CCPA requirements. Additionally, you may disable cookies through your browser settings; however, doing so may affect the Website’s functionality.
For California residents, you also have the right to opt out of the sale or sharing of personal data (as defined under the CCPA); we do not engage in such practices.
11. Children’s Privacy
Protecting children’s privacy is particularly important. Our Website is not directed to or intended for use by children under the age of 13. We do not knowingly collect or solicit personal information from anyone under 13. If we become aware that we have inadvertently collected such data, we will delete it without delay. Parents or guardians who believe that their child under 13 has provided us with personal data should contact us at [email protected].
12. Policy Updates
We reserve the right to update this Privacy Policy at any time to reflect changes in legal obligations or operational practices. When changes are made, we will revise the policy accordingly and may notify you through email or a prominent notice on our Website, as required by applicable law. Your continued use of the Website after such changes constitutes acceptance of the updated policy.
13. Contacting Us
If you have any questions, requests, or concerns regarding your personal data or this Privacy Policy, please contact:
Tiny Tin Lady
Email: [email protected]
Website: tinytinlady.com
We are committed to resolving inquiries in a timely, transparent, and respectful manner.
We value your privacy and affirm our ongoing commitment to maintain compliance with all applicable data protection laws and regulations, including the GDPR and CCPA. Please contact us at the email address above if you have any concerns or would like to exercise your data rights.