Privacy Policy
1. Introduction
At Tiny Tin Lady (“we,” “us,” or “our”), we are firmly committed to respecting and protecting your privacy. Your personal data is important to us, and we are dedicated to ensuring you understand how it is collected, used, and secured in connection with your use of our website, accessible at tinytinlady.com (“Website”). We take a privacy-first approach to data management, striving for transparency, accountability, and integrity in all of our interactions with your personal information.
2. Scope of Policy and Data Controller Role
This Privacy Policy covers the processing of personal data collected through tinytinlady.com and any related digital services. For the purposes of both the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), we act as the “data controller” of your personal data. This means we determine the purposes and means of processing your personal information.
3. Categories of Data Processed
We may collect and process the following categories of personal data, depending on your interaction with our Website:
a. Usage Data
Information about how you interact with the Website, including IP address, browser type, time zone settings, pages visited, time and date of access, and referring URLs.
b. Account Data
Any personal information submitted through account registration or checkout processes, including your full name, postal address, email address, and phone number.
c. Profile Data
Details provided in the course of using personalized features, such as your purchase history, product preferences, and behavioral data generated through navigation or engagement with the Website.
d. Communication Data
Records of communications you initiate with us (e.g., emails, support requests, social media interactions), including timestamps, correspondence content, and follow-up history.
e. Technical Data
Device-specific data such as operating system, device type, browser settings, screen resolution, and language preferences.
f. Transaction Data
Details related to your purchases through the Website, including product details, billing information (excluding full payment card numbers), shipping addresses, and purchase statuses.
g. Preference Data
Information related to your explicit consents regarding newsletters, marketing communications, and stated interests in our products or services.
4. Legal Bases for Processing
We process your personal data on the basis of the following legal grounds, as applicable:
– Consent: Where you have provided explicit consent for us to collect and process your data, e.g., opting into marketing emails.
– Contractual Necessity: To fulfill our contractual obligations to you, such as processing orders, payments, and customer support inquiries.
– Legal Obligation: Where necessary to comply with legal requirements (e.g., tax regulations).
– Legitimate Interests: Where processing is necessary for our legitimate interests, such as enhancing user experience, preventing fraud, or improving website security—provided that these interests are not overridden by your privacy rights.
5. Your Rights
As a user, you have the following rights under applicable data protection laws:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
– Right to Erasure: You may request that we delete your personal data, subject to certain limitations.
– Right to Restriction: You can request limited use of your data under specific conditions.
– Right to Data Portability: You can request your data in a structured, commonly used electronic format and transmit it to another controller where technically feasible.
– Right to Object: You have the right to object to processing carried out on the basis of legitimate interest or direct marketing.
To exercise your rights, please contact us at [email protected]. We will respond in accordance with applicable legal requirements.
6. Security Measures
We take data security seriously and implement robust measures to protect your personal data, including:
– Encryption of data in transit and at rest
– Role-based access controls and authentication procedures
– Regular data backups and secure storage
– Employee training on data protection best practices and confidentiality
7. International Transfers
Your information may be transferred to and maintained on servers located outside your country of residence, including to jurisdictions that may not provide the same level of data protection as your own. Where we transfer personal data internationally, we apply appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms under the GDPR.
8. Data Retention
We retain personal data for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, taking into account the nature of the data and legal requirements. In general:
– Usage and Technical Data: Retained for not more than 26 months for analytics and performance monitoring
– Account and Transaction Data: Retained for up to 7 years for accounting and legal compliance
– Communication and Profile Data: Retained for up to 3 years after last contact or interaction
– Preference and Marketing Data: Retained until consent is withdrawn or user unsubscribes
9. Cookie Policy
The Website uses cookies and similar tracking technologies to enhance functionality and collect information. The types of cookies used include:
– Essential Cookies: Necessary for the Website to function (e.g., shopping cart, login sessions)
– Functional Cookies: Remember your preferences to personalize the browsing experience
– Analytics Cookies: Help us understand site performance and visitor behavior (e.g., Google Analytics)
– Performance Cookies: Improve speed, responsiveness, and user interface usability
10. Cookie Management and Compliance
Upon your first visit to tinytinlady.com, you are presented with a cookie consent banner. You have the option to accept all cookies, reject non-essential cookies, or customize your preferences. You may also adjust your cookie settings at any time through your browser or by revisiting the cookie settings on our site.
In compliance with GDPR and CCPA:
– We obtain explicit consent before placing non-essential cookies
– We provide full transparency on cookie purposes and duration
– You may opt out of the sale of personal information under CCPA by contacting us
11. Children’s Privacy
Our Website is not directed to children under the age of 13, and we do not knowingly collect personal data from minors. If we become aware that we have inadvertently received personal data from a child under 13, we will promptly delete such data from our records. Parents or guardians who believe we may have collected data from a minor should contact us at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in legal requirements, operational practices, or technology. When we do, we will revise the notice on our Website so that you are aware of the updates. Continued use of tinytinlady.com after changes constitutes your acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or data access requests in connection with this Privacy Policy or how we manage your personal information, please don’t hesitate to contact us at [email protected].
We are committed to full compliance with the GDPR and CCPA, and we welcome your inquiries regarding our privacy practices.
Thank you for trusting tinytinlady.com with your personal data.