PRIVACY POLICY
At Wellness Wallflower (wellnesswallflower.com), we are firmly committed to safeguarding your personal data and respecting your privacy rights. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you access or interact with our website. We prioritize transparency, security, and your control over personal data, in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. INTRODUCTION
Wellness Wallflower values your trust and is dedicated to securing your personal information. We ensure that your data is handled lawfully, fairly, and transparently, and processed only for explicit purposes. This Privacy Policy explains your rights and our obligations relating to your personal information, and how we protect both.
2. SCOPE OF POLICY AND DATA CONTROLLER ROLE
This Privacy Policy applies to all personal data processed via our website, wellnesswallflower.com. Wellness Wallflower is the data controller responsible for your personal data under this Policy, meaning we determine the purposes and means of processing your information. If you have any questions about how we manage your data, please contact us at [email protected].
3. CATEGORIES OF PERSONAL DATA PROCESSED
We may process the following categories of personal data when you interact with wellnesswallflower.com:
A. Usage Data
Information about how you use our website, including IP addresses, browser types, pages visited, session durations, navigation paths, clickstream data, time zone settings, and referring URLs.
B. Account Data
Information provided when registering an account, such as your full name, email address, mailing address, and contact phone number.
C. Profile Data
Information derived from your activity on wellnesswallflower.com, including purchase history, browsing behavior, saved items, preferences, and interests.
D. Communication Data
Records of correspondence if you contact us directly, including support inquiries, feedback, and other information provided through our contact forms or via email.
E. Technical Data
Details about the devices you use to access our site, including device model, operating system, browser type, screen resolution, language settings, and system timezone.
F. Transaction Data
Data related to purchases made on our website, including billing and shipping addresses, order details, payment confirmation (note: we do not store full payment card information), and delivery tracking.
G. Preference Data
Your indicated preferences relating to email marketing communications, product recommendations, and consent status.
4. LEGAL BASES FOR PROCESSING
We process your personal data only when permitted by law. The legal bases include:
– Consent: Where you have explicitly agreed to our use of your personal information for specific purposes, such as email marketing.
– Contractual Necessity: Where processing is necessary to fulfill a contract with you, including order processing and account management.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, provided those interests are not overridden by your fundamental rights.
– Legal Obligation: Where we are bound to comply with a legal duty, such as safeguarding payment transactions or responding to lawful requests by public authorities.
5. YOUR RIGHTS UNDER GDPR & CCPA
You are entitled to exercise the following rights in accordance with applicable privacy laws:
– Right of Access: You have the right to request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your personal data where legally permissible.
– Right to Restriction: You may ask us to restrict processing of your personal data in limited circumstances.
– Right to Data Portability: You may request a copy of your personal data in a structured, common format and transmit it to another controller.
– Right to Object / Opt-out: You may oppose processing of your personal data based on our legitimate interests or for direct marketing purposes.
– Right Not to Be Discriminated Against: Under CCPA, we will not discriminate against you for exercising your privacy rights.
To exercise your rights, please contact us directly at [email protected].
6. SECURITY MEASURES
We implement appropriate technical and organizational controls to protect your data from unauthorized access, disclosure, alteration, or destruction. Measures include:
– End-to-end encryption of data transmissions (TLS)
– Robust authentication and access control protocols
– Regular backups and disaster recovery testing
– Staff training in data privacy and security best practices
While we strive to maintain secure systems, no data transmission or storage can be guaranteed to be 100% secure.
7. INTERNATIONAL TRANSFERS
Where necessary, your personal data may be transferred to countries outside your jurisdiction, including the United States, where data protection laws may differ. In such cases, we use approved mechanisms, such as Standard Contractual Clauses (SCCs), to safeguard your data and ensure compliance with applicable privacy regulations.
8. DATA RETENTION
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, including:
– Account data: retained for the life of your account or until you request deletion.
– Transaction data: retained for up to 7 years for tax, legal, and warranty purposes.
– Communication and support data: retained for up to 3 years from the date of last contact.
– Technical and usage data: retained for up to 2 years to improve usability and resolve issues.
– Marketing and preference data: retained until you opt out.
Upon expiry of the applicable retention period, your data is securely deleted or anonymized.
9. COOKIE POLICY
Our website uses cookies to enhance your experience. Cookies are small files placed on your device to improve site functionality and analyze traffic. The cookies we use fall into the following categories:
– Essential Cookies: Necessary for core site functionality, such as login and account access.
– Functional Cookies: Allow the site to remember your preferences and selections.
– Analytics Cookies: Help us understand how users interact with our site (e.g., page views, session length).
– Performance Cookies: Improve site responsiveness and error management.
10. COOKIE MANAGEMENT & COMPLIANCE
By using our site, you consent to the use of cookies in accordance with this policy, unless you disable cookies via your browser settings or our cookie banner options. We adhere to GDPR and CCPA requirements for cookie usage:
– Visitors can opt in or out of non-essential cookies.
– A cookie consent banner is displayed upon site entry.
– Preferences can be modified at any time through our ‘Cookie Preferences’ panel.
11. CHILDREN’S PRIVACY
Our website is not directed toward children under the age of 13, and we do not knowingly collect personal information from children. If you believe that a child has provided us with personal data, please contact us at [email protected], and we will promptly delete such information.
12. POLICY UPDATES
We may update this Privacy Policy periodically, in response to evolving legal, technical, or business developments. Updated versions will be posted on our website, and where material changes are made, we may provide notification through prominent notices or direct communication.
13. CONTACT US
If you have any questions about this Privacy Policy or wish to exercise your data rights, please reach out to us:
Email: [email protected]
Website: https://wellnesswallflower.com
We remain committed to full compliance with all applicable data protection laws and to maintaining your trust through responsible data stewardship.