Privacy Policy
At Sugalumps.com, we recognize the fundamental importance of safeguarding your personal data. We are fully committed to protecting the privacy, confidentiality, and security of the personal information you provide to us. This Privacy Policy outlines how we collect, use, process, and protect your data in compliance with applicable legislation, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We maintain a privacy-first approach, ensuring that your trust is preserved in all interactions with our services.
1. Commitment to Privacy and Data Protection
Sugalumps.com values transparency and integrity in how we manage personal data. We handle all personal information in accordance with applicable laws and good industry practices to ensure your data remains private, secure, and only used in ways that are fair and lawful. This policy outlines your rights and our responsibilities in relation to the processing of your personal data.
2. Scope and Role of the Data Controller
This Privacy Policy applies to all personal information collected through your use of sugalumps.com, our services, and related platforms. For the purposes of data protection regulation, Sugalumps.com is the “data controller” with respect to the personal data you provide. This means we determine the purposes and means of processing your personal data.
3. Categories of Data Processed
We may collect, process, store, and transfer the following categories of personal data depending on your interaction with our services:
a. Usage Data
We automatically collect certain usage information when you interact with the site. This includes internet protocol (IP) addresses, browser type and version, operating system, referring URLs, pages visited, session duration, and other diagnostic data.
b. Account Data
If you create an account, we may process your name, shipping and billing address, email address, telephone number, and login credentials.
c. Profile Data
Profile data includes your purchase history, saved preferences, product interests, account behavior, and wish list items.
d. Communication Data
We keep a record of communications you have with us, including support tickets, inquiries, feedback, and correspondence history.
e. Technical Data
This refers to device specifications, connection type, screen resolution, timezone settings, and system configurations derived from your interaction with the site.
f. Transaction Data
We process data related to payments and purchases, such as billing details, transaction history, order information, and delivery address.
g. Preference Data
This includes your preferences concerning marketing communications, product categories, and promotional offers you opt into.
4. Legal Bases for Processing
Under the GDPR, we rely on the following legal bases to lawfully collect and process your data:
– Performance of a Contract: When processing is necessary to fulfill a contract with you, such as fulfilling orders or providing account services.
– Consent: When required, we rely on your explicit consent to send marketing communications or place certain cookies. You can withdraw your consent at any time.
– Legitimate Interests: When processing is based on our legitimate commercial interests, such as improving user experience, fraud prevention, and direct marketing, provided these interests do not override your fundamental rights.
– Legal Obligations: When processing is necessary to comply with applicable legal or regulatory requirements.
5. Your Rights
As a data subject, you have the following rights under data protection law:
– Right of Access: You may request a copy of your personal data we hold.
– Right to Rectification: You are entitled to correct or update inaccurate or incomplete data.
– Right to Erasure: Also known as the “right to be forgotten,” you may request we delete your personal data where legally permissible.
– Right to Restrict Processing: You may request the limitation of data processing in certain circumstances.
– Right to Data Portability: You can request a structured, machine-readable copy of your personal data, or ask us to transfer it to a third party.
– Right to Object: You may object to processing relying on our legitimate interest or direct marketing at any time.
To exercise any of these rights, please contact us using the details provided in Section 13.
6. Security Measures
We implement and maintain appropriate technical and organizational security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These include, but are not limited to:
– Use of TLS/SSL encryption for all transmissions
– Role-based access control and two-factor authentication (2FA)
– Hardened systems and regular security patching
– Nightly backups with secure storage
– Staff training on cybersecurity and data protection practices
7. International Transfers
When transferring data outside of the European Economic Area (EEA) or similarly regulated jurisdictions, we use standard contractual clauses or rely on regulatory frameworks that provide adequate protection. Your data will be handled in accordance with this policy regardless of where it is processed.
8. Data Retention
We only retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting obligations. Specifically:
– Usage and Technical Data: up to 24 months
– Account and Profile Data: for the duration of the account plus 36 months post-deletion
– Communication Data: up to 36 months
– Transaction and Financial Records: retained for up to 7 years to meet tax and regulatory obligations
– Preference and Marketing Data: retained until consent is withdrawn or preferences are reset
9. Cookie Policy
Cookies are small data files stored on your device that allow us to understand user behavior, personalize experiences, and ensure proper site functionality. Sugalumps.com uses the following categories of cookies:
– Essential Cookies: These are necessary for the website to function and cannot be switched off.
– Functional Cookies: Enable enhanced features such as remembered login credentials or localization.
– Analytics Cookies: Help us understand site interaction, traffic patterns, and user engagement, commonly through services such as Google Analytics.
– Performance Cookies: Optimize website speed, load time, and responsiveness based on user interaction.
10. Cookie Management and Compliance
Upon your first visit to sugalumps.com, you are presented with a cookie banner allowing you to set granular cookie preferences. You have the right to withdraw consent at any time by adjusting your browser settings or using site-provided cookie management tools. We comply with all GDPR and CCPA requirements concerning cookie consent, usage, and opt-out mechanisms.
For California residents, we honor requests to opt out of the “sale” of personal data and provide a clearly visible “Do Not Sell My Personal Information” link in applicable contexts.
11. Children’s Privacy
Sugalumps.com is not directed to, nor does it knowingly collect data from, children under the age of 13. If we learn that we have inadvertently received personal data from a child without verifiable parental consent, we will delete such data from our records promptly.
12. Policy Updates and Notifications
We reserve the right to amend this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. Any material changes will be communicated via an appropriate mechanism—such as onsite notifications, account messaging, or email alerts—prior to their implementation, as required by law.
13. Contact Information
If you have any questions about this Privacy Policy, your personal data, or wish to exercise any data protection rights, you may contact us at:
Email: [email protected]
We are dedicated to maintaining compliance with all applicable privacy laws and ensuring your personal data is treated with the highest level of care. Please do not hesitate to reach out with any questions or concerns regarding your privacy or our data practices.