Privacy Policy
At Sweet Pea Bakery (“Company”, “we”, “our”, or “us”), accessible via sweetpeabakerync.com, we are committed to protecting your personal data and respecting your privacy rights. This Privacy Policy outlines how we collect, use, store, and disclose your personal data in connection with your use of our website and services. Our approach to privacy is based on transparency, fairness, and strict compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data that we collect and process through our website, sweetpeabakerync.com, and any related services. For purposes of data protection laws, Sweet Pea Bakery is the data controller of your personal information. If you have any questions about your data or this policy, you can contact us at [email protected].
2. Categories of Data Processed
We process the following categories of personal data:
a. Usage Data
We collect data about how you interact with our website, including IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, pages visited, and session duration. This information helps us improve the functionality and performance of sweetpeabakerync.com.
b. Account Data
If you create an account or place an order, we may collect your full name, email address, phone number, billing and shipping address, and other identifiers associated with your user profile.
c. Profile Data
We may collect data on your preferences, order history, product interests, and interaction behavior to personalize your experience on our platform.
d. Communication Data
We keep records of any communications with you, including support requests, email correspondence, customer feedback, and inquiries submitted via our website or email.
e. Technical Data
Device-specific information, such as device type, operating system, screen resolution, language settings, and system configurations, is automatically collected to ensure optimal display and functionality of our site.
f. Transaction Data
Transaction details, including order information, payment method (but not card numbers), purchase dates, and delivery address, are collected for order fulfillment and regulatory compliance.
g. Preference Data
We track marketing and communication preferences, such as newsletter opt-ins, SMS consent, and product categories of interest, when provided voluntarily.
3. Legal Bases for Processing
We rely on the following legal bases to process your data:
– Contractual Necessity: To fulfill orders, process payments, and deliver requested services.
– Legitimate Interests: To maintain the security and performance of our website, analyze user behavior, respond to inquiries, and prevent fraud.
– Consent: For marketing communications, cookie storage, and certain profiling activities where consent is legally required.
– Legal Obligation: Where necessary for compliance with legal, regulatory, or tax obligations.
4. Your Rights
In accordance with GDPR and CCPA, you possess the following rights over your personal data:
– Right to Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your data, subject to certain legal or contractual obligations.
– Right to Restriction: You may limit processing of your data in specific circumstances.
– Right to Data Portability: You may obtain a copy of your data in a transferable format.
– Right to Object: You may object to data processing based on our legitimate interests.
– Right to Non-Discrimination: Under CCPA, we will not discriminate against you for exercising any of your privacy rights.
To exercise these rights, please submit your request to [email protected].
5. Security Measures
We implement a multi-layered approach to data security, including:
– Encryption of data in transit (SSL/TLS) and at rest
– Access control systems and permission-based access to personal data
– Regular security audits and vulnerability assessments
– Secure backup and redundancy systems
– Staff training on data protection best practices and confidentiality protocols
While we take data security seriously, no system is impervious to risk. Users should take independent measures to secure their devices and login credentials.
6. International Transfers
Your information may be transferred to, and maintained on, servers located outside of your jurisdiction. Where personal data is transferred outside the European Economic Area (EEA) or other regulated areas, we ensure such transfers are protected by appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or similar valid legal mechanisms.
7. Data Retention
We retain personal data for only as long as necessary to fulfill the purposes for which it was collected:
– Usage and Technical Data: up to 24 months
– Account, Profile, and Transaction Data: for a duration of 7 years for tax and legal purposes
– Communication Data: up to 2 years from the date of last contact
– Preference Data: until consent is withdrawn or 3 years after last interaction, whichever is earlier
We will securely delete or anonymize personal data after its retention period expires.
8. Cookie Policy
We use cookies and similar technologies to improve your experience on sweetpeabakerync.com. These serve the following purposes:
– Essential Cookies: Required for basic functionality, such as navigation and access to secure areas
– Functional Cookies: Enable personalization, language preferences, and remembered user settings
– Analytics Cookies: Help us understand how users interact with our services via tools such as Google Analytics
– Performance Cookies: Monitor site uptime, page load speeds, and error tracking
You can view a detailed list of cookies used by contacting us at [email protected].
9. Cookie Management and Compliance
Upon first use of sweetpeabakerync.com, you are presented with a cookie banner allowing you to manage cookie preferences in compliance with GDPR and CCPA. You may adjust these preferences at any time through your browser settings or using the “Cookie Settings” link available on our website footer.
Users located in the United States may also opt out of certain types of data-selling practices under CCPA, though we do not “sell” personal data within the meaning of CCPA.
10. Protection of Children
Our services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13 years of age. If we become aware that we have inadvertently collected data from a child under 13, we will take immediate steps to delete such data. Parents or legal guardians who believe their child may have submitted information to us can contact us at [email protected].
11. Policy Updates
We reserve the right to revise this Privacy Policy at our discretion. Any material changes to this policy will be reflected on this page. Where legally required or where we make significant changes, we will notify you through appropriate means, which may include email or an announcement on sweetpeabakerync.com.
12. Contact Us
If you have questions, concerns, or wish to exercise your privacy rights, please reach out to us via email at:
13. Compliance Statement
Sweet Pea Bakery is committed to respecting your rights and complying with applicable privacy laws, including GDPR and CCPA. We invite you to reach out with any privacy-related inquiries, and we will respond promptly in accordance with regulatory guidance and our obligations.