Privacy Policy for Sweet Pea Bakery
Sweet Pea Bakery (“we,” “us,” or “our”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website sweetpeabakerync.com. We are dedicated to maintaining the privacy and trust of our customers by employing the highest standards of data protection in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
At Sweet Pea Bakery, your privacy is a priority. We are fully committed to handling your personal data responsibly, transparently, and securely. This Privacy Policy outlines how we process your personal data when you interact with our website, purchase our products, contact us, or otherwise engage with our services.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to your interactions with our website sweetpeabakerync.com and to any personal information collected through related services and communications. Sweet Pea Bakery is the data controller responsible for your personal data, determining the purposes and means of processing in accordance with data protection regulations.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Includes information about how you browse and use our website, such as your IP address, browser type, referring/exit pages, visit duration, and interaction behavior.
b. Account Data
Includes your name, billing and delivery address, email address, and phone number provided when you create an account, place an order, or subscribe to our services.
c. Profile Data
Includes your preferences, purchase history, product interests, and behavioral insights gathered through your interactions on sweetpeabakerync.com.
d. Communication Data
Includes records of your correspondence with us, such as inquiries and support tickets submitted via our contact forms or email addresses.
e. Technical Data
Includes information about the device you use to access our website, such as operating system, hardware model, browser settings, mobile network information, and other system configurations.
f. Transaction Data
Includes payment confirmations, partial or complete purchase transactions, billing status, and delivery information.
g. Preference Data
Includes your consents for marketing communications, subscription preferences, and responses to promotional offerings.
4. Legal Bases for Processing Personal Data
We process your personal data pursuant to the following legal bases as permitted under the GDPR:
– Consent: When you have given us explicit permission to process your information (e.g., subscribing to newsletters).
– Contract Performance: Where processing is necessary to fulfill a contract with you (e.g., completing an order).
– Legal Obligation: For compliance with our legal and regulatory obligations.
– Legitimate Interests: Where necessary for our legitimate business interests, provided these interests do not override your rights (e.g., to prevent fraud, improve user experience).
Under the CCPA, we do not sell your personal information and only use your data for business purposes allowable under the law.
5. Your Data Protection Rights
You may exercise the following rights concerning your personal information:
– Right of Access: Request access to your personal data and information on how it is processed.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data where legally applicable.
– Right to Restrict Processing: Request suspension of data processing where appropriate.
– Right to Data Portability: Request that your data be transferred to another organization or directly to you in a structured format.
To exercise these rights, you may contact us at [email protected].
6. Security Measures
We implement a series of organizational and technical measures to safeguard your personal data, including:
– Data encryption during transmission and storage to prevent unauthorized access.
– Access controls and authentication procedures to restrict personnel access to customer information.
– Regular security audits and software security updates.
– Employee training and awareness programs to ensure data confidentiality and best practices.
– Scheduled data backups and secure off-site storage for recovery purposes.
7. International Data Transfers
To provide you our services, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or outside California, where data protection laws may differ. These transfers occur only where appropriate safeguards exist, such as approved Standard Contractual Clauses or other lawful mechanisms ensuring an equivalent level of data protection.
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this policy, in accordance with legal, regulatory, and operational requirements. Retention periods include:
– Usage Data: retained up to 12 months for analytics purposes.
– Account and Profile Data: retained for the duration of the customer relationship and up to 7 years thereafter for legal compliance.
– Communication Data: retained for 2 years for follow-up and quality assurance.
– Transaction Data: retained for up to 7 years as required by tax and accounting laws.
– Preference Data: retained until you amend your consents or opt-out.
9. Cookie Policy
Our website uses cookies to enhance your browsing experience. Cookies fall into the following categories:
– Essential Cookies: Required for website functionality, such as session maintenance and cart management.
– Functional Cookies: Enhance usability, such as storing your preferences and region.
– Analytics Cookies: Help us understand visitor usage patterns (e.g., via Google Analytics).
– Performance Cookies: Measure and improve the performance of our site.
These cookies do not collect personally identifiable information unless explicitly provided by the user.
10. Cookie Management & Compliance
You can manage your cookie preferences at any time via your browser settings or by accessing the cookie settings banner upon entering our site. In compliance with GDPR and CCPA, you have the right to opt-in or opt-out of non-essential cookies. By continuing to use sweetpeabakerync.com with cookies enabled, you consent to their usage as disclosed in this policy.
11. Children Under 13
We do not knowingly collect or solicit personal information from children under the age of 13. If we become aware that we have inadvertently collected data from a child without verified parental consent, we will take immediate steps to delete such information from our records. Parents or guardians who believe we may have collected such information are encouraged to contact us at [email protected].
12. Policy Updates & User Notification
We may update this Privacy Policy from time to time to reflect changes in regulations, technology, or our business practices. Substantive changes will be communicated through notices on sweetpeabakerync.com or direct communication, where appropriate. Continued use of our services indicates your acceptance of any policy updates in effect at that time.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy, or wish to exercise any of your legal rights, you may contact us via:
Sweet Pea Bakery
Email: [email protected]
We are committed to upholding your privacy rights and ensuring transparent, secure, and lawful data handling practices in compliance with GDPR, CCPA, and other relevant privacy frameworks.