Privacy Policy
1. Introduction
At Toffee Blue, we are committed to protecting and respecting your privacy. This Privacy Policy outlines how personal data is collected, used, stored, and shared when you interact with our services on toffeeblue.com. We understand the importance of safeguarding your information and are dedicated to maintaining the confidentiality, integrity, and security of your personal data in full compliance with applicable privacy laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
2. Scope of This Policy and Data Controller
This Privacy Policy applies to the use of our website, services, and any functions offered through toffeeblue.com. Toffee Blue acts as the data controller for the personal data processed in connection with its services. This means we are responsible for determining the means and purposes of processing your personal data.
3. Categories of Data We Process
We collect and process a variety of data depending on how you interact with us. The categories of personal data we may process include:
– Usage Data: This includes data about how you interact with toffeeblue.com, such as browser type, IP address, timestamps, access logs, referring websites, and session duration.
– Account Data: Information you provide when creating an account or making a purchase, such as your full name, billing and shipping address, email address, and telephone number.
– Profile Data: Preferences, purchase history, browsing behavior, wishlists, and saved items that help us personalize your experience.
– Communication Data: Any emails or messages sent to and from us, including support inquiries, feedback, and records of correspondence.
– Technical Data: Device identifiers, system configuration details, operating system version, language preferences, and browser settings.
– Transaction Data: Information relating to orders placed, payment details (excluding full payment card numbers, which are securely handled by our payment provider), shipping information, and order fulfillment.
– Preference Data: Your responses to optional surveys, product interest indications, marketing and cookie preferences, and consents to communications.
4. Legal Bases for Processing
We process your personal data only when we have a valid legal basis under applicable privacy laws. These bases include:
– Consent: Where you have provided your voluntary, specific, informed, and unambiguous consent for processing, such as for newsletter sign-ups or agreeing to cookies.
– Contractual Necessity: Where data processing is necessary to perform a contract to which you are a party—e.g., fulfilling product orders and providing related services.
– Legal Obligation: Where we are required to comply with applicable legal or regulatory obligations.
– Legitimate Interests: Where we have a legitimate business reason to process your personal data, provided that such interests are not overridden by your rights and interests. These include fraud prevention, service improvement, and internal analytics.
5. Your Rights
Under the GDPR and CCPA (as applicable), you have the following rights concerning your personal data:
– Right of Access: Obtain confirmation about whether we process your personal data and access to copies of that data.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure (Right to be Forgotten): Request deletion of your personal data where there is no lawful reason for us to retain it.
– Right to Restriction: Request the restriction or suppression of the processing of your personal data under certain circumstances.
– Right to Data Portability: Obtain a copy of your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, transmit that data to another controller.
– Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
For users in California, you may additionally:
– Opt-out of data sales (note: Toffee Blue does not sell your personal data).
– Request a record of data collected, disclosed, or shared in the past twelve months.
You may exercise your rights by contacting us at [email protected]. We will respond in accordance with applicable laws and may require verification of your identity.
6. Security Measures
The security of your data is of paramount importance to us. We implement a range of technical and organizational safeguards to protect your personal data, including:
– Encryption of data in transit via HTTPS/TLS protocols;
– Restricted access to personal data on a need-to-know basis;
– Regular data backups and secure storage protocols;
– Staff training on privacy compliance and data protection practices.
7. International Data Transfers
Toffee Blue may transfer and store your data outside of your country of residence, including to jurisdictions that may not afford the same level of data protection. Where such transfers occur, we implement appropriate safeguards, such as the use of Standard Contractual Clauses approved by the European Commission, or other legally recognized mechanisms, to ensure your data remains protected in compliance with GDPR and CCPA requirements.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Retention periods vary by data type:
– Account and Transaction Data: Retained for up to 7 years in compliance with tax and contractual obligations.
– Usage Data and Technical Data: Retained for 12 months for analytics and performance monitoring.
– Communication and Support Records: Retained for up to 3 years unless required for longer by legal proceedings.
– Marketing and Preference Data: Retained for as long as marketing consent remains valid or until you opt-out.
9. Cookie Policy
Toffee Blue uses cookies and similar technologies to enhance your experience on toffeeblue.com. Cookies help us:
– Ensure website functionality (essential cookies);
– Remember your preferences and settings (functional cookies);
– Analyze site performance and usage (analytics cookies);
– Improve website efficiency and detect issues (performance cookies).
You can find more details about the specific cookies we use in our Cookie Declaration, available on toffeeblue.com.
10. Cookie Management and Compliance
In accordance with GDPR and CCPA, we provide you with clear choices regarding the use of cookies. On your first visit, and periodically thereafter, you will have the ability to provide or withdraw consent using our cookie management tool. You may also control cookie behavior directly through your browser settings. Disabling certain cookies may affect website performance or function.
11. Children’s Privacy
Toffee Blue does not knowingly collect or solicit personal data from children under the age of 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such data. Parents and guardians who discover that a child has submitted data to toffeeblue.com are encouraged to contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to update this Privacy Policy as necessary to reflect changes in our practices, technologies, legal obligations, or other factors. Any changes will be published on toffeeblue.com, and where appropriate, you will be notified either through the website or via email.
13. Contact
If you have any questions, concerns, or requests relating to this Privacy Policy or our data processing practices, please contact us at:
Email: [email protected]
We take your privacy seriously and are committed to transparency, accountability, and fulfilling our obligations under GDPR, CCPA, and any other applicable data privacy regulations. Thank you for trusting Toffee Blue.