Privacy Policy
1. Introduction
Toffee Blue (“we,” “us,” or “our”) is committed to protecting the privacy and personal data of all users who visit our website, toffeeblue.com (“Website”). We understand the importance of data privacy, and we handle all personal information in accordance with applicable laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy outlines how we collect, use, process, and protect your personal data when you interact with our Website, services, and communications.
2. Scope of This Policy and Data Controller Information
This Privacy Policy applies to all users and visitors of toffeeblue.com. We act as the “data controller” of your personal data as defined under the GDPR. As the data controller, we determine the purposes and means by which your personal data is processed in connection with the operation and management of our Website.
For questions regarding this Policy, you may contact us at:
Email: [email protected]
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data, depending on your interactions with our Website and services.
a) Usage Data
Information about your interaction with the Website, such as IP address, browser type and version, time zone setting, referring URLs, pages viewed, access times, and session durations.
b) Account Data
Information you voluntarily provide when registering or creating an account, including your full name, email address, telephone number, and physical and/or billing address.
c) Profile Data
Details related to your preferences, behaviors, interests, and purchase history on the Website, including saved items and page engagement.
d) Communication Data
Data you provide when contacting us for support, making inquiries, or responding to surveys, such as the content of communications and response history.
e) Technical Data
Device-specific information including operating system, hardware model, unique device identifiers, browser plug-in types and versions, and system diagnostics.
f) Transaction Data
Information related to purchases or orders of goods and services, payment details (processed via third-party secure payment gateways), shipping and delivery addresses, and transaction timestamps.
g) Preference Data
Marketing and communication preferences, such as opt-ins for newsletters, promotional offers, and expressed interests in particular services or product categories.
4. Legal Bases for Processing Personal Data
We only process personal data when there is a lawful basis under applicable data protection laws. These may include:
– Consent: Where you have explicitly consented to our processing activities, such as for marketing communications.
– Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party.
– Legal Obligation: Where we are required to comply with legal obligations.
– Legitimate Interests: Where processing is necessary for our legitimate business purposes, such as to improve the performance and security of our Website or to prevent fraud—provided these are not overridden by your data protection rights.
5. Your Rights Under GDPR and CCPA
Depending on your jurisdiction, you have certain rights regarding your personal data, including but not limited to:
– Access: Obtain confirmation as to whether your personal data is being processed and access the data held.
– Rectification: Request correction of inaccurate or incomplete personal data.
– Erasure: Request deletion of your personal data where it is no longer necessary or you have withdrawn consent.
– Restriction: Request restriction of processing under certain conditions.
– Portability: Receive a copy of your data in a structured, commonly used format or request it be transmitted to another data controller.
– Objection: Under CCPA, you may object to the sale of your personal data. Please note that toffeeblue.com does not sell personal data in exchange for monetary value.
– Non-Discrimination: You will not receive discriminatory treatment for exercising your rights under the CCPA.
To exercise any of the above rights, contact us at [email protected] with your request. Verification steps may be required to ensure your identity before we respond.
6. Security Measures
We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This includes:
– Data encryption at rest and in transit
– Secure payment processing via PCI-DSS compliant providers
– Role-based access controls and multi-factor authentication
– Regular data backups and disaster recovery protocols
– Staff training on data protection and confidentiality practices
Although we take precautions to protect your personal data, no transmission over the Internet or method of electronic storage can be guaranteed to be 100% secure.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside of your jurisdiction. Where such transfers occur, we use appropriate safeguards, including the European Commission’s Standard Contractual Clauses (SCCs), to ensure your data receives adequate protection consistent with this Privacy Policy.
Users from jurisdictions such as the European Union or California can be assured that toffeeblue.com remains committed to full compliance with relevant regional data protection laws and frameworks.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy or to comply with legal and regulatory obligations. Specific retention periods may include:
– Usage and Technical Data: retained for 12 months for performance analytics.
– Account and Profile Data: retained as long as the user maintains an account or up to 24 months after inactivity.
– Transaction Data: retained for 7 years for tax and accounting purposes.
– Communication Data: retained for 3 years for audit and service improvement.
– Marketing and Preference Data: retained until you withdraw consent or opt out.
9. Cookie Policy
Our Website uses cookies and similar technologies to enhance user experience. These include:
– Essential Cookies: Required for basic site functionality and security.
– Functional Cookies: Enable personalization and saved settings.
– Analytics Cookies: Collect information on user behavior for statistical purposes (e.g., Google Analytics).
– Performance Cookies: Measure site usage to improve speed, usability, and responsiveness.
10. Managing Cookies & Compliance with GDPR and CCPA
You can manage your cookie preferences directly via our cookie settings tool, accessible upon first visit and through your browser settings. Under GDPR and CCPA, you have the right to:
– Accept or decline non-essential cookies
– Withdraw consent at any time
– Request access to technical data collected via cookies
Blocking some types of cookies may impact your experience on toffeeblue.com.
11. Children’s Privacy
We are committed to protecting the privacy of children. Our Website and services are not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal information, we will take steps to delete such data without undue delay. If you believe that we may have collected data from or about a child under 13, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes to our data practices, technologies, or legal requirements. We will provide notice of material changes either by posting a prominent notice on toffeeblue.com or by directly notifying registered users via email. Your continued use of the Website after such changes constitutes your acceptance of the updated policy.
13. Contact Us
Toffee Blue welcomes any questions, concerns, or requests relating to this Privacy Policy or your personal data. You may contact us at:
Email: [email protected]
— — —
We are committed to upholding the highest standards of privacy and data protection. If you have concerns regarding our handling of your personal data, please reach out to us directly at the contact above.