Privacy Policy for Cocoa Baby
1. Introduction
At Cocoa Baby, accessible at cocoa-baby.com, we are fully committed to protecting and respecting your privacy. We recognize the importance of safeguarding your personal data and ensuring that it is collected, processed, and stored in a secure and transparent manner. This Privacy Policy outlines how we handle your information in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of This Policy and Our Role as Data Controller
This policy applies to all personal data collected and processed through your use of the website cocoa-baby.com, as well as through our customer service, marketing, and commercial activities. Cocoa Baby acts as the data controller for the purposes of applicable data protection laws. As the data controller, Cocoa Baby determines the purpose and means of processing your personal information.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
– Usage Data: Including your IP address, browser type and version, pages visited, time spent on the site, and other diagnostic data about how you interact with cocoa-baby.com.
– Account Data: Information you provide when creating an account, such as your full name, address, email address, and phone number.
– Profile Data: Data related to your preferences, purchase history, and browsing behavior, used to personalize your user experience.
– Communication Data: Records of correspondence with our customer support via email or contact forms, including your messages and inquiry history.
– Technical Data: Device type, operating system, hardware identifiers, browser plug-ins, and system configuration settings.
– Transaction Data: Details of product purchases, delivery addresses, billing information, and payment confirmations.
– Preference Data: Your communications preferences, consent choices, responses to surveys, and interests in particular products or services.
4. Legal Bases for Processing Personal Data
We process your personal data based on the following lawful bases:
– Consent: Where you have explicitly granted us permission to use your personal data, particularly for marketing communications.
– Contractual Necessity: When processing is necessary to perform a contract with you, such as fulfilling orders, managing your account, or providing customer support.
– Legal Obligation: When processing is required to comply with legal or regulatory obligations.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, such as website security, fraud prevention, business analysis, and improving our services—provided these interests are not overridden by your rights.
5. Your Rights Under Data Protection Laws
You have the following rights in relation to your personal data:
– Right of Access: You are entitled to request access to the personal data we hold about you.
– Right to Rectification: You can request that inaccurate or incomplete data be corrected.
– Right to Erasure: You may request that we delete your personal information, subject to certain legal exceptions.
– Right to Restriction: You have the right to restrict the processing of your data under specific conditions.
– Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement robust technical and organizational measures to protect your personal data. These include:
– Encryption of data during transmission and in storage where appropriate.
– Strict access control protocols to authorized personnel only.
– Regular backups and system redundancies to ensure data integrity.
– Staff training on data protection and information security requirements.
7. International Data Transfers
If we transfer your data outside of the European Economic Area (EEA) or California, we ensure that adequate safeguards are in place, such as the use of Standard Contractual Clauses approved by the European Commission or adherence to Privacy Shield frameworks where applicable.
8. Data Retention
We retain your personal data only as long as necessary for the purposes for which it was collected, as required by law, or in accordance with legal retention periods. Specific guidelines include:
– Usage and Technical Data: Retained for up to 12 months for security and analytic purposes.
– Account and Transaction Data: Retained for 7 years after your last transaction in accordance with tax and accounting obligations.
– Communication and Support Data: Retained for up to 3 years from the date of last contact.
– Marketing Preference Data: Retained until you withdraw consent or opt-out.
9. Cookie Policy
Cocoa Baby uses cookies and similar technologies to enhance your browsing experience on cocoa-baby.com. Types of cookies we use include:
– Essential Cookies: Required for core site functionality, such as account login and shopping cart operations.
– Functional Cookies: Used to remember user preferences and provide a tailored experience.
– Analytics Cookies: Help us understand how visitors interact with the website, enabling us to improve usability and performance.
– Performance Cookies: Monitor system performance and improve the reliability of our site.
10. Cookie Management and Compliance with GDPR & CCPA
Upon your first visit to cocoa-baby.com, you will be presented with a cookie consent banner that allows you to accept or decline various types of cookies, in compliance with both GDPR and CCPA standards. You may modify or withdraw your consent at any time using our cookie management tool or through your browser settings.
11. Children’s Privacy
Cocoa Baby does not knowingly collect or solicit personal data from children under the age of 13. If we become aware that a child under 13 has provided us with personal information without parental consent, we will promptly delete such data. If you are a parent or legal guardian and believe that your child has submitted personal information, please contact us at [email protected].
12. Policy Updates and Notification
We may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or our business practices. All updates will be published on cocoa-baby.com. Significant changes will be communicated to you through appropriate channels, such as email or notifications on the website.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: cocoa-baby.com
We are committed to ensuring full compliance with applicable data protection laws and encourage you to reach out with any concerns about your privacy.