Privacy Policy for The Cupcake Counter
1. Introduction
At The Cupcake Counter, accessible via thecupcakecounter.com, we are committed to protecting your privacy and safeguarding your personal data. We recognize the importance of transparency and accountability in managing and processing user data. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in accordance with applicable data protection regulations, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We prioritize privacy as a fundamental right and apply privacy-by-design principles throughout our operations.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users and visitors of thecupcakecounter.com and governs the processing of personal data collected through our website, services, and communications. For GDPR purposes, The Cupcake Counter is the data controller responsible for the processing of your personal data. If you are located in the EEA, the entity determining the purposes and means of processing your personal data is The Cupcake Counter.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data: Includes data about how you use thecupcakecounter.com, such as your browser type, IP address, browsing behavior, session duration, and referring URLs.
b. Account Data: Includes information voluntarily provided when you create an account, such as your full name, mailing address, email address, and telephone number.
c. Profile Data: Includes preferences, order history, product selections, and behavioral data associated with your interactions with us.
d. Communication Data: Includes customer service correspondence, support requests, submitted inquiries, and other communications exchanged with us through email or forms.
e. Technical Data: Includes device identifiers, operating system details, language settings, and system configuration data collected through automated means.
f. Transaction Data: Includes payment information (processed via third-party payment processors), delivery address, billing details, and order confirmations.
g. Preference Data: Includes your selections regarding marketing communications, product categories of interest, and subscription settings.
4. Legal Bases for Processing
We process personal data only where a lawful basis under applicable law permits. These include:
– Consent: When you explicitly agree to the processing of your data, such as when opting in to marketing communications.
– Performance of a Contract: To fulfill orders, provide customer support, or maintain your user account.
– Legal Obligation: To comply with laws and regulatory requirements.
– Legitimate Interests: To analyze usage behavior, optimize website functionality, prevent fraud, and improve customer service, provided such interests are not overridden by your rights and freedoms.
5. Your Rights
Pursuant to GDPR and CCPA, you may exercise the following rights:
– Right of Access: Obtain access to your personal data held by us.
– Right to Rectification: Correct or update inaccurate or incomplete personal data.
– Right to Erasure: Request the deletion of your personal data where legally applicable.
– Right to Restriction: Request restricted processing of your data under certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.
– Right to Object: Opt out of certain uses of your data, including direct marketing.
– Right to Non-Discrimination (CCPA): You will not be penalized or discriminated against for exercising any of your privacy rights.
To exercise any of these rights, you may contact us via [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to protect your data, including:
– Encryption of sensitive data during transmission and storage.
– Role-based access controls and authentication practices to limit unauthorized access.
– Routine data backups and disaster recovery protocols.
– Privacy and security training for staff with access to personal data.
7. International Data Transfers
When transferring personal data outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission and other legally accepted mechanisms under GDPR and comparable CCPA requirements.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required by law. Some specific retention periods include:
– Account Data: Retained for the duration of your account and up to five years after closure.
– Transaction Data: Retained for up to seven years for financial and tax compliance purposes.
– Communication Data: Retained for three years from the date of last contact.
– Preference Data: Retained until you update or revoke your preferences.
When data is no longer necessary, it is securely deleted or anonymized.
9. Cookie Policy
thecupcakecounter.com uses cookies and similar tracking technologies to enhance your browsing experience. Cookies may be categorized as:
– Essential Cookies: Necessary for website functionality, such as logging in and processing payments.
– Functional Cookies: Enable enhanced performance, such as remembering language preferences.
– Analytical Cookies: Collect anonymous data for traffic monitoring and usage trends.
– Performance Cookies: Used to improve website performance and user experience.
10. Cookie Management and GDPR/CCPA Compliance
You may manage cookie preferences through your browser settings or through cookie consent tools presented upon visiting thecupcakecounter.com. Where required by law, we seek your prior consent before placing or accessing non-essential cookies on your device. You may revoke your cookie consent at any time.
California residents may also employ “Do Not Track” mechanisms or utilize authorized agents to make data-related requests as provided for under the CCPA.
11. Children’s Privacy
Our services are not directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13. If you believe that a child has provided personal data without appropriate consent, please contact us at [email protected] so we may take appropriate action, including deletion of such data.
12. Policy Updates and Notifications
We may update this Privacy Policy from time to time to reflect changes in practices, technologies, legal requirements, or other operational reasons. Revisions will be made without prior notice unless a material change that affects your rights is involved, in which case appropriate notifications will be made via thecupcakecounter.com or by direct communication where applicable.
13. Contact Us
If you have any questions, concerns, or wish to exercise your privacy rights, please contact us at:
Email: [email protected]
Website: thecupcakecounter.com
We are fully committed to maintaining a high standard of privacy compliance, and we welcome your inquiries or feedback regarding how we handle your personal data.