Privacy Policy
1. Introduction
At Sarah Rachel (“we,” “us,” or “our”), accessible via sarah-rachel.com, we are committed to protecting and respecting your privacy. We recognize the importance of safeguarding personal data and are dedicated to ensuring that the collection, processing, use, and protection of such data are handled in a lawful, transparent, and secure manner. This Privacy Policy is designed to inform you about the types of personal data we collect, the legal bases for processing it, your rights as a user, and how we protect your information in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of sarah-rachel.com and governs the handling of personal information collected through our website, services, and interactions. For the purposes of EU data protection law, Sarah Rachel is the “data controller” of your personal data.
By using sarah-rachel.com, you acknowledge and agree to the collection and use of information in accordance with this policy.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
Information automatically collected when you visit sarah-rachel.com, including IP address, browser type and version, operating system, referral source, page views, and general usage patterns.
b. Account Data
Information provided during account creation or purchase, such as full name, email address, billing/shipping address, and telephone number.
c. Profile Data
Data relating to user interests, purchase histories, saved items, site behavior, wishlists, ratings, or comments left on the site.
d. Communication Data
This includes any communications you send us, including emails, feedback, support chat logs, and customer service interactions.
e. Technical Data
Device identifiers, operating system type, browser plug-ins, time zone settings, and other diagnostic data collected from your device.
f. Transaction Data
Details regarding purchases made on the site, including payment method (partial card info), delivery address, order history, and invoices.
g. Preference Data
User consents for marketing communications, product preferences, language settings, and opt-in preferences.
4. Legal Bases for Processing
We process your personal data in accordance with the following legal bases under the GDPR:
– Consent: Where you have explicitly consented to the use of your data (e.g., marketing communications).
– Contractual Necessity: For performing a contract with you or to take steps at your request before entering into a contract.
– Legitimate Interests: To improve our products/services, conduct marketing, detect fraud, and ensure the security and functionality of sarah-rachel.com.
– Legal Obligation: For compliance with applicable legal and regulatory requirements.
Under the CCPA, we do not sell personal information and provide the same protection to all users regardless of geography.
5. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
– Right of Access: You may request confirmation of whether we process your data and request a copy.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your data when it is no longer necessary or where permitted by law.
– Right to Restrict Processing: You may request restrictions on processing under certain conditions.
– Right to Data Portability: You may request a copy of your data in a structured, machine-readable format to transfer to another provider.
– Right to Object: You may object to processing carried out under legitimate interest or for direct marketing purposes.
– Right to Withdraw Consent: Where consent is our legal basis, you may withdraw it at any time without affecting prior processing.
These rights may be exercised by contacting us at [email protected]. We will verify and accommodate requests in accordance with applicable data protection law.
6. Security Measures
We implement a range of technical and organizational security measures designed to protect your data, including:
– Secure Sockets Layer (SSL) encryption on all transmitted data
– Role-based access controls and password protection
– Regular security audits and vulnerability patches
– Secure cloud data storage with redundancy and real-time backups
– Staff training on data privacy and breach mitigation
7. International Transfers
Your personal data may be transferred to, and processed in, countries outside of your jurisdiction, including the United States. Where personal data is transferred internationally, we ensure an adequate level of protection is applied through:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Appropriate safeguards and compliance mechanisms required under GDPR and other regulations
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined above. Specific retention periods include:
– Account Data: Maintained for the duration of your account and up to 7 years after closure to comply with legal obligations
– Transaction Data: Retained for 7 years for tax and auditing purposes
– Communication Data: Stored for 2 years following resolution of an inquiry
– Preference and Marketing Data: Maintained until you revoke consent or opt out
– Usage and Technical Data: Stored pseudonymously for analytics for up to 2 years
9. Cookie Policy
We use cookies and similar technologies on sarah-rachel.com to enhance your experience. Cookies may be classified as follows:
– Essential Cookies: Required for site functionality, login, and transactions
– Functional Cookies: To remember your preferences and enhance personalization
– Analytics Cookies: To collect data about website usage for improvements and reporting
– Performance Cookies: To optimize speed, load balancing, and user interactions
These cookies may be first-party (set by sarah-rachel.com) or third-party (set by external services such as Google Analytics).
10. Cookie Management and Legal Compliance
Upon first visit, you will be presented with a cookie consent banner allowing you to accept, decline, or customize your cookie preferences. You may also manage cookies through your browser settings or via the consent manager on sarah-rachel.com.
We comply with GDPR by obtaining lawful consent prior to placing cookies (except essential ones) and offer users the ability to withdraw or modify consent at any time.
In accordance with the CCPA, we do not sell your personal information and offer a “Do Not Sell My Personal Information” mechanism where applicable.
11. Children’s Privacy
We do not knowingly collect or process personal data from children under the age of 13. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at [email protected]. We will immediately delete such data in accordance with our legal obligations.
12. Policy Updates
We may update this Privacy Policy from time to time. Material changes will be communicated clearly through the website or, where appropriate, via email using the contact information provided. Continued use of sarah-rachel.com following any changes indicates your acceptance of the revised policy.
13. Contact
For any inquiries, requests, or concerns related to your personal data or this Privacy Policy, please contact us at:
Sarah Rachel
Email: [email protected]
We are committed to full compliance with applicable privacy legislation and invite you to reach out at any time with privacy-related concerns or to exercise your rights as described above.