Privacy Policy for TootyStore.com
1. Introduction
At TootyStore.com (“we,” “us,” or “our”), your privacy is of paramount importance. We are committed to protecting and respecting your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines the nature of personal data we collect, how we use it, the measures we take to safeguard it, and your rights under law.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to visitors and users (“you” or “your”) of our website, tootystore.com, and any associated services, features, or applications owned and operated by TootyStore.
For all interactions described herein, TootyStore is the data controller responsible for your personal data. Should you have any inquiries concerning our data handling practices, you may contact us at [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data:
a. Usage Data
Includes information about your interactions with tootystore.com, such as browser type, IP address, pages visited, session duration, URLs clicked, and site navigation patterns.
b. Account Data
Collected when you create a customer account or place an order. This includes your full name, billing and shipping addresses, email address, and phone number.
c. Profile Data
Information related to your behavior and activity on our site, including product preferences, purchase history, and account settings.
d. Communication Data
Includes records of your communications with us, such as support tickets, emails, chat logs, and inquiry content submitted via contact forms.
e. Technical Data
Collected through automated means about the device you use to access our website, including hardware specifications, operating system, system language, and browser configurations.
f. Transaction Data
Includes details of products/services purchased, payment method (excluding full payment credentials), transaction status, fulfillment records, and delivery information.
g. Preference Data
Covers your marketing and communication preferences, interest areas, opt-in choices, and consent statuses.
4. Legal Bases for Processing
Under GDPR, we rely on the following lawful bases for processing your personal data:
– Legitimate Interests: Pursuing business interests such as fraud prevention, improving the user experience, and marketing, provided such interests are not overridden by your fundamental rights.
– Contractual Necessity: Processing necessary to fulfill our obligations to you (e.g., fulfilling orders, account management).
– Consent: For situations requiring explicit permission (e.g., marketing communications, cookie use where consent is mandatory).
– Legal Obligation: Where required by applicable law, such as for accounting, taxation, or regulatory compliance.
5. Your Rights
As a data subject, you may exercise the following rights, subject to conditions and limitations under applicable law:
– Right of Access: Request copies of your personal data.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data in certain circumstances.
– Right to Restriction: Request restriction of our processing where legality or accuracy is disputed.
– Right to Data Portability: Receive your data in a structured, machine-readable format and request transfer to another controller.
To exercise any of the above rights, please email us at [email protected].
6. Security Measures
We employ robust technical and organizational safeguards to protect personal information including, but not limited to:
– Data encryption in transit (SSL/TLS) and at rest where appropriate.
– Role-based access controls and authentication mechanisms.
– Secure data storage and routine server monitoring.
– Regular staff training in data protection protocols.
– Periodic vulnerability assessments and incident response plans.
7. International Transfers
Where personal data is transferred outside the European Economic Area (EEA) or your jurisdiction, we ensure appropriate safeguards compliant with GDPR and CCPA. These include Standard Contractual Clauses approved by the European Commission, supplementary measures, and country-specific compliance, ensuring an adequate level of data protection.
8. Data Retention
Your data is retained only for as long as necessary to fulfill the purposes outlined in this policy:
– Usage Data: Up to 24 months.
– Account Data: Retained for the life of your account and for up to 5 years thereafter for compliance and audit purposes.
– Transaction Data: Retained for a minimum of 7 years for tax and legal compliance.
– Communication Data: Retained up to 3 years unless needed for legal documentation.
– Preference and Marketing Data: Retained until consent is withdrawn or up to 2 years post-interaction.
We securely delete or anonymize data upon expiry of retention obligations.
9. Cookie Policy
We use cookies and similar tracking technologies to optimize website functionality and enhance user experience. The categories of cookies we use include:
– Essential Cookies: Required for basic website operation (e.g., login, cart functionality).
– Functional Cookies: Enable site personalization and memory of settings.
– Analytics Cookies: Allow statistical tracking of user behavior to improve site performance.
– Performance Cookies: Monitor the technical effectiveness of site features.
10. Cookie Management and Compliance
In accordance with GDPR and CCPA, users of tootystore.com are provided with transparent cookie notices and consent options. You may manage your cookie preferences via our cookie management tool or by adjusting your browser settings. California residents may opt out of the “sale” of personal data where applicable by emailing [email protected] and specifying your request.
11. Children’s Privacy
We do not knowingly collect personal information from children under the age of 13. If we learn that personal data from someone under this age has been submitted, we will promptly delete such data. Parents or legal guardians who believe that we may have inadvertently collected such data may contact us at [email protected].
12. Policy Updates and User Notifications
We reserve the right to modify this Privacy Policy at any time to reflect legal, regulatory, or operational changes. Where required, we will notify users through the tootystore.com website or by direct communication methods. Continued use of our services following such updates constitutes acceptance of the revised policy.
13. Contact
For questions, concerns, or the exercise of your privacy rights, please contact our Data Protection Team at:
Email: [email protected]
Website: https://www.tootystore.com
We are committed to ensuring full compliance with global data protection standards and encourage users to reach out with any concerns regarding the use of their personal information on tootystore.com.