Privacy Policy for Myles Made Candles
1. Introduction
At Myles Made Candles, we are firmly committed to protecting your privacy and ensuring the security of your personal data. We understand the importance of data protection and take our legal obligations under data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), with the utmost seriousness. This Privacy Policy outlines the types of personal data we collect, how we process it, why we collect it, and the rights you retain in relation to that information.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and others who access or use the services and features available via our website at mylesmadecandles.com (the “Website”). For the purposes of data protection legislation, Myles Made Candles is the “data controller” of your personal data unless otherwise stated. As the data controller, we determine the purposes and means of processing your personal data in accordance with applicable data protection laws.
3. Categories of Data Processed
We process several categories of personal data outlined below, depending on how you interact with the Website and our services:
a. Usage Data:
Includes internet protocol (IP) addresses, browser type and version, time zone setting and location, browser plug-in types, operating system, device type, session duration, site interaction, and other diagnostic data.
b. Account Data:
Includes your first and last name, billing and shipping addresses, email address, and phone number provided during user registration, checkout, or account creation.
c. Profile Data:
Includes details of your product preferences, browsing history, purchase history, wish lists, saved items, reviews, and behavior on the Website.
d. Communication Data:
Includes records of your communications with us such as support queries, feedback, complaint submissions, and messages sent via web forms or to our customer service email ([email protected]).
e. Technical Data:
Includes data about your devices such as operating system, hardware model, IP address, mobile network information, browser types, and other identifiers used to access our services.
f. Transaction Data:
Includes details of purchases, order history, payment information (excluding full card details), transaction timestamps, and shipping and billing addresses. We work with secure third-party payment processors to handle payments.
g. Preference Data:
Includes your selected communication preferences, marketing opt-ins, newsletter subscription status, and product interest data (such as favorite candle scents or recurring order preferences).
4. Legal Bases for Processing
We process your personal data in accordance with the following lawful bases under the GDPR and, where applicable, the CCPA:
– Contractual Necessity: To fulfill our contractual obligations to provide you with goods and services, including order processing and deliveries.
– Legitimate Interests: For activities necessary for the efficient operation of our business, such as improving the user experience, preventing fraud, or conducting direct marketing (where permitted).
– Legal Obligations: To comply with legal and regulatory requirements, such as retention of transaction records and tax information.
– Consent: Where consent is given freely, such as for marketing communications, promotional offers, and non-essential cookies.
5. Your Rights
Data subjects in the EU and California residents have legal rights concerning their personal data. You are entitled to:
– Access: Request a copy of your personal data.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of your personal data (the “right to be forgotten”).
– Restriction: Request limitation of how your data is processed.
– Portability: Request the transfer of your data to another service provider.
– Objection: Object to processing of your personal data based on legitimate interests.
– Withdraw Consent: Revoke previously granted consent at any time, where consent is the lawful basis.
– Non-Discrimination: You will not be discriminated against for exercising your privacy rights under the CCPA.
To exercise any of these rights, contact us at [email protected].
6. Security Measures
We employ industry-standard technical and organizational security measures to ensure the protection of your personal data. These measures include:
– Data encryption both at rest and in transit via SSL/TLS.
– Access controls and authentication to limit personnel access.
– Regular system backups and disaster recovery protocols.
– Staff training in data protection principles and protocols.
– Secure payment gateways monitored for fraud and intrusion.
7. International Data Transfers
If we transfer personal data outside the European Economic Area (EEA) or other jurisdictions where data protection laws apply, we ensure such transfers are made in compliance with relevant laws. We employ appropriate safeguards, including Standard Contractual Clauses approved by the European Commission or reliance on adequacy decisions when applicable.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including meeting legal, regulatory, tax, accounting, or reporting requirements. Specific retention periods are as follows:
– Account and Profile Data: Retained as long as the account remains active.
– Transaction Data: Retained for a minimum of 6 years for tax and legal compliance.
– Usage and Technical Data: Retained for up to 24 months for analytics and diagnostics.
– Communications Data: Retained for up to 36 months for customer service traceability.
– Marketing Preferences: Retained until consent is withdrawn.
9. Cookie Policy
We use cookies and similar tracking technologies for operational, functional, analytics, and performance purposes. The categories of cookies we may use on mylesmadecandles.com include:
– Essential Cookies: Necessary for Website functionality, such as shopping cart and login processes.
– Functional Cookies: Enhance user experience by remembering preferences and settings.
– Analytics Cookies: Collect information about user behavior and Website usage to improve service.
– Performance Cookies: Monitor performance metrics and identify areas for Website optimization.
Third-party providers may also use cookies through our Website to support advertising and analysis.
10. Cookie Management and Compliance
Upon visiting our Website, you are presented with a cookie consent banner in compliance with GDPR and CCPA requirements. You may accept or reject non-essential cookies and change preferences anytime via our cookie management tool or through browser settings.
For California residents, you may also opt out of “sale” or “sharing” of your data under the CCPA by using the “Do Not Sell My Personal Information” option available on our Website, where applicable.
11. Children’s Privacy
Our services are not directed toward individuals under the age of 13. We do not knowingly collect personal information from children. If you have reason to believe that a child has provided us with personal data, please contact us, and we will take appropriate steps to delete such information from our systems.
12. Policy Updates and Notifications
We may update this Privacy Policy to reflect changes in our practices, legal requirements, or Website functionality. Users will be notified of material changes through prominent banners, notifications on the Website, or via email, if applicable. We encourage you to review this policy regularly to stay informed of your rights and how we use your data.
13. Contact Us
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us at:
Email: [email protected]
Website: https://mylesmadecandles.com
We are committed to maintaining full compliance with the GDPR, CCPA, and other applicable data privacy laws. Please do not hesitate to reach out with any concerns or queries regarding your personal data and privacy.