PRIVACY POLICY
Caroline Or Change (“we,” “our,” or “us”) values the privacy and security of all visitors to our website, carolineorchange.com (the “Site”). We are committed to protecting your personal data in accordance with applicable data protection regulations, including the European Union General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data when you interact with the Site. By using the Site, you consent to the practices described in this Privacy Policy.
1. COMMITMENT TO PRIVACY AND DATA PROTECTION
At carolineorchange.com, we honor your right to privacy and take the responsibility to safeguard your personal data seriously. We implement strict safeguards and processes to ensure that your information is handled in a transparent, secure, and fair manner. We aim to uphold data protection principles and respect individuals’ rights regarding their personal data.
2. SCOPE OF POLICY AND DATA CONTROLLER ROLE
This Privacy Policy applies to all personal data processed through your use of the Site, including any communications, purchases, or services rendered. For the purposes of the GDPR and other applicable data protection laws, the data controller responsible for your information is:
Caroline Or Change
Email: [email protected]
Website: carolineorchange.com
If you access the Site from jurisdictions outside of the European Union or California, our data handling practices remain aligned with global privacy standards. However, local laws may provide additional rights.
3. CATEGORIES OF DATA PROCESSED
We may collect and process the following categories of personal data:
– Usage Data: Includes information about how you use our Site, such as pages visited, referral URLs, session durations, IP addresses, browser types, internet service providers, timestamps, and interaction data.
– Account Data: Includes any information you provide when creating an account or purchasing products, such as your full name, billing and shipping address, email, and phone number.
– Profile Data: Includes your preferences, favorite events or items, purchase history, user behavior on the Site, and saved settings.
– Communication Data: Includes information provided through our contact forms, customer service interactions, support tickets, and email correspondence.
– Technical Data: Includes device information, operating systems, network settings, locale and language preferences, screen resolutions, and browser configurations.
– Transaction Data: Includes payment details (processed via secure third-party processors), transaction history, order details, shipping and delivery confirmations.
– Preference Data: Includes consent for marketing communications, advertising preferences, product interests, and newsletter sign-ups.
4. LEGAL BASES FOR PROCESSING
Your personal data is processed under one or more of the following legal bases:
– Consent: You have provided explicit consent for processing (e.g., marketing emails, newsletter subscriptions).
– Contractual Necessity: Processing is necessary for fulfilling a contract with you (e.g., orders, account management).
– Legitimate Interest: We have a valid business interest in processing your data in a way that does not override your rights (e.g., usage analysis, fraud prevention).
– Legal Obligation: We are required to process data to comply with legal or regulatory requirements (e.g., tax records, court orders).
5. YOUR DATA PROTECTION RIGHTS
You have the following rights concerning your personal data, subject to applicable restrictions:
– Right of Access: You can request confirmation about whether we process your personal data and receive a copy of such data.
– Right to Rectification: You may request the correction of incomplete or inaccurate data we hold about you.
– Right to Erasure: You can request deletion of your personal data when there is no valid reason for us to continue processing it.
– Right to Restrict Processing: You may request that we suspend processing your personal data under certain conditions.
– Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format or request that it be transferred to another controller.
To exercise these rights, please contact us at [email protected]. We may require verification of your identity before processing such a request to protect your privacy.
6. SECURITY MEASURES
We implement rigorous technical and organizational measures designed to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include:
– Encryption of sensitive data during transmission using SSL/TLS protocols
– Access controls and authentication mechanisms for internal data access
– Regular system monitoring and vulnerability assessments
– Secure data backups and disaster recovery policies
– Data protection training for staff managing or accessing personal data
While we take all reasonable steps to ensure the security of your data, no system can guarantee absolute security. You are encouraged to use caution when submitting data online.
7. INTERNATIONAL DATA TRANSFERS
Your personal data may be transferred to and processed in countries outside your country of residence, including jurisdictions where data protection laws may differ, such as the United States. Where such transfers occur, we rely on appropriate safeguards, including:
– European Commission-approved Standard Contractual Clauses (SCCs)
– Certification mechanisms, contractual assurances, and supplementary measures where necessary
– Compliance with applicable laws in the destination country
We ensure that such transfers are lawful and that your information remains protected during transfer and storage.
8. DATA RETENTION
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Our data retention periods depend on the category of data:
– Account and Transaction Data: Retained for up to seven (7) years for legal and tax compliance
– Communication Data: Retained for up to two (2) years for customer service and audit purposes
– Usage and Technical Data: Retained for twelve to twenty-four (12–24) months for analytics and performance optimization
– Marketing Preferences: Retained until you withdraw your consent or unsubscribe
Where data is no longer necessary, we securely delete and dispose of it in accordance with applicable data protection laws.
9. COOKIE POLICY
We use cookies and similar tracking technologies to enhance your experience on our Site. Cookies are small text files that are stored on your device when visiting web pages.
Types of cookies we use:
– Essential Cookies: Necessary for the core functionality of the Site, such as secure login and purchase functionalities
– Functional Cookies: Enable personalization features, saved preferences, and language settings
– Analytics Cookies: Help us understand how users interact with the Site and improve performance (e.g., via Google Analytics)
– Performance Cookies: Monitor website performance and detect technical issues that may affect user experience
10. COOKIE MANAGEMENT AND YOUR RIGHTS
In compliance with GDPR and CCPA, you have the right to manage your cookie preferences. When you first visit carolineorchange.com, you are presented with a cookie consent banner. You can accept, reject, or customize your cookie preferences.
At any time, you may:
– Adjust browser settings to block or delete cookies
– Use browser extensions or privacy tools to manage tracking technology
– Withdraw consent by revisiting the cookie banner or contacting [email protected]
Note that restricting certain cookies may affect functionality and usability of the Site.
11. SPECIAL PROTECTIONS FOR CHILDREN
We do not knowingly collect or solicit personal data from children under the age of 13. If you are under 13, do not use this Site or provide any personal information. If we discover that we have inadvertently collected data from a child under 13, we will delete such information promptly. Parents or guardians who become aware of unauthorized data collection from a child should contact us at [email protected].
12. POLICY UPDATES & USER NOTIFICATIONS
We reserve the right to update or modify this Privacy Policy to reflect changes in our practices, legal requirements, or technology. Any material changes will be displayed on this page and may be communicated via email or Site notification, where appropriate. We encourage you to review this page periodically to stay informed of how we protect your information.
13. CONTACT
If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or how we handle your personal data, please contact us at:
Email: [email protected]
Website: carolineorchange.com
We are committed to responding to your inquiries in a timely and transparent manner.
Caroline Or Change is dedicated to maintaining full compliance with global data protection laws and prioritizing the privacy rights of all users. If you believe your rights have been violated or would like to raise a concern, please contact us directly at the above address.