Privacy Policy for NoelPopup.com
1. Introduction
At NoelPopup.com, we are committed to respecting your privacy and safeguarding your personal information. We recognize the importance of data protection and are dedicated to handling your information responsibly, transparently, and in compliance with all applicable data protection laws, including the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines the types of personal data we collect, how we use it, and the rights you have in relation to your personal information.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users who visit or interact with NoelPopup.com. For the purposes of the GDPR and other applicable privacy regulations, NoelPopup.com is the data controller of your personal data collected via this website and any associated services offered herein.
3. Categories of Data Processed
We collect and process the following types of personal data, depending on how you use our website:
– Usage Data: This includes information about your browser type and version, operating system, IP address, geographic location, referring URLs, pages viewed, and time spent on the website. This data helps us monitor and improve the performance and security of our services.
– Account Data: If you create an account with us or place an order, we collect your full name, billing/shipping address, email address, phone number, and account credentials.
– Profile Data: This encompasses your preferences, purchase history, saved items, and behavioral data such as wishlists, product views, and customer interactions.
– Communication Data: We retain any voluntary communications you send to us, including customer support inquiries, email correspondence, and contact forms.
– Technical Data: We gather details related to your device, such as device identifiers, browser settings, language preferences, and system configurations.
– Transaction Data: This includes information tied to order processing, such as payment details, invoice data, delivery instructions, and transaction timestamps. Note that we do not store full credit card numbers; payments are securely processed through third-party providers.
– Preference Data: We assess your interests and consents regarding marketing communications, event participation, and product notifications.
4. Legal Bases for Processing
We process your personal data according to the following lawful bases, as permitted under the GDPR:
– Consent: Where you have explicitly provided your consent (e.g., to receive newsletters or optional cookies).
– Contractual necessity: In order to perform contractual obligations, such as fulfilling orders or providing user account functionality.
– Legal obligation: When processing is required to fulfill our legal or regulatory obligations.
– Legitimate interests: In cases where processing is necessary for our legitimate business interests, provided they are not overridden by your rights and freedoms (e.g., website analytics, fraud prevention, customer service improvements).
5. Your Rights
Under applicable data protection laws, including GDPR and CCPA, you have the following rights:
– Right of Access: You can request confirmation of whether we process your personal data and obtain a copy of it.
– Right to Rectification: You may request correction of inaccurate or incomplete information.
– Right to Erasure: You can request deletion of your personal data in certain circumstances.
– Right to Restrict Processing: You may request temporary restriction of the processing of your data.
– Right to Data Portability: You can obtain and reuse your personal data for your own purposes across different services.
– Right to Object: You can object to data processing where we rely on legitimate interests or use your data for direct marketing.
– Right to Withdraw Consent: Where applicable, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
We will honor and respond to all legitimate requests in compliance with legal frameworks. To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
– Data encryption in transit and at rest using industry-standard protocols.
– Access controls with role-based permissions to limit internal use.
– Secure backups and redundancy systems to protect data integrity.
– Mandatory privacy and security training for all relevant personnel.
Despite our best efforts, no method of data transmission or storage can be guaranteed as 100% secure.
7. International Transfers
NoelPopup.com operates globally and may transfer your personal data to jurisdictions outside of your local country. When such transfers occur, we ensure adequate protection is in place, including:
– Standard Contractual Clauses authorized by the European Commission.
– Binding corporate rules or other recognized legal mechanisms.
– Compliance with data transfer limitations under GDPR and country-specific data privacy laws.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Retention periods vary depending on the data type:
– Usage and Technical Data: 12 months for analytics purposes.
– Account and Profile Data: Retained for the duration your account is active and for 6 years thereafter for record-keeping and legal obligations.
– Transaction Data: Retained for up to 7 years to comply with tax and legal retention obligations.
– Communication and Preference Data: Retained for 3 years after last interaction or until consent is revoked.
Upon expiry of applicable retention periods, your data will be securely deleted or anonymized.
9. Cookie Policy
NoelPopup.com uses cookies and similar tracking technologies to enhance user experience and gather analytical and operational data. Types of cookies we use include:
– Essential Cookies: Necessary for website functionality and cannot be disabled (e.g., secure checkout process).
– Functional Cookies: Enable personalized features such as remembering language settings.
– Analytics Cookies: Collect aggregate data to analyze website traffic and usage patterns.
– Performance Cookies: Monitor system performance and assist in debugging and error tracking.
10. Cookie Management and Compliance
You can manage your cookie preferences at any time through our cookie management tool, which will prompt you upon site entry in compliance with GDPR and CCPA. Additionally, browsers allow you to block or delete cookies via settings. Opting out of non-essential cookies will not affect your website experience, though some personalization features may be limited.
California residents have additional rights under CCPA, including the right to opt-out of the sale or sharing of personal information. NoelPopup.com does not sell personal data to third parties. For California residents wishing to exercise CCPA rights, please email [email protected].
11. Special Protections for Children
NoelPopup.com does not knowingly collect or process personal data from children under the age of 13. If we become aware that such information has been inadvertently collected, we will promptly delete it. Parents or guardians who believe that their child has submitted personal information may contact us directly at [email protected].
12. Policy Updates and Notifications
We reserve the right to update or modify this Privacy Policy at any time. Any significant changes will be communicated to users through appropriate channels, including website banners, account notifications, or direct email. Users are encouraged to review this Privacy Policy regularly to remain informed about how we protect your data.
13. Contact
If you have any questions, concerns, or requests related to this Privacy Policy or our data practices, you can reach us at:
Email: [email protected]
Privacy is a fundamental right and we take our responsibility seriously. NoelPopup.com complies with all relevant privacy regulations and welcomes your inquiries or feedback regarding our data protection practices.