Privacy Policy
1. Introduction
At Giggle Harbor, accessible at giggleharbor.com, we are fully committed to protecting and respecting your privacy. We recognize the trust you place in us when you share your personal information, and we make it a fundamental priority to preserve the confidentiality, integrity, and security of that data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information, in strict adherence to applicable privacy laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and others who access or use services offered via giggleharbor.com (the “Website”). Giggle Harbor is the data controller in respect of all personal data collected through the Website and determines the purposes and means of processing such personal data. If you are located in the European Economic Area (EEA), our processing of your data is governed by GDPR. If you are a California resident, your rights are further explained under the CCPA.
3. Categories of Data Processed
We may collect and process the following categories of personal data, depending on your interaction with our Website and services:
Usage Data:
– Information about how you use our website, such as IP address, geographical location, browser type, length of visit, and page views.
Account Data:
– Personal details provided when registering an account or placing an order, such as your full name, billing/shipping address, email address, and telephone number.
Profile Data:
– Preferences, browsing behavior, saved settings, purchase history, and user-generated content that helps us tailor your experience across giggleharbor.com.
Communication Data:
– Records of communications including support requests, inquiries, and messages sent via contact forms or other interactions with our team.
Technical Data:
– Device type, operating system, system language, time zone settings, screen resolution, and system configuration details.
Transaction Data:
– Payment information (processed through secure third-party providers), order confirmations, billing details, shipping logistics, and invoice history.
Preference Data:
– Marketing communication consents, interests in certain products or services, participation in surveys or campaigns.
4. Legal Bases for Processing
We process personal data only where legally permitted under the following lawful bases:
– Performance of a contract: To fulfill orders or provide services you request.
– Consent: For optional processing such as marketing emails, where you have provided active, informed consent.
– Legitimate interests: To improve our services, secure our platform, detect fraud, and analyze usage patterns, provided such processing does not override your rights and freedoms.
– Compliance with legal obligations: To meet legal or regulatory duties.
5. Your Rights Under GDPR and CCPA
Depending on your location, you may exercise the following rights with respect to your personal data:
– Access: Obtain confirmation about whether we process your personal data and request access to that data.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of personal data in certain circumstances (“right to be forgotten”).
– Restriction: Request limitation of processing where appropriate.
– Portability: Receive your data in a structured, commonly used format and transfer it to another controller.
– Objection (GDPR): Object to processing where we rely on legitimate interests or direct marketing.
– Do Not Sell My Personal Information (CCPA): Request that we do not sell your personal data; note that Giggle Harbor does not sell personal data.
– Non-Discrimination (CCPA): You have the right not to receive discriminatory treatment for exercising your legal rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We adopt robust technical and organizational measures to protect your personal data from unauthorized access, accidental loss, alteration, or disclosure. These include, but are not limited to:
– Industry-standard data encryption (SSL/TLS)
– Role-based user access controls
– Regular system backups and uptime monitoring
– Internal privacy and security training for staff
– Ongoing cybersecurity assessments
Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure. Nonetheless, we strive to meet the highest standards of data protection.
7. International Transfers
Where your personal information is transferred outside of the EEA, we ensure adequate protection by using Standard Contractual Clauses approved by the European Commission or other appropriate legal mechanisms recognized under applicable privacy laws. For U.S. users, compliance with CCPA is ensured through proper data handling protocols and transparency measures.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected and in accordance with applicable laws. Retention periods typically include:
– Account and Transaction Data: Up to 7 years for legal and tax compliance
– Communication Data: Up to 3 years following last interaction
– Usage and Technical Data: Up to 24 months for analytical purposes
– Marketing and Preference Data: Until withdrawal of consent or request for deletion
Following expiration of these periods, data is anonymized or securely deleted.
9. Cookie Policy
Our Website uses cookies and other tracking technologies to enhance user experience, improve performance, and gather analytics. Cookies fall into the following categories:
– Essential Cookies: Required to operate core functionalities such as login and checkout processes.
– Functional Cookies: Enable enhanced features like language preferences and saved settings.
– Analytics Cookies: Collect aggregated data on how visitors interact with the Website to help us improve content and navigation (e.g., Google Analytics).
– Performance Cookies: Measure the speed and effectiveness of our website and marketing campaigns.
10. Cookie Management and Legal Compliance
Under GDPR and CCPA, users have the right to control the use of cookies. Upon first visit, you will be presented with a cookie banner explaining our use of cookies and prompting you to accept or adjust your settings. You may change your consent preferences or disable cookies at any time through your browser settings or by accessing the cookie management link at the bottom of the site. Please note that disabling some cookies may impair site functionality.
11. Protection of Children’s Privacy
giggleharbor.com is not intended for use by children under the age of 13. We do not knowingly collect, solicit, or process personal data of users under 13 years of age without verifiable parental consent. If we become aware that we have unknowingly collected personal information of a child without appropriate consent, we will take steps to delete such data promptly. Parents or guardians who believe that we may have collected data from a child should contact us immediately at [email protected].
12. Policy Updates and Notifications
We may update this Privacy Policy from time to time to reflect evolving legal, regulatory, or operational changes. Any material modifications will be reflected on this page and, where appropriate, we will notify users by email or through a notice on giggleharbor.com. We encourage all users to periodically review this Privacy Policy to stay informed about our data practices.
13. Contact Us
Should you have any questions, concerns, or complaints regarding this Privacy Policy or your personal data, please do not hesitate to contact us at:
Email: [email protected]
We are committed to full compliance with applicable data protection laws and to upholding the highest standards of privacy and user trust. Please reach out to us with any concerns or questions regarding how we handle your data.