Privacy Policy
1. Introduction
At Fairytale Puppets (“we,” “us,” or “our”), accessible via fairytale-puppets.com (the “Website”), your privacy is of paramount importance. We are committed to maintaining the confidentiality, integrity, and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”).
We are dedicated to ensuring that your privacy rights are respected and maintained, and we have implemented robust privacy and security practices to safeguard your data on all levels.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all users, customers, and visitors of fairytale-puppets.com. It governs the processing of personal data through our Website and related services.
For the purposes of data protection legislation, the data controller responsible for your personal data is Fairytale Puppets. You can contact the data controller by emailing [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data, depending on your interaction with the Website and our services:
a. Usage Data
Collected automatically when you interact with our Website, including your IP address, browser type and version, time zone setting, operating system, referring URLs, pages visited, session statistics, and interaction logs.
b. Account Data
If you register or create an account on our Website, we collect your name, email address, telephone number, mailing address, login credentials, and similar identifiers.
c. Profile Data
Includes your user preferences, interests relevant to our products, past purchase information, wish lists, user-generated content, and behavioral activity relating to how you use the Website.
d. Communication Data
Comprises your communications with us, such as customer support queries, feedback submissions, technical inquiries, and the history of correspondence made via email or web forms.
e. Technical Data
Includes device identifiers, system configuration details, device model, OS version, browser plug-in types, screen resolution, and diagnostic logs that help ensure compatibility and performance of our Website.
f. Transaction Data
Includes payment methods (processed by third-party providers), billing details, delivery addresses, orders placed, order history, and fulfillment status necessary to process purchases related to our products or services.
g. Preference Data
Marketing preferences, newsletter subscription choices, consent to contact, push notifications preferences, and records of promotional communication engagement (e.g., email opens and clicks).
4. Legal Bases For Processing
Under GDPR and similar global data protection regimes, we rely on the following lawful bases for processing your personal data:
– Consent: Where your express consent is required (e.g., sending newsletters or using optional cookies).
– Contractual necessity: When processing is necessary to fulfil the terms of a contract with you (e.g., completing your purchases).
– Legal compliance: Where applicable legal or statutory obligations require record-keeping or disclosures.
– Legitimate interests: To improve our Website’s functionality, develop our services, manage customer relationships, or detect fraudulent activity—balanced against your rights and freedoms.
5. Your Rights
Subject to local legal provisions, you have the following rights with respect to your personal data:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Correct inaccurate or incomplete personal data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain conditions.
– Right to Restrict Processing: Suspend processing of your data under specific circumstances.
– Right to Data Portability: Obtain a copy of your personal data in a portable format or request transmission to another organization.
– Right to Object: Object to certain types of processing including direct marketing or profiling.
– Right to Withdraw Consent: Withdraw previously provided consent at any time without affecting past processing.
You may exercise these rights by contacting us at [email protected].
Residents of California may have additional rights under the CCPA, including:
– The right to know what personal information is collected and shared.
– The right to opt out of the sale of personal information (note: we do not sell personal information).
– The right to request deletion of personal information.
– The right not to receive discriminatory treatment for exercising these rights.
We will verify the identity of the requestor before fulfilling such rights in accordance with legal guidelines.
6. Security Measures
We utilize a comprehensive set of technical and organizational safeguards to protect your personal data, including but not limited to:
– Data encryption in transit and at rest via secure protocols
– Access controls, authentication mechanisms, and restricted administrative access
– Regular system updates and vulnerability assessments
– Secure audit logs and incident response plans
– Staff training in data protection and privacy best practices
While no internet-based platform can promise absolute security, fairytale-puppets.com applies best-in-class industry standards to ensure maximum protection of your data.
7. International Transfers
In the event that your personal data is transferred outside of your jurisdiction (e.g., to servers or partners in another country), we ensure such transfers comply with applicable data laws, including the implementation of Standard Contractual Clauses (SCCs) or other lawful mechanisms approved by regulatory authorities. Where applicable, we adhere to regional adequacy decisions and data processing agreements to safeguard cross-border transfers.
8. Data Retention
We retain your personal data for only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations.
– Account and Transaction Data: Stored for up to 7 years post-transaction to comply with tax obligations.
– Communication Records: Retained for 2 years for reference or customer service analysis.
– Marketing Data: Maintained until consent is withdrawn or after 24 months of inactivity.
– Technical and Usage Data: Retained for 12–18 months for security and analytics purposes.
Upon expiry of these periods, your data is securely deleted or anonymized unless otherwise required by law.
9. Cookie Policy
We use cookies and similar tracking technologies to improve your experience on fairytale-puppets.com. Cookies are categorized as follows:
– Essential Cookies: Required for basic site functionality, security, and performance (e.g., session cookies).
– Functional Cookies: Enable enhanced features like remembering preferences or saved locations.
– Analytics Cookies: Help us collect usage statistics and user behavior to optimize site navigation and content.
– Performance Cookies: Monitor site load times, connection stability, and ensure scalability.
10. Cookie Management and Compliance
Upon your first visit, and periodically thereafter, a cookie banner enables you to provide consent for non-essential cookies. You may manage cookie preferences at any time through our cookie settings tool or through your browser controls.
For users in the EU, EEA, and California, cookie usage is fully compliant with GDPR and CCPA provisions. We honor Do Not Track (DNT) signals and Global Privacy Control (GPC) settings, where supported.
11. Children’s Privacy
We do not knowingly collect personal data from children under the age of 13. If we discover that we have inadvertently collected personal data from a child without verified parental consent, we will promptly delete the information. If you believe a child under 13 has submitted personal data to us, please contact us immediately at [email protected].
12. Policy Updates
We reserve the right to modify or update this Privacy Policy at any time to adapt to changes in legal, technical, or business developments. When we update this policy, we will revise its content accordingly and take reasonable steps to notify users through our Website or via email, where appropriate.
13. Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or have any privacy-related concerns, please contact our Data Protection Officer by email at:
Email: [email protected]
We are committed to resolving all inquiries in a timely and transparent manner and to maintaining full compliance with data privacy laws across applicable jurisdictions.
—
This Privacy Policy reflects our ongoing commitment to the lawful, secure, and transparent handling of your personal data. For any questions about our privacy or data handling practices, you are encouraged to contact us directly at [email protected].