Privacy Policy
Jemma Simpson (“we,” “our,” or “us”) is firmly committed to safeguarding the privacy and personal data of all users who visit or interact with our website, jemmasimpson.com. This Privacy Policy explains how we collect, use, disclose, and protect your information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. We encourage you to read this policy carefully to understand your rights and our obligations regarding your personal data.
1. Commitment to Privacy and Data Protection
Your privacy matters to us. At jemmasimpson.com, we adhere to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. We strive to ensure that all personal data is handled securely and with the highest standards of care.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through jemmasimpson.com, including via online forms, communications, purchases, user accounts, and cookies. Jemma Simpson is the data controller responsible for the collection, processing, and use of your personal information under applicable privacy laws.
If you have any questions regarding this policy, you may contact us at: [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data when you interact with our website or services:
– Usage Data: Includes information about your use of our website such as IP address, browser type/version, time zone setting, pages visited, session duration, and referring source.
– Account Data: Includes personal information provided during registration such as name, billing or delivery address, email address, and phone number.
– Profile Data: Includes preferences, interests, purchase history, behavioral patterns, and user-generated content.
– Communication Data: Includes records of communications you send to us (e.g., support requests, contact forms, or messages), and our subsequent correspondence with you.
– Technical Data: Includes details about your device and system used to access our website, including hardware model, operating system, browser type, system settings, and error logs.
– Transaction Data: Includes data relating to transactions processed through jemmasimpson.com, including payment details, delivery records, invoice information, and order history.
– Preference Data: Includes information about your marketing preferences, language settings, product interests, and opt-in or opt-out status for newsletters and communications.
4. Legal Bases for Processing
We process your data only when there is a legal basis to do so under GDPR, which includes:
– Consent: Where you have freely given clear consent for us to process your personal data for a specific purpose.
– Contractual Necessity: When processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering a contract (e.g., processing orders).
– Legal Obligation: Where processing is necessary to comply with a legal obligation to which we are subject.
– Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms.
5. Your Rights Under GDPR and CCPA
As a user of jemmasimpson.com, you have the following rights regarding your personal data:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request corrections to any inaccurate or incomplete personal information.
– Right to Erasure: Request that we delete your personal data, subject to applicable exceptions.
– Right to Restriction: Request that we suspend the processing of your personal data in certain circumstances.
– Right to Data Portability: Request to receive your personal data in a structured, commonly used format and to have that data transferred to another controller.
– Right to Object: Object to our processing of your personal data in specific contexts, such as direct marketing.
– Right to Withdraw Consent: If processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing prior to the withdrawal.
To exercise these rights, please contact us at: [email protected].
6. Security Measures
We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include encryption, secure server configurations, access controls, regular system audits, staff training, and secure backup protocols.
7. International Transfers
Where it is necessary to transfer your personal data outside the European Economic Area (EEA) or the United States, we ensure appropriate safeguards are in place, such as the use of Standard Contractual Clauses (SCCs), adherence to the principles of the GDPR or CCPA, and engagement with service providers who comply with recognized international data protection frameworks.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention timeframes include:
– Usage Data: Retained for up to 12 months for analytics and optimization.
– Account and Profile Data: Retained for the duration of your account and for up to 6 years thereafter.
– Transaction Data: Retained for at least 7 years in accordance with tax and financial regulations.
– Communication and Preference Data: Retained for 3 years from last correspondence or user interaction.
9. Cookie Policy
Our website uses a variety of cookies to enhance user experience, provide essential functionality, measure performance, and deliver relevant content.
Categories of cookies we use:
– Essential Cookies: Required for the website to function (e.g., authentication, shopping cart).
– Functional Cookies: Enable personalization of content and user preferences.
– Analytics Cookies: Help us understand how visitors interact with our site (e.g., Google Analytics).
– Performance Cookies: Measure website performance and load speeds to improve user experience.
10. Cookie Management and Compliance
You can manage your cookie preferences by adjusting your browser settings or by using the cookie management tools provided on jemmasimpson.com. Consent banners appear where required for users in applicable jurisdictions in compliance with GDPR and CCPA, enabling users to explicitly accept, reject, or customize their cookie settings.
Do Not Track (DNT) signals are honored where technically feasible.
11. Children’s Privacy
Protecting the privacy of minors is of paramount importance to us. jemmasimpson.com is not intended for use by individuals under the age of 13, and we do not knowingly collect personal information from children. If we discover that data has been collected from a child, we will take appropriate measures to delete such information promptly.
12. Policy Updates
We may revise this Privacy Policy to reflect changes in legal obligations or our privacy practices. Material changes to this policy will be communicated via jemmasimpson.com. We encourage users to periodically review this page to stay informed about how we handle your data.
13. Contact Us
For questions, concerns, or to exercise any of your rights under this policy, please contact:
Email: [email protected]
We are committed to respecting your privacy and complying with all applicable data protection laws, including GDPR and CCPA. Please reach out to us if you have any concerns or require clarification on how your personal data is used or protected.