Protection

1. Introduction

At Vanilla Storm, we are committed to protecting and respecting your privacy. This Data Protection Policy explains how we collect, use, store, disclose, and protect your personal data when you engage with our services, visit our website, or communicate with us. We comply with data protection laws including the General Data Protection Regulation (GDPR), the UK Data Protection Act, the California Consumer Privacy Act (CCPA), and other applicable privacy laws. Your privacy matters to us, and we strive to handle your data with transparency and accountability.

2. Information We Collect

We may collect various types of personal data, including but not limited to:

• Personal identifiers: Name, date of birth, and gender
• Contact details: Email address, phone number, and mailing address
• Account data: Username, password (encrypted), account preferences
• Financial data: Payment card information, billing history, and transaction records
• Technical data: Device type, IP address, browser type, operating system, access times, and usage patterns
• Communication records: Customer service messages, feedback, inquiries
• Marketing data: Communication preferences, responses to promotions or surveys

This data may be provided directly by you or collected automatically through your use of our website and services.

3. How We Collect Your Data

We collect data through:

• Direct interaction: When you fill out forms, sign up for services, make a purchase, or correspond with us
• Automated technologies: Via cookies, web beacons, and similar tracking mechanisms
• Third-party sources: Including service providers, business partners, social media platforms, or publicly available databases

4. Use of Personal Data

Your data is used for the following purposes:

• To provide you with our services, products, and support
• To process your orders, payments, and deliver requested content or goods
• To personalize and improve your experience
• To communicate important service updates and policy changes
• To send promotional content, newsletters, and special offers (if you’ve opted in)
• To detect, prevent, and investigate fraud or security issues
• To comply with our legal obligations and enforce our terms

5. Legal Basis for Processing

Our data processing is supported by legal bases, including:

• Consent: For marketing and non-essential data processing
• Contractual necessity: To perform our agreement with you
• Legal obligation: To comply with legal duties
• Legitimate interest: To operate and improve our services responsibly, while respecting your rights

6. Data Sharing and Disclosure

We may share your personal data with:

• Service providers: Who assist with payment processing, customer service, hosting, analytics, or marketing
• Affiliates and subsidiaries: For internal business operations
• Authorities: When legally obligated, such as in response to court orders or investigations
• Business transfers: In case of a merger, sale, or acquisition, under confidentiality obligations

All third parties are required to respect the security of your data and comply with relevant privacy laws.

7. Data Transfers Outside Your Jurisdiction

If your personal data is transferred to countries outside your own (e.g., to the US or EU), we ensure appropriate safeguards are in place. These may include Standard Contractual Clauses or similar legal mechanisms to ensure data protection standards are met.

8. Retention of Personal Data

We retain your data only for as long as necessary to fulfill the purposes outlined in this policy, including legal, accounting, or reporting obligations. When personal data is no longer needed, it is securely deleted or anonymized.

9. Data Security

We use a range of physical, electronic, and managerial safeguards to secure your data, including:

• SSL encryption for online transactions
• Regular security reviews and risk assessments
• Access controls and authentication procedures
• Secure servers and firewall protections

Despite our efforts, no system is entirely foolproof. We encourage users to take precautions such as securing their passwords and avoiding untrusted networks.

10. Your Rights Under Data Protection Law

Depending on your jurisdiction, you may have the following rights:

• Access: To view what personal data we hold about you
• Rectification: To correct inaccurate or incomplete information
• Erasure: To request deletion of your data under certain conditions
• Restriction: To limit how we process your data
• Objection: To oppose processing based on legitimate interest or for marketing
• Portability: To receive your data in a structured, commonly used format
• Withdraw consent: To revoke permission at any time, without affecting prior lawful processing

To exercise any of these rights, please contact us at [email protected].

11. Cookies and Tracking Technologies

We use cookies and similar technologies to improve website functionality, understand user behavior, and deliver tailored content and advertising. You can manage cookie preferences through your browser or via our cookie consent tool. For more details, please refer to our separate Cookie Policy.

12. Children’s Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect data from minors. If such data is inadvertently collected, we will delete it promptly upon discovery.

13. Changes to This Policy

This Data Protection Policy may be updated periodically to reflect changes in our data practices or legal obligations. When significant changes are made, we will notify users via our website or by email. We recommend reviewing this policy regularly.