Privacy Policy for mandimckee.com

At Mandi McKee (“we,” “us,” or “our”), accessible via mandimckee.com (“the Website”), we are committed to protecting your personal information and your right to privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

1. Commitment to Privacy and Data Protection

Your privacy is our priority. We undertake all reasonable measures to ensure that your personal data is handled securely, transparently, lawfully, and in full respect of your rights. We are devoted to maintaining your trust by protecting the confidentiality and security of your information.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to your use of mandimckee.com and any related services, communications, or interactions you may have with us. For purposes of GDPR and CCPA, Mandi McKee is the data controller of your personal data. If you have any concerns about your personal data, you may contact us at [email protected].

3. Categories of Data Processed

We may collect and process the following categories of personal data:

a. Usage Data:
Includes information such as IP address, browser type and version, device identifiers, access times, referring websites, and the pages visited on our Website. This helps us monitor website performance, identify usage trends, and enhance user experience.

b. Account Data:
Includes name, email address, billing and shipping addresses, and phone number. This data is essential for account creation and user authentication.

c. Profile Data:
Includes purchase history, preferences, saved items, and other behavioral information you provide voluntarily, or we infer, to personalize your experience.

d. Communication Data:
Includes information contained in inquiries, support requests, or correspondence you send us, such as emails or web form submissions.

e. Technical Data:
Includes device information such as operating system, hardware, browser settings, screen resolution, and other system configuration data that supports diagnostics and technical performance.

f. Transaction Data:
Includes payment method details (processed securely via third-party processors), order summaries, and delivery addresses, captured solely to fulfill orders.

g. Preference Data:
Includes information you provide regarding marketing consent, preferred communication channels, opt-in and opt-out selections, and product interests.

4. Legal Bases for Processing

We process your personal data under the following lawful bases:

– Your Consent: For sending marketing communications or collecting optional cookies.
– Contractual Necessity: For processing orders, creating accounts, and delivering services.
– Legal Obligations: For compliance with applicable laws and regulations.
– Legitimate Interests: For website security, fraud prevention, and service enhancement, provided such interests do not override your data protection rights.

5. Your Rights

Under the GDPR and CCPA, you have the following rights with respect to your personal data:

– Right of Access: You may request access to your personal data.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your personal data, subject to legal exceptions.
– Right to Restrict Processing: You may request we limit use of your data under certain circumstances.
– Right to Data Portability: You have the right to receive your data in a structured, commonly used, machine-readable format.
– Right to Object: Where processing is based on legitimate interest or direct marketing, you may object.
– California Residents: You also have rights under the CCPA to opt out of “sale” of personal data, though we do not sell data as defined by the CCPA.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We take appropriate technical and organizational measures to safeguard your personal data. Measures include, but are not limited to:

– End-to-end encryption of data in transit and at rest
– Role-based access controls and multifactor authentication
– Secure data backups and encrypted storage
– Staff training on data protection responsibilities
– Regular audits and vulnerability assessments

7. International Transfers

Personal data may be processed outside your jurisdiction, including in countries that may not offer equivalent data protection laws. Where applicable, we ensure adequate safeguards are in place, such as adherence to the European Commission’s Standard Contractual Clauses, or other acceptable mechanisms as required under applicable regulations.

8. Data Retention

We retain personal data only as long as reasonably necessary for the purpose it was collected, including for legal, accounting, or reporting obligations. Retention periods vary by data type:

– Usage and Technical Data: 12 months
– Account and Profile Data: Active duration + 3 years
– Communication Data: 2 years
– Transaction Data: 7 years for legal compliance
– Marketing Preference Data: Until opt-out or withdrawal of consent

After expiration of these periods, data is securely deleted or anonymized.

9. Cookie Policy

We use a variety of cookies and similar technologies for different purposes:

– Essential Cookies: Necessary for website operation and basic functionality.
– Functional Cookies: Enhance usability and remember user preferences.
– Analytics Cookies: Help us understand website performance and usage trends.
– Performance Cookies: Track system performance and address potential issues.

These cookies may be set by us or third-party service providers such as analytics platforms or payment processors.

10. Cookie Management and GDPR/CCPA Compliance

Upon first visit to mandimckee.com, you will be prompted to accept or manage your cookie preferences. You may update your choices at any time through the Cookie Settings link in the website footer. Under GDPR and CCPA, you may:

– Opt out of non-essential cookies
– Withdraw or change your consent
– Prevent cookie storage via browser settings
– Use designated industry opt-out tools (e.g., for Google Analytics)

11. Special Protections for Children Under 13

This Website and our services are not intended for use by children under the age of 13. We do not knowingly collect personal information from minors. If you are a parent or guardian and you believe that your child has provided us with personal data, please contact us at [email protected], and we will delete the information promptly.

12. Policy Updates & Notifications

We reserve the right to amend this Privacy Policy to reflect changes in legal requirements or business operations. Material changes will be made available prominently on mandimckee.com. Continued use of the Website following notice of updates indicates your acceptance of the updated terms.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

Email: [email protected]
Website: mandimckee.com

We are fully committed to protecting your data in compliance with GDPR, CCPA, and all applicable data privacy frameworks. Please reach out to us with any privacy-related concerns or to exercise your rights under applicable law.