Privacy Policy for SuperGestures.com
1. Introduction
At SuperGestures.com (“we,” “us,” or “our”), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and disclose your personal data. Our data practices are designed with a privacy-first approach, ensuring transparency, accountability, and compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of SuperGestures.com and its services. It governs the personal information collected or processed through our website, contact forms, payment processing systems, and other interactions you may have with us.
For the purposes of applicable data protection law, SuperGestures.com is the data controller responsible for determining the purposes and means of processing your personal data. You may contact us with privacy-related questions or concerns at [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data, depending on your use of our website and services:
a. Usage Data
Includes details such as IP address, browser type and version, geographic location, pages visited, session timestamps, referral source, and navigational paths through the website.
b. Account Data
Includes your name, mailing address, email address, phone number, and any other identifying information you provide when creating an account or interacting with our platform.
c. Profile Data
Includes your interests, product preferences, purchase history, and behavioral data related to how you use our services.
d. Communication Data
Includes information contained in communications you send to us via contact forms, email correspondence, or support requests. This includes metadata, communication history, and the content of your messages.
e. Technical Data
Includes data about the devices you use to access our website or services, such as device type, operating system version, browser configuration, and system settings.
f. Transaction Data
Includes records of products or services purchased, payment information (handled securely via third-party processors), delivery addresses, and transaction timestamps.
g. Preference Data
Includes data relating to your marketing and communication preferences, language settings, and product or feature interests indicated via user actions or settings.
4. Legal Bases for Processing
We process your personal data lawfully and for the following legal bases as appropriate under GDPR and other applicable laws:
– Contractual Necessity: To provide or fulfill our services in accordance with a contract (e.g., fulfilling purchases).
– Legitimate Interests: To operate and improve our website, manage customer relationships, protect against fraud, and market similar products or features (unless overridden by interests or rights).
– Consent: Where legally required, we will obtain your explicit consent before processing certain types of personal data (e.g., marketing preferences or cookies).
– Legal Obligation: Where necessary to comply with a legal requirement, regulatory inquiry, court order, or governmental request.
5. Your Rights
You have the following rights in relation to your personal data, subject to limitations and conditions set under applicable law:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You may request corrections to inaccurate or incomplete data.
– Right to Erasure (Right to be Forgotten): You may request that we delete your personal data, where legally permitted.
– Right to Restriction of Processing: You may request limited processing of your data under certain circumstances.
– Right to Data Portability: You may request that we transfer your personal data to you or another controller in a structured, commonly used format.
– Right to Object: You may object to processing where we rely on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent: If processing is based on your consent, you have the right to withdraw that consent at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond as required by applicable law.
6. Security Measures
We implement robust technical and organizational security measures to ensure the confidentiality, integrity, and availability of your personal data. These include, but are not limited to:
– End-to-end encryption for sensitive data;
– Firewalls and secure servers;
– Role-based access controls and staff permission management;
– Regular security audits and vulnerability assessments;
– Staff training on privacy and data protection best practices;
– Secure backup and data recovery processes.
7. International Transfers
Where personal data is transferred outside of the European Economic Area (EEA) or other jurisdictions with equivalent data protection laws, we ensure adequate safeguards are in place. These may include:
– Standard Contractual Clauses approved by the European Commission;
– Processing agreements with third-party vendors ensuring compliance with applicable laws;
– Certification under recognized privacy frameworks.
Such transfers are made to maintain the performance of our services globally, including for cloud hosting, payment processing, or customer support operations.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, and to the extent required to comply with our legal obligations. Specific retention periods include:
– Usage Data: Retained for up to 12 months for site analytics.
– Account Data: Retained while the account remains active and for up to 6 years thereafter to comply with recordkeeping laws.
– Communication Data: Retained for up to 3 years following contact resolution.
– Transaction Data: Retained for up to 7 years for tax and financial compliance.
– Preference Data: Retained until you change your preferences or withdraw consent.
– Technical and Profile Data: Retained while relevant for service optimization, with periodic anonymization reviews.
9. Cookie Policy
We use cookies and similar technologies to enhance your experience on SuperGestures.com. Cookies are small text files placed on your device to collect and store certain information. Categories of cookies used:
– Essential Cookies: Necessary for site functionality and core navigation.
– Functional Cookies: Enable personalization and remember user preferences.
– Analytics Cookies: Collect information about visitor interactions to improve site performance and user experience.
– Performance Cookies: Help us load pages more quickly and monitor site reliability.
We do not use cookies to collect sensitive personal information, nor do we sell cookie data to third parties.
10. Cookie Management and Compliance with GDPR & CCPA
Visitors to SuperGestures.com can manage cookie preferences via our cookie banner and settings panel. You may also modify browser settings to block or delete cookies.
Pursuant to GDPR, visitors in the EEA must actively opt into non-essential cookies. Under CCPA, California residents may opt out of certain types of information sharing by adjusting cookie settings or contacting us directly.
You may also exercise “Do Not Sell or Share My Personal Information” rights, where applicable, via a prominently displayed link or query to [email protected].
11. Special Protections for Children
SuperGestures.com is not intended for individuals under the age of 13 and does not knowingly collect personal data from children. If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete such information. Parents or legal guardians with concerns can contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to amend this Privacy Policy at any time to reflect changes in legal requirements, our services, or our data handling practices. Material updates and significant changes will be communicated to users through suitable means — such as updates on our website or email notification, where applicable.
We encourage you to review this policy periodically to remain informed about how we collect and use your personal data.
13. Contact
For any questions, concerns, or requests relating to this Privacy Policy or your personal data, you may contact our privacy team at:
Email: [email protected]
We are fully committed to ensuring compliance with all applicable privacy laws and to resolving any privacy-related issues transparently and promptly. Your trust and privacy are of paramount importance to us.