Privacy Policy
1. Introduction
At Tiny Fingers (“we”, “us”, “our”), accessible via tinyfingersband.com, we are deeply committed to protecting and respecting the privacy of our website visitors, customers, and users. Your privacy is not only important to us—it is a core value that guides how we collect, store, process, and protect your personal information. This Privacy Policy outlines the types of data we collect, the manner in which that data is used, and your rights in relation to your personal information in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected and processed by us through our website tinyfingersband.com, as well as associated services and communications. Tiny Fingers is the data controller for personal data submitted to or collected via our website, responsible for determining the methods and purposes of the processing of your personal information.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
– Usage Data: Includes information about your browser type, IP address, pages visited, access times, referring URLs, and session duration. Collected through log files and analytics tools.
– Account Data: Data you provide when registering for any services or purchases, such as your full name, email address, mailing address, and phone number.
– Profile Data: Preferences, interests, purchase history, and behavioral data related to your activity on our website and platforms.
– Communication Data: Any information that you voluntarily provide when contacting us, including support requests, feedback, and historical correspondence.
– Technical Data: Includes device identifiers, operating systems, browser configurations, and system settings used to access our website or services.
– Transaction Data: Purchase details, order histories, payment status, billing information, and delivery addresses associated with e-commerce or merchandise transactions.
– Preference Data: Marketing and communication preferences, subscription status, and product or content interests based on submitted forms or account settings.
4. Legal Bases for Processing
We rely on the following lawful bases for processing your personal information:
– Consent: Where you have granted us explicit permission to process your personal data for specific purposes (e.g., marketing emails, newsletters).
– Contractual Necessity: When processing is necessary to fulfill a contract with you, such as completing transactions or providing purchased services.
– Legitimate Interests: Where processing is necessary for the purposes of our legitimate interests (e.g., website optimization, fraud prevention), and these are not overridden by your fundamental rights and freedoms.
– Legal Obligation: Where we are required to process your data to comply with a legal duty or regulatory requirement.
5. Your Rights
As a data subject, you are entitled to exercise the following rights with respect to your personal data, where applicable under GDPR or CCPA:
– Right of Access: You have the right to request a copy of the personal data we hold about you.
– Right to Rectification: You may request that we correct inaccurate or incomplete data related to you.
– Right to Erasure: You may request that we delete your data, subject to conditions such as compliance with legal obligations.
– Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
– Right to Data Portability: You are entitled to receive the personal data you’ve provided to us in a structured, commonly-used, machine-readable format and have the right to transmit this data to another controller where technically feasible.
To exercise any of your rights or to make inquiries regarding your data, please contact us at [email protected].
6. Security Measures
We apply a comprehensive set of security practices to safeguard your information, including but not limited to:
– Encryption: Data is transmitted over secure SSL/TLS protocols and sensitive data is stored using encryption mechanisms.
– Access Control: Personal data access is role-based and limited to authorized personnel only.
– Backups: Regular encrypted backups of critical systems are maintained.
– Training: Personnel handling personal data are trained in data protection and confidentiality protocols.
While we employ robust security measures, please note that no data transmission or storage system is 100% secure.
7. International Transfers
If your personal data is transferred outside the European Economic Area (EEA), we will ensure an adequate level of protection by implementing appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, or ensuring that the recipient country provides an adequate level of data protection.
8. Data Retention
Your personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, tax, accounting, or reporting requirements. Retention periods include:
– Usage Data: Retained for up to 12 months for analytical and optimization purposes.
– Account and Profile Data: Retained during account life and for up to 6 years after closing for audit and compliance purposes.
– Communication Data: Maintained for up to 3 years for customer service reference.
– Transaction Data: Retained securely for a minimum of 7 years in compliance with accounting laws.
– Preference Data: Maintained until consent is withdrawn or you unsubscribe.
9. Cookie Policy
Our website makes use of cookies and similar technologies to enhance your browsing experience. We categorize cookies as follows:
– Essential Cookies: Required for the proper functioning of the website (e.g., session management, security features).
– Functional Cookies: Enable enhanced usability outcomes, such as remembering login credentials or language settings.
– Analytics Cookies: Help us understand user interaction with the website, including page views and navigation patterns, using anonymized data.
– Performance Cookies: Measure the performance of content delivery, loading times, and uptime metrics.
10. Cookie Management and Compliance
You may manage your cookie preferences via the cookie consent banner displayed on tinyfingersband.com. In compliance with GDPR and CCPA, users are given the option to provide or withdraw consent for non-essential cookies. You can also configure cookie settings directly in your browser to reject or delete cookies.
Under CCPA, California residents have the right to opt out of the sale or sharing of personal data. While tinyfingersband.com does not sell your personal data to third parties, we honor Do Not Sell or Share My Personal Information signals as required.
11. Protection of Children’s Privacy
Our website and services are not intended for children under the age of 13. We do not knowingly collect, process, or store personal data from children under 13 years of age. If we discover that we have inadvertently gathered such data, we will delete it immediately. Parents or guardians who believe their child has submitted personal data should contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to amend this Privacy Policy from time to time in order to reflect updates to services, applicable legal requirements, or operational practices. Any material changes will be notified via email (where applicable) or through a prominent notice on our website.
We encourage you to review this policy periodically to remain informed about how we protect your personal information.
13. Contact Us
If you have any questions regarding this Privacy Policy, the practices of tinyfingersband.com, or your dealings with our website, please contact:
Email: [email protected]
We are fully committed to privacy law compliance, including the GDPR, CCPA, and other applicable regulations. If you have questions, requests, or concerns regarding your personal data, please reach out to us at the email address provided above.