Privacy Policy
At Lip Care Center (“we,” “us,” or “our”), accessible via lipcarecenter.com (the “Site”), we are committed to protecting the privacy, security, and personal data of our users and ensuring compliance with all applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, store, and disclose your personal information, and your rights in relation to that data.
1. Introduction: Our Commitment to Privacy and Data Protection
We recognize the fundamental importance of privacy and personal data protection. Our operations are guided by a privacy-first approach that prioritizes transparency, accountability, data minimization, and the security of your information. We only process personal data in accordance with lawful bases and clear purposes, ensuring that your personal data remains secure, confidential, and protected from misuse.
2. Scope of Policy and Our Role as Data Controller
This Privacy Policy applies to all users of lipcarecenter.com, including visitors, account holders, and customers who interact with our platform. In the context of GDPR and similar regulations, Lip Care Center is the “data controller” for the personal data collected via our Site, which means we determine the purpose and method of data processing.
3. Categories of Data We Process
We may collect and process the following categories of personal information:
a. Usage Data: This includes data automatically collected during your interaction with the Site, such as browser type and version, IP address, session identifiers, time zone settings, referral URLs, pages viewed, and activity logged.
b. Account Data: When you register for an account or make a purchase, we collect information such as full name, email address, phone number, billing/shipping address, and other relevant identifiers.
c. Profile Data: This includes information related to your account preferences, shipping and shopping habits, saved items, reviews, and purchase history.
d. Communication Data: This encompasses emails, support inquiries, chat transcripts, and any other form of correspondence you have with us, including contact details and message content.
e. Technical Data: We collect details about your device and technical environment, such as operating system, hardware specifications, unique device identifiers, and browser plugins.
f. Transaction Data: When you place an order, we collect payment method details, transaction identifiers, dates, amounts, and product delivery information.
g. Preference Data: Your expressed interests in products, categories, your consent or refusal to receive marketing materials, and your communication preferences fall into this category.
4. Legal Bases for Processing
We rely on the following lawful bases for processing your personal data:
– Consent: Where you have given explicit permission for specific processing, such as receiving marketing communications.
– Contractual Necessity: Processing required to fulfill a contract with you, such as fulfilling orders or providing services.
– Legitimate Interests: For the operation and improvement of our business and Site, fraud prevention, security, and service analytics, provided these interests do not override your rights.
– Legal Obligation: Where required by applicable law, legal process, or governmental request.
5. Your Rights Under Data Protection Laws
Subject to applicable law, you have the following rights in relation to your personal data:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, where legally permissible.
– Right to Restrict Processing: Request that we limit how we use your data under certain circumstances.
– Right to Data Portability: Request to receive your personal data in a structured, commonly-used format or request transfer to another data controller.
– Right to Object: Object to processing based on legitimate interests or automated decision-making.
To exercise any of these rights, please contact us at [email protected]. We will respond in accordance with applicable data protection laws.
6. Security Measures
We implement robust administrative, technical, and physical safeguards to ensure the integrity and confidentiality of your data. These measures include but are not limited to:
– Data encryption (TLS/SSL) during transmission
– Strong access control and authentication protocols
– Regular security audits and penetration testing
– Encrypted backups and disaster recovery planning
– Staff training in data protection and information security policies
7. International Data Transfers
If personal data is transferred outside the European Economic Area (EEA) or California, such transfers occur only where appropriate safeguards are in place, including:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Adequacy decisions granted to receiving countries
– Binding corporate rules or other lawful derogations
Where such transfers are made, we ensure that your data is subject to protections equivalent to those afforded under the GDPR and CCPA.
8. Data Retention
We will retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Usage and Technical Data: Retained up to 12 months
– Account and Profile Data: Retained for the duration of the user account’s existence and up to 2 years post-account closure
– Transaction and Communication Data: Retained as required for statutory, tax, or legal obligations (up to 7 years)
– Preference and Marketing Data: Retained until consent is withdrawn
After the expiration of applicable periods, data will be either anonymized or securely deleted.
9. Cookie Policy
Our Site uses cookies and similar tracking technologies to enhance user experience, understand Site performance, and personalize content. Cookies used include:
– Essential Cookies: Necessary for Site functionality, such as authentication and secure login.
– Functional Cookies: Enable enhanced personalization, such as saved preferences.
– Analytics Cookies: Track user interaction to improve Site performance (e.g., Google Analytics).
– Performance Cookies: Monitor load times, error tracking, and overall responsiveness.
10. Cookie Management & Legal Compliance
We provide a cookie consent banner in compliance with GDPR and CCPA regulations. You can manage your cookie preferences at any time through your browser settings or directly through our cookie consent tool. Under CCPA, California residents have the right to opt out of cookie-based “selling” of personal information.
Additionally, we honor Global Privacy Control (GPC) signals received from supported browsers.
11. Protection of Children’s Data
We do not knowingly collect or solicit personal data from children under the age of 13. If you believe that your child has provided us with personal information without your consent, please contact us immediately at [email protected] so we may take appropriate action, including its removal.
12. Updates to this Policy
We reserve the right to revise or update this Privacy Policy to reflect changes in our practices, legal requirements, or technological enhancements. Where material changes are made, we will notify users through appropriate mechanisms, such as notices on the Site, updated banners, or direct communication (e.g., email, if applicable).
Your continued use of lipcarecenter.com following updated policies constitutes acknowledgment of those revisions.
13. Contact Information
If you have any questions, concerns, requests to exercise your data rights, or wish to file a complaint, please contact our Privacy Officer at:
Email: [email protected]
—
We are committed to maintaining full compliance with global privacy legislation, including the GDPR and CCPA, and to protecting your privacy as a valued user of lipcarecenter.com. Please reach out with any privacy-related concerns, and we will respond promptly and responsibly.