Privacy Policy
Carbon Shrinks (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you visit carbonshrinks.com (the “Website”). Our practices are designed to ensure compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
Your privacy is a priority. We adhere to high standards of data protection, ensuring that all personal data is collected and processed lawfully, fairly, and transparently. This policy provides detailed information about your rights and our responsibilities concerning your personal data.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users who access or use carbonshrinks.com. Carbon Shrinks acts as the Data Controller of personal data collected through the Website and is responsible for determining the purposes and means of processing your data.
3. Categories of Data Processed
We collect and process various categories of data, both directly from you and through automated means, as outlined below:
a. Usage Data
We automatically collect data about how you interact with the Website, including browser type, IP address, pages viewed, session duration, referring URLs, and navigation paths.
b. Account Data
When you create an account, we collect personal information such as your full name, billing/shipping address, email, and phone number.
c. Profile Data
We maintain information derived from your account usage, encompassing product preferences, purchase history, browsing behavior, and interaction patterns with our services.
d. Communication Data
We retain copies of correspondence and communications you initiate with us, including inquiries, feedback, support requests, and associated contact history.
e. Technical Data
As related to usage, we collect data about your device, hardware model, operating system, browser type, device identifiers, and similar system configuration parameters.
f. Transaction Data
We collect data required to complete purchases, including payment information (via secure third-party processors), transaction history, delivery data, and billing information.
g. Preference Data
This includes your indicated preferences related to marketing communications, opt-in consents, declined services, language settings, mailing list subscriptions, and product interests.
4. Legal Bases for Processing
We rely on the following lawful grounds under applicable law to process your personal data:
– Consent: When you have given clear, revocable permission for a specific purpose (e.g., marketing).
– Contractual Necessity: To fulfill our obligations under a contract, such as delivering purchased goods.
– Legal Obligation: Where the processing is required by law.
– Legitimate Interests: For purposes such as preventing fraud, ensuring security, and improving user experience, provided our interests are not overridden by your rights.
5. Your Rights
You have the following rights with respect to your personal data:
– Right of Access: You may request a copy of the information we hold about you.
– Right to Rectification: You may ask us to correct inaccurate or incomplete data.
– Right to Erasure (Right to be Forgotten): You may request the deletion of your information where legally permissible.
– Right to Restriction: You may request processing to be suspended under specified circumstances.
– Right to Data Portability: You may request your data be returned in a structured, commonly used format.
– Right to Object: You may object to processing that is based on our legitimate interests or direct marketing.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational safeguards to protect the confidentiality, integrity, and availability of your data. These include, but are not limited to:
– End-to-end encryption of sensitive data
– Role-based access controls
– Routine data backups
– Staff training on data protection and secure handling procedures
7. International Transfers
Your personal data may be processed in countries outside your jurisdiction, including those not recognized as having an adequate level of data protection by the European Commission. In such cases, we use appropriate safeguards (e.g., Standard Contractual Clauses) to ensure your data remains protected in compliance with GDPR and other applicable regulations.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy, including:
– Usage and Technical Data: 6–12 months, for analytics and troubleshooting
– Account and Profile Data: For the duration of your account’s existence and thereafter for 2 years unless legally required to retain longer
– Transaction Data: 7 years for tax and audit compliance
– Communication Data: 2 years from last contact
– Preference Data: Until consent is withdrawn or updated
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience on carbonshrinks.com. Cookies may be classified as follows:
– Essential Cookies: Required for the operation of our Website and provision of core services (e.g., login).
– Functional Cookies: Enable enhanced functionality and personalization, such as remembering user preferences.
– Analytical Cookies: Collect information on Website usage to help us understand and improve user experience.
– Performance Cookies: Monitor site performance metrics, including page loading speeds and error tracking.
Third-party services used for analytics (e.g., Google Analytics) may also place cookies on your device.
10. Cookie Management and Compliance with GDPR & CCPA
You can manage your cookie preferences at any time by adjusting settings in your browser or through our cookie consent banner. EU users are offered affirmative opt-in choices in line with GDPR requirements. California residents are afforded the right to opt out of “sale” of personal information as defined under CCPA, which can be exercised via Do Not Sell My Personal Information links or settings.
11. Special Protections for Children
We do not knowingly collect or solicit personal information from children under the age of 13. If we become aware that data from a child under 13 has been collected without verified parental consent, we will promptly delete such information. Parents or guardians with concerns may contact us at [email protected].
12. Policy Updates & User Notifications
We reserve the right to amend this Privacy Policy to reflect changes to our practices or applicable law. Significant updates will be communicated via the Website or direct email notice where appropriate. Continued use of the Website after changes constitutes your acknowledgment and acceptance of the revised terms.
13. Contact
For privacy-related inquiries, requests to exercise your rights, or concerns about this Privacy Policy, please reach out to us using the contact information below:
Email: [email protected]
Our commitment to privacy is ongoing. Carbon Shrinks is dedicated to data protection compliance across carbonshrinks.com. For questions or assertions of your legal rights under GDPR, CCPA, or other applicable laws, we encourage you to contact us directly.