Privacy Policy for michubags.com
1. Introduction
At michubags.com, we are deeply committed to safeguarding your privacy and protecting your personal data in accordance with the highest legal and ethical standards. This Privacy Policy outlines how we collect, use, disclose, and protect your information, and it demonstrates our dedication to full compliance with applicable privacy regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Your trust is critical to us, and we take every reasonable step to ensure that your personal data remains protected and treated with utmost responsibility and care.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected or processed by michubags.com when you interact with our website, services, emails, and communication channels. For the purpose of applicable data protection laws, michubags.com is the “data controller”, responsible for determining the purposes and means of processing your personal data. If you have any questions about the processing of your data, please contact us at [email protected].
3. Categories of Data Processed
We may collect and process various types of personal data depending on your interaction with our website:
– Usage Data: Includes information about how you interact with our site, such as IP address, browser type, operating system, referral URL, pages visited, time spent, and navigation patterns.
– Account Data: Includes identifying information such as your full name, billing and shipping addresses, email address, and telephone number, typically provided during account registration or checkout.
– Profile Data: Includes your preferences, purchase history, shopping behavior, saved items, and wishlists.
– Communication Data: Includes the content of your communications with us, such as email inquiries, support requests, chat messages, and customer service interactions.
– Technical Data: Includes device-specific data such as device type, hardware model, operating system information, system language, and mobile device identifiers.
– Transaction Data: Includes payment details (handled securely via payment processors), order history, tracking numbers, delivery status, and transaction timestamps.
– Preference Data: Includes information about your marketing preferences, mailing list subscriptions, communication consents, and indicated product interests.
4. Legal Bases for Processing
Under the GDPR, the lawful bases we rely on to process your personal data include:
– Contractual Necessity: Processing is necessary to fulfill a purchase, shipping, or other service you have requested.
– Legitimate Interests: We process data as necessary for our legitimate business interests, including customer support, fraud prevention, and service improvement, provided our interests are not overridden by your fundamental rights.
– Consent: For marketing communications, non-essential cookies, and other data uses not strictly necessary, we seek your explicit consent.
– Legal Obligation: We may process your information to comply with legal requirements, such as taxes, fraud prevention, and regulatory obligations.
If you are a resident of California, we comply with the CCPA and only collect and disclose personal information as permitted or required by law, including your right to opt out of the “sale” (as defined by the CCPA) of your personal data.
5. Your Rights
Subject to applicable laws, you may exercise the following rights:
– Right of Access: Request a copy of the personal data we hold about you.
– Right to Rectification: Request corrections to any inaccurate or incomplete data.
– Right to Erasure: Request erasure of your data when it is no longer necessary or you withdraw consent.
– Right to Restrict Processing: Request restriction of processing under certain circumstances.
– Right to Data Portability: Receive a copy of your data in a structured, commonly used, machine-readable format and transmit it to another controller.
Residents of California also have the right to request details about personal information collected, disclosed, or sold (under the CCPA), and may request that we delete any applicable personal data, subject to certain exceptions.
To exercise these rights or submit a data access request, please contact us at [email protected].
6. Security Measures
We employ industry-standard technical and organizational measures to protect your data against unauthorized access, disclosure, or destruction, including but not limited to:
– Data encryption at rest and in transit
– Secure socket layer (SSL) protocols
– Role-based access restrictions and authentication controls
– Regular data backups and recovery protocols
– Staff privacy and security training
While we undertake considerable precautions to secure your data, no system can guarantee absolute protection. We encourage you to also take precautions when using the internet.
7. International Transfers
When you access or use michubags.com from outside of your country of residence, your data may be transferred to and processed in other jurisdictions, including those that may not provide the same level of data protection. Whenever we transfer your personal data internationally, we ensure appropriate safeguards are in place, including European Commission Standard Contractual Clauses, to ensure lawful handling and protection of your information.
8. Data Retention
We retain personal data for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, including legal, accounting, or reporting requirements. The specific retention periods for each data category are:
– Usage and Technical Data: Up to 24 months
– Account and Transaction Data: Retained for 7 years for tax and audit compliance
– Communication and Support Data: Retained for 3 years from the last interaction
– Profile and Preference Data: Retained while the user account is active
– Consent records: Retained to demonstrate compliance, typically for 5 years
We securely delete or anonymize data after the applicable period has elapsed.
9. Cookie Policy
michubags.com uses cookies and similar tracking technologies to enhance user experience, identify traffic patterns, and perform analytics. Cookies used on our site include the following categories:
– Essential Cookies: Necessary for the basic operation of the website (e.g., login, cart functionality).
– Functional Cookies: Enable site personalization and language preferences.
– Analytics Cookies: Used to measure and analyze website traffic, user behavior, and navigation, typically via third-party providers like Google Analytics.
– Performance Cookies: Help identify performance problems and optimize site responsiveness.
10. Cookie Management and Compliance with GDPR & CCPA
We provide cookie consent banners that allow you to manage your cookie preferences in accordance with GDPR and CCPA requirements. Where required by law, we obtain user consent before setting non-essential cookies on your device. You may adjust your preferences or withdraw consent at any time by accessing the cookie settings on our site or through your browser’s cookie management tools.
To opt-out of data collection for interest-based advertising or sale of personal data under the CCPA, please use our provided “Do Not Sell My Personal Information” link or contact us directly at [email protected].
11. Children’s Data
michubags.com does not knowingly collect or solicit personal information from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us immediately at [email protected]. We will take steps to promptly delete such information.
12. Policy Updates
We reserve the right to update this Privacy Policy from time to time to reflect changes to our practices or to remain compliant with evolving legal requirements. Substantive changes will be communicated through either a notification on the site or via email where appropriate. Continued use of the website after such updates indicates your acceptance of the revised policy.
13. Contact
For questions regarding this Privacy Policy, or to exercise your privacy rights, please contact our Data Protection Office via email at [email protected]. We take privacy seriously and will respond to your request in accordance with applicable data protection laws.
—
We are committed to compliance with GDPR, CCPA, and all relevant data protection laws. If you have any concerns about how we manage your personal data, please do not hesitate to contact us at [email protected].