Privacy Policy
1. Introduction
At Lavender and Cream (“we,” “our,” or “us”), accessible at lavenderandcream.com, we are committed to respecting your privacy and protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We adopt a privacy-first approach in everything we do, and your trust is of paramount importance to us.
2. Scope and Data Controller
This Privacy Policy applies to personal data collected when you access, use, or interact with lavenderandcream.com, including through purchases, account registration, communications, or browsing activities. We act as the data controller for the personal information we process. As such, we determine the means and purposes for collecting and using your personal data as detailed herein.
3. Categories of Personal Data We Process
We may process the following categories of personal information:
a. Usage Data
Includes information about how you use our website, such as your IP address, browser type and version, device identifiers, referral URLs, timestamps, and browsing behavior (pages visited, time spent, links clicked).
b. Account Data
Comprises identity and contact details entered when creating an account or checking out as a customer, including your full name, billing and shipping address, email address, and phone number.
c. Profile Data
Encompasses user preferences, wishlists, reviews, historical purchases, interests, and site interactions for tailoring a more personalized user experience.
d. Communication Data
Includes correspondence you’ve sent to us, such as customer service requests, inquiries through our contact forms, feedback, and chat history.
e. Technical Data
Covers technical attributes such as browser settings, time zone, operating system, screen resolution, and other device-specific parameters used for performance optimization and user support.
f. Transaction Data
Includes order history, payment status, shipping information, billing records, and payment methods (handled through secure third-party processors).
g. Preference Data
Captures selections regarding newsletter subscriptions, marketing opt-ins or opt-outs, product interest indicators, and navigation behavior used to optimize offerings and content.
4. Legal Bases for Processing (GDPR)
We rely on the following GDPR-compliant legal bases to process your data:
– Consent: When you opt in for newsletters or marketing communications, or accept cookies.
– Contract: To fulfill orders, manage your account, or provide requested services or support.
– Legal Obligation: To comply with applicable laws, such as for tax reporting or consumer rights.
– Legitimate Interests: For fraud prevention, website security, optimizing our services, and improving customer experience, provided your rights do not override these interests.
5. Your Rights
Under applicable privacy laws, including GDPR and CCPA, you are entitled to exercise the following rights:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure (“Right to Be Forgotten”): Request deletion of your personal data, where legally permitted.
– Right to Restriction: Request restricted processing in certain circumstances.
– Right to Portability: Request transmission of your personal data to another service provider in a readable format.
– Right to Object: Object to data processing based on our legitimate interests or for direct marketing purposes.
– Right to Non-Discrimination: Under CCPA, you have a right not to receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We take the security of your personal data seriously and implement organizational, technical, and administrative measures to protect it, including:
– Encryption of personal data during transfer and at rest.
– Access controls—limiting access to authorized personnel only.
– Regular security audits and system monitoring.
– Backup and disaster recovery procedures.
– Staff training and confidentiality agreements.
While no system is completely infallible, we strive to maintain high security standards consistent with industry practices.
7. International Data Transfers
When your personal information is transferred outside your country of residence, including to jurisdictions that may not provide the same level of data protection, we ensure appropriate safeguards are in place. These include standard contractual clauses approved by the European Commission or other applicable mechanisms to ensure lawful transfers.
8. Data Retention
We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including:
– Usage Data: Up to 26 months for analytics purposes.
– Account, Profile, and Transaction Data: For as long as your account is active and thereafter for legal and tax compliance (typically up to 7 years).
– Communication and Preference Data: Up to 3 years following your last interaction or opt-out.
We securely delete or anonymize data when retention is no longer required.
9. Cookie Policy
Our website uses cookies to enhance user experience, deliver services, and analyze traffic. Cookies are small text files stored on your device and include the following categories:
– Essential Cookies: Required for the website to function properly (e.g., login, cart activities).
– Functional Cookies: Allow website customization based on your preferences.
– Analytics Cookies: Help us understand how visitors interact with our website (e.g., via Google Analytics).
– Performance Cookies: Optimize speed and performance based on device and browser behavior.
10. Cookie Management and Compliance
When visiting lavenderandcream.com, you are presented with a cookie banner to manage your consent preferences in accordance with GDPR and CCPA requirements. You may adjust your cookie settings at any time via the “Cookie Settings” link in the website footer, or by adjusting browser configuration.
You may also opt-out of certain third-party cookies through tools provided by industry bodies such as the Digital Advertising Alliance (www.aboutads.info) or Network Advertising Initiative (www.networkadvertising.org).
11. Children’s Privacy
We do not knowingly collect or solicit personal data from individuals under the age of 13. If you are a parent or guardian and believe your child has provided personal information on lavenderandcream.com, please contact [email protected] promptly so we can take appropriate action.
12. Policy Updates
We may revise this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. Any updates will be posted on this page, and we encourage regular review. Where required by law, we will obtain your consent for material changes or notify you through prominent notices on our site.
13. Contact Us
If you have any questions, requests, or concerns about this Privacy Policy or how we handle your personal information, please contact us at:
We are committed to upholding your privacy rights and strive for full compliance with GDPR, CCPA, and all applicable data protection standards. Please reach out to us if you need assistance or would like to exercise your privacy rights.