Privacy Policy
At Mom & Tot Tales, accessible via momandtottales.com, we are deeply committed to protecting the privacy, personal data, and digital rights of our users. Your trust is our priority. This Privacy Policy outlines how we collect, use, disclose, store, and safeguard your personal information when you visit our website or interact with our services. We process your data with full transparency and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Please read this policy carefully to understand how your data is handled.
1. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all users of momandtottales.com and any services, communications, or interactions related to it. Mom & Tot Tales is the data controller in respect of your personal data, meaning we determine the purposes and means of processing your personal data. For any privacy-related inquiries or requests, you may contact us at [email protected].
2. Categories of Data We Process
We collect and process the following categories of personal data:
A. Usage Data
Includes data such as IP address, browser type and version, referral source, device identifiers, geographic location, pages viewed, time spent on pages, date and time of access, and other diagnostic data collected automatically when you interact with momandtottales.com.
B. Account Data
When you create an account or place an order, we may process personal data including your full name, billing and shipping address, email address, phone number, and password (hashed and securely stored).
C. Profile Data
Includes details on your product preferences, past purchases, language settings, account settings, interaction history, and behavior on momandtottales.com to personalize your experience.
D. Communication Data
Data you provide when contacting our customer service team, including support tickets, inquiry content, communication timestamps, and response histories.
E. Technical Data
This includes information about your operating system, internet service provider, screen resolution, browser plug-ins, time zone settings, mobile IDs, and other technical configurations essential to the delivery and personalization of services.
F. Transaction Data
Includes payment method details (processed securely via third-party providers), billing records, transaction timestamps, order history, and delivery information.
G. Preference Data
Marketing preferences, opt-in or opt-out status, product or service interests, and data derived from engagement with newsletters, promotions, and surveys.
3. Legal Bases for Processing Data
We process your personal data based on one or more of the following legal grounds, in accordance with the GDPR:
– Performance of a contract: To fulfill orders, manage your account, and provide customer support.
– Consent: For sending marketing materials or processing data not strictly necessary for delivering services. Each user has the right to withdraw consent at any time.
– Legitimate Interest: To enhance user experience, analyze traffic patterns, prevent fraud, and maintain website security.
– Legal Obligation: To comply with tax, financial, and statutory obligations or legal claims.
Under the CCPA, we confirm that we do not sell your personal data.
4. Your Data Protection Rights
You have the following rights in respect of your personal data:
– Right to Access – Obtain confirmation and access to the personal data we hold about you.
– Right to Rectification – Request correction of inaccurate or incomplete personal data.
– Right to Erasure – Request the deletion of your personal data in certain circumstances.
– Right to Restriction – Request that we limit the processing of your personal data.
– Right to Data Portability – Receive a structured, commonly used, and machine-readable copy of your data and transmit that data to another controller.
To exercise any of these rights, email our team at [email protected]. We endeavor to respond promptly in compliance with applicable legal requirements.
5. Data Security Measures
We prioritize the security of your personal data and implement a range of measures including:
– Data encryption in transit and at rest
– Role-based access control and regular audits
– Secure socket layer (SSL) technology
– Daily backups with redundant storage
– Staff training in privacy principles and data hygiene
– Endpoint and account monitoring for unauthorized activity
6. International Data Transfers
Your information may be processed outside of your country of residence, including in jurisdictions that do not offer equivalent data protection laws. For such transfers, we implement appropriate safeguards, including:
– Standard Contractual Clauses approved by the European Commission
– Compliance with regional regulations (e.g., UK GDPR)
– Certified contractual partners with adequate data protection frameworks
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Account and profile data: retained as long as your account is active, and up to 6 months following account closure.
– Transaction records: retained for up to 7 years to comply with financial and tax obligations.
– Communication logs: retained for 24 months to support customer service quality and accountability.
– Technical and usage data: retained for up to 12 months for analytics, after which it is anonymized or deleted.
– Marketing preference data: retained until consent is withdrawn or the user opts out.
8. Cookie Policy
momandtottales.com utilizes cookies and similar technologies to enhance user experience. These cookies fall into the following categories:
– Essential Cookies: Required to operate our website (e.g., session authentication, shopping cart).
– Functional Cookies: Remember your preferences and choices (e.g., region, language).
– Analytics Cookies: Collect anonymous data about how visitors interact with our website.
– Performance Cookies: Monitor system stability and speed to improve service reliability.
9. Cookie Management & Legal Compliance
When you visit momandtottales.com for the first time, you will see a cookie banner that gives you the option to accept, manage, or reject non-essential cookies. Our configuration tools allow you to:
– Opt-in before non-essential cookies are loaded (GDPR compliance)
– Opt-out via a Do Not Sell My Personal Information link (CCPA compliance)
– Revoke or modify your consent at any time in your browser settings or via our Cookie Preference Center
10. Special Protections for Children Under 13
momandtottales.com does not knowingly collect or solicit personal information from children under 13 years of age. If we become aware that data from a child under 13 has been collected without verified parental consent, we will take appropriate steps to delete such data. Parents or guardians who believe their child has provided personal data can reach us at [email protected].
11. Policy Updates and User Notifications
We may revise or update this Privacy Policy to ensure continued compliance with laws and reflect operational or technological changes. Where required, we will notify users through pop-ups, website banners, or email alerts. We encourage you to review this policy periodically.
12. Contact Us
Questions, concerns, or data requests can be directed to:
Mom & Tot Tales
Email: [email protected]
Website: momandtottales.com
We are committed to maintaining high standards of privacy and transparency. If you have any concerns regarding how we process your data, please contact us directly—we are here to help.