Privacy Policy for Fresh Steps UK
1. Introduction
At Fresh Steps UK, accessible via freshstepsuk.com, we are firmly committed to protecting your privacy and safeguarding the personal data you share with us. This Privacy Policy outlines how we collect, use, disclose, and secure your personal information when you visit our website or interact with our services. We recognize our responsibilities under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and are fully dedicated to respecting and protecting your rights.
2. Scope of This Policy and Our Role as Data Controller
This Privacy Policy applies to all personal data collected through the freshstepsuk.com website and associated digital platforms where this policy is posted. Fresh Steps UK operates as the data controller for any personal data you provide or that we collect, meaning we determine the purposes and means of processing such data.
3. Categories of Personal Data Processed
We may process the following categories of personal data:
a. Usage Data: Including your IP address, browser type, operating system, referral URLs, pages visited, and session duration. This information is collected via cookies and other tracking technologies.
b. Account Data: Information you provide when creating an account or making a purchase, such as your full name, billing and shipping address, email address, and telephone number.
c. Profile Data: Information relating to your interactions with the website, including product preferences, purchase history, and user behavior on freshstepsuk.com.
d. Communication Data: Records of any correspondence you send to us, including customer support communications, inquiries, or complaints.
e. Technical Data: Device identifiers, hardware models, system settings, and configurations relevant to user interactions with our services.
f. Transaction Data: Data related to your purchases, including products ordered, order history, payment method details (processed securely through third-party payment providers), and delivery details.
g. Preference Data: Marketing and communication preferences, consent to receive promotional materials, and expressions of interest in specific products or features.
4. Legal Bases for Processing Personal Data
We rely on the following legal grounds for processing your personal data:
– Performance of a Contract: To fulfill orders, deliver products or services, and manage your account.
– Consent: For direct marketing communications and certain cookies, where we obtain your explicit permission.
– Legitimate Interests: To improve our services, detect and prevent fraud, maintain security, and enhance user experience, provided these interests are not overridden by your data protection rights.
– Legal Obligation: When processing is required to fulfill legal or regulatory obligations.
5. Your Rights Under Data Protection Law
Under applicable data protection laws, including the GDPR and CCPA, you have the following rights with respect to your personal data:
– Right of Access: Request a copy of your personal data we hold.
– Right to Rectification: Request corrections to inaccurate or incomplete information.
– Right to Erasure: Request deletion of your data when no longer necessary or where you withdraw consent.
– Right to Restriction: Request that we limit how your data is processed in certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
– Right to Object: Object to certain types of processing based on legitimate interests or for direct marketing purposes.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We have implemented technical and organizational measures to ensure the security of your personal data, including:
– End-to-end encryption of sensitive data transmissions.
– Restricted access to personal data based on roles and responsibilities.
– Regular data backups and secure storage solutions.
– Security awareness training for staff handling user data.
– Firewall and anti-malware protections to prevent unauthorized access or disclosure.
7. International Data Transfers
Where personal data is transferred outside of the United Kingdom, European Economic Area (EEA), or California, we ensure appropriate safeguards are in place, such as the use of Standard Contractual Clauses approved by regulatory authorities. We comply with all applicable data transfer requirements when engaging processors or partners in jurisdictions lacking an adequate level of data protection.
8. Data Retention
We retain your personal data only for as long as necessary for the purposes for which it was collected, including:
– Account/Transaction Data: Retained for up to seven (7) years to comply with financial and legal reporting obligations.
– Communication Records: Retained for up to two (2) years from the last interaction.
– Marketing Preferences: Retained until consent is withdrawn or updated.
– Technical/Usage Data: Retained for a maximum of twelve (12) months unless required for security or analytics purposes.
We periodically review data held to ensure it is not retained longer than necessary.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience and gather analytical data. These include:
– Essential Cookies: Required for core site functionality, such as shopping cart management and secure navigation.
– Functional Cookies: Enable personalized features, including stored preferences and language settings.
– Analytics Cookies: Collect aggregated usage data to improve website performance and understand visitor behavior.
– Performance Cookies: Monitor site speed and error rates for consistent user experience.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA regulations, you are given control over your cookie preferences when you first visit freshstepsuk.com. You can withdraw consent for non-essential cookies at any time via our cookie settings tool or by adjusting your browser’s configuration. We honor “Do Not Track” signals and provide an opt-out option for cookie-based data collection.
11. Children’s Data Protections
We do not knowingly collect or process personal data from children under the age of 13. If you believe a child has submitted personal data to us, please contact us immediately at [email protected]. We will take prompt action to delete the information and prevent future collection.
12. Updates to This Policy
We reserve the right to update this Privacy Policy as necessary to reflect changes in our practices, technology, or legal requirements. Where required by law, we will notify you of material changes and obtain your consent where applicable. The updated policy will always be accessible via freshstepsuk.com.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
At Fresh Steps UK, safeguarding your privacy and respecting your data rights are our highest priorities. We are committed to full compliance with all applicable data protection laws and to maintaining transparency about how we handle your personal information.