Privacy Policy
Last Updated: October 27, 2023
Effective Date: October 27, 2023
Table of Contents
- Introduction & Key Definitions
- What Personal Information We Collect
- How We Collect Your Information
- Why We Process Your Information (Legal Basis)
- How We Share Your Information
- International Data Transfers
- How We Protect Your Information
- Data Retention Periods
- Your Rights
- Cookies and Tracking Technologies
- Children's Privacy
- Do Not Sell or Share My Personal Information
- Changes to This Policy
- Contact Information
1. Introduction & Key Definitions
Welcome to Weddingsketchshop! This Privacy Policy applies to the processing of your personal information when you visit www.weddingsketchshop.com (hereinafter referred to as "this Website" or "we"). This Website is operated by an individual developer, with the primary business of selling downloadable, editable digital wedding invitation templates. Please note that our services do not involve any artificial intelligence (AI) functionality and do not allow users to upload personal images or text.
We understand the importance of your personal information. This Policy aims to clearly and transparently explain: what information we collect when you use our site, why we collect it, how we use it, who we share it with, and how you can manage your information.
To help you understand, let's define a few key terms first:
- Personal Data / Personal Information: This refers to any information that relates to an identified or identifiable individual, such as your name, email address, IP address, geolocation, or device information.
- Processing: This covers any action we take with your personal information, including collecting, recording, storing, using, sharing, anonymizing, or deleting it.
- Data Controller: This is the party responsible for deciding why and how your personal information is processed. For this Website, the controller is:
Ms. Ma, the individual developer and operator of this Website.
Email: weddingsketchshop@gmail.com
If you have any questions about this Policy, please feel free to contact us using the details above.
2. What Personal Information We Collect
We collect information to create your account, complete transactions, provide support, and improve your website experience. Depending on your actions, the information we collect falls into the following main categories:
2.1 Information You Provide to Us Directly
You provide information to us voluntarily when you interact with our website.
| Collection Scenario | Information Collected | Purpose & How We Use It |
|---|---|---|
| Account Registration & Login | Email address, password, first name, last name. | Our service requires account registration. We currently do not support "guest checkout" or login via third-party platforms (e.g., social media). To create and manage your personal account for authentication, order management, and to provide you with access to your purchased templates. |
| Completing a Purchase | Billing information (name, address). | Payments are processed by third-party payment processors. We do not store sensitive payment credentials like card numbers in our own systems. Necessary to complete the transaction and generate a valid order and invoice (receipt). This information is shared with our payment processing partner. |
| Contacting Us | Your name, email address, and any communication content you provide via email or contact forms. | To respond to your inquiries, provide customer support, handle complaints, or process requests. |
2.2 Information Collected Automatically
As you browse our website, certain technical information is collected automatically to ensure proper operation and help us understand how to improve.
| Category of Information | Specific Examples | Purpose & How We Use It |
|---|---|---|
| Device & Connection Information | IP address, device type, browser type and version, operating system, network information. | To secure and stabilize the website, defend against attacks, troubleshoot errors, and automatically display the correct currency based on your connection. |
| Browsing & Interaction Information | Pages visited, links clicked, time spent on pages, mouse movements and scroll behavior (collected via tools like Microsoft Clarity). | Used for anonymous analysis of how users interact with our site only after you give explicit consent, to identify issues and improve website design and user experience. |
2.3 Information We Receive from Third Parties
We receive necessary information from a limited set of trusted third-party service providers to complete our services:
- Payment Processors: We receive transaction status and order confirmation information from our payment partners (e.g., Cream, PayPal).
- Infrastructure Providers: Our network and cloud storage service providers (e.g., Cloudflare) provide log data related to security and performance when processing network requests.
3. How We Collect Your Information
We collect your personal information through the following three primary channels to operate our website and provide services to you:
- Information You Provide Directly: This constitutes most of the information you provide voluntarily when interacting with us. For example:
- Filling in your name and email address when creating an account.
- Providing billing information at the checkout page to complete a purchase.
- Supplying relevant details when contacting us via email or a website contact form.
- Information Collected Automatically: Certain information is collected automatically through technical means when you browse:
- Cookies & Similar Technologies: We, along with our partners (e.g., Microsoft Clarity), use cookies, pixel tags, and similar technologies to interact with your browser or device, automatically collecting device information and usage data. For details, please see Chapter 10.
- Log Files: Our servers automatically log information sent by your browser during visits, such as your IP address, browser type, access times, and the referring page.
- Information Received from Third Parties: We receive information from trusted third-party service providers where necessary for contract performance or security. For example:
- Receiving transaction confirmation from our payment processors (e.g., Cream, PayPal).
- Obtaining security and performance-related data from our infrastructure providers (e.g., Cloudflare).
4. Why We Process Your Information (Legal Basis)
We only process your personal information when we have a valid legal basis to do so. The table below details our processing purposes, the corresponding legal basis (under the EU GDPR), and business purposes (under the CCPA).
| Processing Purpose | Categories of Information Involved | GDPR Legal Basis & Explanation | CCPA Business Purpose |
|---|---|---|---|
| To create and manage your user account | Email, password, name (First/Last) | Performance of a contract (GDPR Art. 6(1)(b)): This processing is necessary to enter into and fulfill our User Agreement with you to provide account and template access. | Providing the goods or services you requested. |
| To process and complete your purchase | Billing info (name, address), payment info (via third-party) | Performance of a contract (GDPR Art. 6(1)(b)): This processing is necessary to enter into the Sales Contract, process payment, and deliver the digital product you purchased. | Completing the transaction you initiated. |
| To communicate with you as necessary | Email, name, your inquiry content | Legitimate interests (GDPR Art. 6(1)(f)): We process this for our legitimate interest in responding to inquiries and providing support. | Providing customer service. |
| To secure our website and prevent fraud | IP address, device info, transaction records | Legitimate interests (GDPR Art. 6(1)(f)): We process this for our legitimate interest in protecting the website, our business, and users from misuse, fraud, or security threats. | Ensuring security and integrity; fraud prevention. |
| For website operation and core functionality | Essential cookies, IP address, device info | Legitimate interests (GDPR Art. 6(1)(f)): For the legitimate interest of providing a stable, functional website to all users. | Short-term, transient use in support of daily website operations. |
| To analyze and improve website experience | Anonymized browsing data from Clarity | Your consent (GDPR Art. 6(1)(a)): We process for this purpose only after you give explicit consent via our cookie banner. | Conducting internal research to improve services. |
| To comply with legal obligations | Order records, transaction info, communication logs | Compliance with a legal obligation (GDPR Art. 6(1)(c)): Processing is necessary to comply with our legal obligations, e.g., in tax and accounting law. | Complying with laws and regulations. |
5. How We Share Your Information
We do not sell or rent your personal information to third parties for their own marketing purposes. We only share information with contractually bound partners in the following explicitly listed scenarios, as necessary to provide this service.
| Purpose of Sharing | Third-Party Category & Name | Information Shared | Role & Data Processing Relationship | Safeguards & Notes for You |
|---|---|---|---|---|
| Processing Delegation: To Process Payments | Payment Processor: Cream | Order ID, order amount, billing information (name, address), contact email. | Data Processor. Processes payment transactions securely on our behalf and according to our instructions. | Sharing is necessary for the performance of our contract with you. We have a data protection agreement in place. |
| Processing Delegation: For Website Analytics & Improvement | Analytics Provider: Microsoft Clarity | Anonymized browsing and interaction data (e.g., clicks, mouse movements). | Data Processor. Conducts anonymous website usage analysis on our behalf. | Sharing is strictly based on your explicit consent for analytics cookies. |
| Processing Delegation: For Infrastructure, Security & Storage | Network, Security & Storage Provider: Cloudflare | IP address, device information, browser type, metadata of access requests. | Data Processor. Provides us with global CDN, security, and cloud storage services. | Sharing is based on our legitimate interest in securing and maintaining stable website operations. |
| Processing Delegation: To Send System & Transactional Emails | Email Delivery Service: Resend | Your email address, email content (e.g., order confirmations, account notifications). | Data Processor. Sends necessary system and transactional emails strictly per our instructions. | Sharing is necessary for contract performance or based on legitimate interests. |
| Legal Disclosure | Competent Authorities, Law Enforcement | Any information required by law. | Independent Controller or Recipient. Disclosure occurs only upon receipt of a lawful, binding request. | Disclosure is necessary to comply with a legal obligation. |
How We Safeguard Your Data
We contractually bind all third parties acting as our "Data Processors" to: 1) process data only per our instructions; 2) implement security measures consistent with this Policy; 3) not use data for any other purpose.
6. International Data Transfers
Our business relies on global service providers. As a result, the personal information you provide to us may be processed, transferred, and stored in countries outside of your country of residence.
Nature of Transfers: In order to provide our services to you, your personal information may be transferred to and processed in countries outside the European Economic Area (EEA) (e.g., the United States) by our service providers located there. Concurrently, we also select service providers that process data within the EEA to protect your information.
Our Safeguards: We will only transfer your personal information to third parties in such countries where we have ensured an adequate level of data protection. We primarily rely on:
- EU Standard Contractual Clauses (SCCs): We enter into agreements with our service providers outside the EEA that incorporate the European Commission's approved Standard Contractual Clauses.
- Other Valid Mechanisms: Where applicable, we may also rely on other legally recognized transfer mechanisms.
7. How We Protect Your Information
We implement reasonable and industry-standard technical and organizational measures designed to secure your personal information.
Measures we take include:
Technical Measures:
- Encryption in Transit: We use industry-standard Transport Layer Security (TLS) encryption to protect sensitive data.
- Security Infrastructure: We rely on professional infrastructure providers (e.g., Cloudflare) to deploy security defenses against common cyber threats.
- Payment Security: We adhere to the principle of "minimal touch" for payment information. Transactions are processed through integrated third-party payment processors.
Organizational Measures:
- Access Controls: Our backend systems that store your personal information are protected with strict access controls.
- Partner Management: We only work with reputable service providers committed to data protection.
Incident Response:
Despite our efforts to implement security measures, no method of transmission over the Internet or electronic storage is 100% secure. In the unlikely event of a personal data breach, we will act in accordance with legal requirements.
8. Data Retention Periods
We adhere to the "storage limitation" principle, retaining your personal information only for as long as necessary to fulfill the purposes outlined in this Policy.
| Data Category | Retention Period | Retention Starting Point | Action After Retention Period |
|---|---|---|---|
| Order & Transaction Records | A minimum of 3 years | The date when payment is successfully processed | Anonymization first, followed by secure deletion. |
| User Account Information | For the duration of an active account | Based on your last login or service use | For dormant accounts (24 months), we will notify you before deletion. |
| Customer Service Communications | 6 months to 1 year | The date when the issue is mutually confirmed as closed | Secure deletion. |
Extended Retention Under Exceptional Circumstances
Even after the above retention periods expire, we may continue to retain relevant personal information:
- To comply with legal obligations: As required by applicable laws, regulations, court orders, or mandatory requests from governmental authorities.
- To exercise legal rights: To establish, exercise, or defend our legal rights (e.g., for the resolution of a dispute with you).
9. Your Rights
Depending on the laws applicable to your location, you may have the following rights regarding your personal information.
9.1 What rights might you have?
| Right Name | What does this mean? |
|---|---|
| Right of Access / Right to Know | You can ask us to confirm if we are processing your personal information and to provide a copy and details of that information. |
| Right to Rectification / Correction | You can ask us to correct inaccurate or incomplete personal information we hold about you. |
| Right to Erasure (Right to be Forgotten) | Under certain conditions, you can ask us to delete your personal information. |
| Right to Restriction of Processing | In specific situations, you can ask us to temporarily stop the active processing of your information. |
| Right to Data Portability | You can receive your personal information in a structured, commonly used, and machine-readable format. |
| Right to Object | You can object to processing based on our "legitimate interests." |
| Right to Opt-Out | You have the right to opt-out of the "sale" or "sharing" of your personal information. |
9.2 How to exercise your rights?
To exercise any right, please contact us at: weddingsketchshop@gmail.com
To protect your information, we will need to verify your identity before processing the request.
9.3 Our Commitment
- Non-Discrimination: You will not receive discriminatory treatment for exercising your privacy rights.
- Response Time: We aim to respond to and act upon verifiable requests within one month (GDPR) or forty-five days (CCPA).
- Right to Complain: If you are dissatisfied with our response, you have the right to lodge a complaint with a data protection authority.
10. Cookies and Tracking Technologies
To make our website work, analyze usage, and improve our services, we use cookies and similar technologies.
10.1 How Do We Use These Technologies?
| Category | Purpose | Managed By | Primary Technology/Provider | Duration | Legal Basis |
|---|---|---|---|---|---|
| Strictly Necessary | To secure the website, enable core functionality and basic operations. | First-party / Cloudflare | e.g., security cookies like _cf_bm | Session or short-term | Contract/Legitimate Interests |
| Statistics & Analytics | To analyze anonymously how users interact with our site. | Third-party | Microsoft Clarity | Up to 13 months | Your Explicit Consent |
| Preferences | To remember your personal settings. | First-party | e.g., user_lang | Long-term | Consent |
10.2 How Can You Manage These Technologies?
- Manage via Our Consent Tool: The cookie banner or settings panel you see on your first visit is your primary way to manage consent preferences.
- Manage via Browser Settings: You can also refuse or delete cookies through your browser settings.
10.3 "Do Not Track" Signals
There is currently no uniform industry standard for interpreting "Do Not Track" (DNT) signals sent by browsers. Therefore, our website does not automatically alter its data collection and usage practices upon detecting such a signal.
11. Children's Privacy
Our website, products, and services are not designed for, nor directed at, minors (individuals under the age of majority).
We do not knowingly collect or solicit personal information from minors. If you are a parent or legal guardian and believe that your minor child has provided us with personal information without your consent, please contact us immediately.
Furthermore, as defined by the California Consumer Privacy Act (CCPA), we do not knowingly "sell" or "share" the personal information of minors under 16 years of age.
12. Do Not Sell or Share My Personal Information
Under the legal definitions of "sell" and "share" personal information in the California Consumer Privacy Act (CCPA), we hereby declare:
We do NOT sell your personal information, nor do we share it for cross-context behavioral advertising.
- "Do Not Sell" means: We have never provided your personal information to any third party in exchange for monetary consideration.
- "Do Not Share" means: We have never provided your personal information to advertising partners for "cross-context behavioral advertising."
13. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our information practices, business development, or new legal and regulatory requirements.
When we make changes, the updated policy will take effect immediately upon being posted on this page. We encourage you to periodically review this page for the latest information.
For material changes to this policy, we will endeavor to provide direct notice to you, where feasible, prior to the change becoming effective.
14. Contact Information
If you have any questions, comments about this Privacy Policy or our data practices, or wish to exercise any of your rights, please contact us at:
Data Controller: Ms. Ma, the individual developer and operator of this Website.
Dedicated Privacy Email: weddingsketchshop@gmail.com
We are committed to reviewing and responding to your inquiry or request within the timeframes required by applicable laws (e.g., GDPR, CCPA).