GDPR POLICY

ChatGPT said:

GDPR Policy

Effective Date: 2/17/2025
Last Updated: 2/17/2025

At Braids-360, we are committed to protecting your privacy and ensuring transparency in how we collect, use, and store your personal data. This GDPR Policy outlines your rights under the General Data Protection Regulation (GDPR) if you are a resident of the European Economic Area (EEA) and how we comply with GDPR when handling your data.

By using www.braids360.com, you acknowledge and agree to the collection and processing of your data in accordance with this policy.

1. Data We Collect

We may collect the following types of personal data:

Personal Information: Name, email address, phone number, and other details provided through forms.
Transaction Data: Information related to bookings and purchases.
Technical Data: IP address, browser type, device information, and website usage patterns.
Marketing Preferences: Communication preferences, subscription details, and responses to promotions.

We do not collect sensitive personal data such as race, religion, political opinions, or health-related information.

2. How We Use Your Data

We use your personal data for the following purposes:

To provide services: Processing appointments, responding to inquiries, and fulfilling orders.
To improve our website: Analyzing visitor behavior to enhance user experience.
For marketing: Sending promotional offers, updates, and newsletters (only with your consent).
For security purposes: Detecting fraudulent activities and protecting your information.

We will never sell or rent your personal data to third parties.

3. Legal Basis for Processing Data

Under GDPR (Article 6), we process your data based on the following legal grounds:

Consent: When you opt in to receive marketing emails or newsletters.
Contractual Obligation: When you book an appointment or purchase a service.
Legitimate Interest: When we analyze website traffic or improve our services.
Legal Compliance: When we process data to comply with tax, legal, or regulatory obligations.

You may withdraw your consent at any time by contacting us through our Contact Page.

4. Data Retention & Security

We store your data only as long as necessary for the purposes outlined in this policy. If you request data deletion, we will securely erase it unless retention is required by law.

To protect your data, we implement security measures such as:

✔ SSL encryption for secure transactions.
✔ Access restrictions to sensitive data.
✔ Regular security audits to prevent data breaches.

5. Your Rights Under GDPR

As an EEA resident, you have the following rights regarding your personal data:

Right to Access: Request a copy of the data we hold about you.
Right to Rectification: Correct inaccurate or incomplete information.
Right to Erasure (“Right to Be Forgotten”): Request the deletion of your data.
Right to Restrict Processing: Limit how your data is used.
Right to Data Portability: Receive your data in a commonly used format.
Right to Object: Withdraw consent for direct marketing.
Right to Lodge a Complaint: File a complaint with a data protection authority if you believe your rights have been violated.

To exercise these rights, contact us through our Contact Page.

6. Third-Party Data Sharing

We may share your data with trusted third-party service providers, such as:

Payment Processors: To handle transactions securely.
Email Marketing Providers: To send newsletters and promotions (only with your consent).
Analytics Tools (e.g., Google Analytics): To track website performance.

These providers are required to comply with GDPR and cannot use your data for their own purposes.

7. International Data Transfers

As Braids-360 operates in the United States, your data may be stored or processed outside the EEA. However, we ensure that appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission.
Encryption and security protocols to protect your information.

If you have concerns about data transfers, please reach out via our Contact Page.

8. Updates to This GDPR Policy

We may update this policy from time to time to reflect changes in legal requirements or business operations. The most recent version will always be available at www.braids360.com.

9. Contact Us

For any questions or GDPR-related requests, please contact us through our Contact Page.

Thank you for trusting Braids-360 with your personal data. Your privacy matters to us! 💕✨