Privacy Policy
1. Introduction
At SOS Morning Sickness (accessible via sosmorningsickness.com), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are firmly committed to a privacy-first approach in all our data practices.
2. Scope of Policy & Data Controller
This Privacy Policy applies to all users who access or use our website, sosmorningsickness.com, and its associated services. For the purposes of relevant data protection legislation, SOS Morning Sickness is the data controller responsible for your personal data. For any inquiries, please contact us at: [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Information regarding your interaction with our website, including your IP address, browser type, operating system, referring URLs, access times, and pages viewed.
b. Account Data
Information you provide when creating an account or placing an order, including your full name, email address, billing and shipping address, and phone number.
c. Profile Data
Information regarding your user preferences, previous purchases, viewed products, and behaviors while using our services.
d. Communication Data
Records of your interactions with us, including support requests, inquiries, and messages submitted through our contact forms or directly via email.
e. Technical Data
Data about the devices you use to access our services, including hardware model, system configuration, browser settings, and other device identifiers.
f. Transaction Data
Details relating to purchases made through our website, including order history, payment methods, and delivery tracking information.
g. Preference Data
Information regarding your preferences for receiving communications from us, such as marketing opt-ins, areas of interest, and product categories.
4. Legal Bases for Processing
We process your personal data lawfully, based on one or more of the following legal grounds:
– Consent: You have given clear consent for us to process your personal data for specific purposes.
– Contract: Processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
– Legal Obligation: Processing is necessary to comply with a legal obligation.
– Legitimate Interests: Processing is necessary for our legitimate interests and does not override your fundamental rights and freedoms, such as improving our services, preventing fraud, and managing customer relationships.
5. Your Data Protection Rights
You have the following rights under applicable data protection laws:
– Access: You may request access to your personal data.
– Rectification: You can request correction of inaccurate or incomplete data.
– Erasure: You can request deletion of your personal data in certain circumstances.
– Restriction: You may request restriction of processing where applicable.
– Data Portability: You have the right to obtain and reuse your personal data in a structured, commonly used, and machine-readable format.
– Objection: You may object to the processing of your personal data where we rely on legitimate interests or marketing purposes.
– Withdrawal of Consent: You may withdraw consent at any time where consent was the basis for processing.
To exercise any of your rights, please contact us at [email protected].
6. Security Measures
We maintain comprehensive technical and organizational measures to safeguard your personal data, including:
– Industry-standard encryption for data in transit and at rest
– Role-based access controls and authentication protocols
– Regular data backups and disaster recovery procedures
– Ongoing staff training on data protection and privacy responsibilities
7. International Transfers
Your personal data may be transferred and processed outside your country of residence, including to countries that may not provide the same level of data protection. In such cases, we implement appropriate safeguards (such as Standard Contractual Clauses) to ensure the safety and lawfulness of the data transfer in compliance with GDPR and other applicable laws.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Account Data and Profile Data: retained as long as you maintain an active account with us or as required to comply with legal obligations.
– Transaction Data: retained for up to 7 years to satisfy tax and financial reporting requirements.
– Communication Data: retained for up to 2 years for customer service and audit purposes.
– Preference Data: retained until consent is withdrawn or preferences are changed.
– Usage and Technical Data: retained for up to 2 years for analytics and security purposes.
Data may be retained longer where necessary to comply with legal obligations or to establish, exercise, or defend legal claims.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience. The following categories of cookies may be used:
– Essential Cookies: Required for the operation of the site (e.g., login, cart, and checkout functionality).
– Functional Cookies: Enable enhanced functionality such as remembering your choices and preferences.
– Analytics Cookies: Help us understand user behavior to improve our website performance.
– Performance Cookies: Collect data for load balancing and optimization.
10. Cookie Management and Compliance
Upon first visit to sosmorningsickness.com, you will be presented with a cookie banner allowing you to manage your cookie preferences in compliance with GDPR and CCPA. You may change your preferences or withdraw consent at any time using the cookie settings found in the footer of our website. You may also control cookie behavior through your browser settings.
11. Children’s Privacy
Our services are not directed to individuals under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected information from a child without appropriate parental or guardian consent, we will delete such data promptly. If you believe we may have collected information from a child, please contact us at [email protected].
12. Policy Updates
We reserve the right to update or modify this Privacy Policy at any time. Any material changes will be communicated through appropriate channels. We encourage users to review this policy regularly to remain informed of how we protect their privacy.
13. Contact
For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact:
SOS Morning Sickness
Email: [email protected]
Website: sosmorningsickness.com
We are committed to full compliance with GDPR, CCPA, and all other applicable privacy laws. Please do not hesitate to contact us at the above email address should you have any concerns or wish to exercise your rights in relation to your personal data.