Introduction At PetalHaven, we recognize the importance of safeguarding personal data and are committed to handling your information with the utmost care and in compliance with all relevant privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection frameworks. This Data Protection Policy describes how we collect, process, use, store, share, and protect personal data obtained through your interaction with our website, applications, services, and communications. Types of Personal Data We Collect We collect both personally identifiable and non-personally identifiable information, depending on how you interact with our platform. This may include: Identification Data: full name, username, customer ID Contact Information: email address, phone number, physical mailing address Account and Login Details: passwords, login credentials (encrypted) Transaction Data: billing address, purchase records, payment confirmations Technical and Device Data: IP address, browser type and version, time zone setting, device identifiers, cookies, operating system and platform Usage Data: clickstream data, features used, session duration, access times Location Data: if you enable location services through your device or browser Communications: support messages, survey responses, and feedback We may collect this information directly from you or automatically using technologies like cookies, web beacons, scripts, and similar tools. Purposes of Processing Personal Data Your data is processed only for specific, explicit, and legitimate purposes, including but not limited to: Providing access to and maintaining our services Managing your account and billing preferences Personalizing content and user experience Sending service announcements, transactional messages, or promotional emails Processing payments securely through verified providers Responding to inquiries, support requests, and complaints Conducting analytics to improve system performance, features, and customer satisfaction Preventing fraud, ensuring IT security, and enforcing our Terms of Service Meeting legal, tax, audit, or regulatory requirements We do not use your personal data for automated decision-making without human involvement. Legal Grounds for Data Processing We process your personal data on one or more of the following lawful bases: Your informed consent (e.g., for marketing or newsletters) The performance of a contract, such as delivering a service or digital product Compliance with legal obligations, including taxation and security laws Legitimate interests pursued by our company, such as service optimization or fraud detection, where these interests are not overridden by your rights You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal. Data Sharing and Third-Party Disclosure We do not sell your personal data. However, we may share your data under the following conditions: With service providers and business partners who support us in areas like hosting, analytics, marketing automation, and payment processing With legal or governmental authorities, when legally obligated to comply with requests, court orders, or regulations With affiliate entities or in the event of a business merger, sale, or asset transfer, where personal data may be among the transferred assets With analytics and advertising providers, in accordance with your cookie preferences and applicable laws All external parties are required to adhere to data protection standards equivalent to ours and must process personal data only as instructed. International Data Transfers If your personal data is transferred outside the jurisdiction in which it was collected, including to countries without equivalent data protection laws, we ensure it is safeguarded by: Entering into standard contractual clauses or similar approved mechanisms Transferring only to organizations that are part of approved privacy frameworks Applying additional technical and contractual safeguards to ensure compliance Data Retention and Deletion Your personal data is retained only for as long as necessary to fulfill the purposes it was collected for, including satisfying legal or contractual obligations. When the retention period expires, we will securely delete or anonymize the data unless a longer retention period is required by law. Your Rights Regarding Personal Data Depending on your location and applicable law, you may have the right to: Request access to your personal data Request correction or updating of inaccurate data Request deletion or anonymization of your data Object to or restrict certain types of processing Withdraw consent where processing is based on consent Request data portability in a structured, commonly used format Lodge a complaint with a data protection authority To exercise your rights, please contact us at [email protected]. We will respond to your request in a timely manner, typically within 30 days. Data Security Measures We implement a range of security measures to protect your personal data, including: Data encryption during transmission (SSL/TLS) Role-based access control and authentication systems Secure servers and cloud environments Regular penetration testing and vulnerability assessments Employee confidentiality agreements and privacy training Backup and disaster recovery protocols While we strive for the highest standards, no method of data transmission or storage is completely secure, and we cannot guarantee absolute protection. Use of Cookies and Tracking Technologies We use cookies and similar technologies to remember user preferences, understand site traffic, provide functionality, and deliver relevant ads. You can manage your cookie preferences through your browser settings or through our website’s cookie banner. Children’s Privacy Our services are not intended for children under the age of 16, and we do not knowingly collect personal data from them. If we learn that we have collected personal information from a child without verifiable parental consent, we will take immediate steps to delete it.