Privacy Policy
1. Introduction
At Stories I Never Told My Mother (hereinafter referred to as “we”, “us”, or “our”), accessible via storiesinevertoldmymother.com, we are fully committed to safeguarding your personal information and respecting your privacy rights. This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal data in compliance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We adhere to the principle of data minimization and process personal information only in ways necessary for achieving clearly defined lawful purposes.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of storiesinevertoldmymother.com, including visitors, account holders, content contributors, and communications recipients. It governs the processing of personal data by us as a “data controller” for the purposes described herein. This Policy also extends to all services provided through the website and communications facilitated through our official support channels.
If you have any questions regarding the processing of your personal data or this Privacy Policy, you may contact us at [email protected].
3. Categories of Data Processed
We process various categories of personal data in the course of operating storiesinevertoldmymother.com, including but not limited to:
a. Usage Data
Information about your interaction with our website, such as your IP address, browser type and version, time zone setting, pages viewed, access times, and referring URLs.
b. Account Data
Information collected when registering an account, including your full name, residential or mailing address, email address, and phone number.
c. Profile Data
Details you choose to provide in your user profile, preferences, settings, user history, and behavior across the platform (including digital purchases, bookmarks, or submitted stories).
d. Communication Data
Records of communications you initiate with us, including emails sent to [email protected], contact form submissions, customer service messages, and related support inquiries.
e. Technical Data
Device-specific information such as operating system, hardware models, device settings, screen resolution, language preference, mobile network data, and system diagnostics.
f. Transaction Data
Information relating to product or subscription purchases, including payment method (processed by third-party platforms), transaction IDs, billing and shipping addresses, and delivery confirmations.
g. Preference Data
Details about your marketing preferences, notification settings, expressed interests, and opt-in/opt-out decisions for newsletters and promotional materials.
4. Legal Bases for Processing
We process personal data under the following legal bases, as defined in the GDPR and applicable U.S. privacy laws:
– Consent: Where you have expressly consented to a specific data processing activity (e.g. subscribing to a newsletter or accepting cookies not strictly necessary for site operation).
– Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
– Legal Obligation: Where we are required to process personal data in compliance with applicable laws and regulations.
– Legitimate Interests: Where processing is required for our legitimate business interests, such as website security, fraud prevention, service improvement, and internal analytics, provided such interests are not overridden by your rights and freedoms.
5. Your Rights
Subject to applicable law, you have the following rights concerning your personal data:
– Access: You may request confirmation of whether we process your data and to receive a copy of such data.
– Rectification: You may request correction of inaccurate or incomplete personal information.
– Erasure: You may request the deletion of your data, under certain legal conditions.
– Restriction: You may request the limitation of processing your data where contested or unlawfully processed.
– Portability: You may request that your data be transferred to you or to a third party in a structured, commonly-used, machine-readable format.
To exercise any of your rights, please contact us at [email protected]. We reserve the right to verify your identity before processing such requests.
6. Security Measures
We implement robust administrative, technical, and physical safeguards to protect your personal information. These measures include:
– Secure Sockets Layer (SSL) encryption for data transmission
– Role-based access controls and authentication protocols
– Routine encrypted data backups and disaster recovery planning
– Staff training on data privacy principles and incident response protocols
– Ongoing monitoring of systems for vulnerabilities and breaches
Although we take reasonable steps to secure information, no system is completely immune from breaches. We encourage users to take steps on their end to protect credential confidentiality.
7. International Transfers
Personal data collected through storiesinevertoldmymother.com may be processed or stored outside of your country of origin. In such cases, we ensure appropriate safeguards are in place including the use of Standard Contractual Clauses and compliance with local adequacy decisions as set by the European Commission or other competent authorities.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected or as required under applicable law. The retention periods vary by data type:
– Usage and Technical Data: Up to 12 months for analytical purposes
– Account and Profile Data: Retained for the duration of your active account
– Transaction Data: Retained for a minimum of 7 years in accordance with financial regulation
– Communication Data: Retained for up to 3 years from receipt
– Preference Data: Retained until you update or withdraw your preferences
Data no longer necessary is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, provide essential functionality, and analyze site performance. These include:
– Essential Cookies: Required for the operation of the website, such as authentication and navigation
– Functional Cookies: Enable personalization and non-essential features like remembering preferences
– Analytics Cookies: Collect aggregated data on website usage patterns
– Performance Cookies: Improve the responsiveness and performance of the website
10. Cookie Management and Compliance
Upon first visit to storiesinevertoldmymother.com, you will be presented with a cookie consent banner in accordance with GDPR and CCPA requirements. You can:
– Accept all cookies
– Reject non-essential cookies
– Manage specific preferences
Most browsers provide controls for refusing or deleting cookies. Please note that disabling certain cookies may impact website functionality.
11. Special Protections for Children
We do not knowingly collect or solicit personal information from individuals under the age of 13. If we become aware that a child under 13 has provided us with personal data, we will take immediate steps to delete such information. Parents and legal guardians may contact us to request deletion or correction of a child’s data at [email protected].
12. Policy Updates and User Notification
We reserve the right to modify this Privacy Policy to align with changes in the law or our data processing practices. Significant changes will be communicated via prominent notices on the website or through direct email notification where applicable. Continued use of the website after such updates constitutes acceptance of the revised policy.
13. Contact Us
For any questions, concerns, or requests regarding your privacy or this policy, please contact:
Privacy Officer
Stories I Never Told My Mother
Email: [email protected]
We are committed to resolving privacy-related questions promptly and thoroughly.
—
This Privacy Policy reflects our commitment to compliance with GDPR, CCPA, and other applicable data protection laws. For any concerns related to your rights or data protection practices, we strongly encourage you to contact us at [email protected].