Privacy Policy

Introduction

At Everything Esthetic, we take your privacy seriously. This privacy policy describes how we collect, use, and protect your personal information when you use our website or services. This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

Information We Collect

We may collect the following categories of information:

Personal Information

• Personal identification information (name, email address, phone number)
• Billing and shipping addresses
• Payment information (processed securely by our payment providers)
• Account credentials (username and encrypted password)

Usage and Technical Information

• Order history and transaction details
• Browsing behavior and interactions with our website
• Device information (type, operating system, browser type)
• IP address and general location data
• Cookie identifiers and similar tracking technologies

How We Use Your Information

We use your information for the following purposes:

Service Delivery

• Process and fulfill your orders
• Manage your account and provide customer support
• Respond to your inquiries and requests
• Send transactional emails (order confirmations, shipping updates)

Business Operations

• Improve our products, services, and website functionality
• Analyze usage patterns and trends
• Prevent fraud and maintain security
• Comply with legal obligations

Marketing (with your consent)

• Send promotional emails and newsletters
• Provide personalized recommendations
• Conduct surveys and research

Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to fulfill our contract with you (e.g., processing orders)
• Legitimate Interests: Processing for our legitimate business interests (e.g., fraud prevention, website improvement)
• Consent: Processing based on your explicit consent (e.g., marketing communications)
• Legal Obligation: Processing required to comply with legal requirements

Data Sharing and Third-Party Services

We may share your information with the following categories of third parties:

• Service Providers: Payment processors, shipping carriers, email service providers, and cloud hosting services
• Analytics Services: Google Analytics and similar tools to analyze website usage
• Marketing Partners: Email marketing platforms (only with your consent)
• Legal and Regulatory: Government agencies, law enforcement, or legal advisors when required by law

All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify. We do not sell your personal information to third parties.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our website. For detailed information about our cookie practices, please see our Cookie Policy.

You can manage your cookie preferences through your browser settings or our cookie consent banner. Please note that disabling certain cookies may affect website functionality.

Data Security

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure authentication and access controls
• Regular security assessments and updates
• Employee training on data protection practices

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law. Specific retention periods include:

• Account Information: Retained while your account is active and for up to 7 years after closure for legal and accounting purposes
• Transaction Records: Retained for 7 years to comply with tax and financial regulations
• Marketing Data: Retained until you withdraw consent or request deletion
• Website Analytics: Typically retained for 26 months

Your Rights Under GDPR

If you are a resident of the European Economic Area (EEA), you have the following rights:

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing: Request limitation of how we use your data
• Right to Data Portability: Request transfer of your data to another service provider
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise any of these rights, please contact us using the information provided below.

California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the CCPA:

• Right to Know: Request information about the personal data we collect, use, and disclose
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt-out of the sale of your personal data (we do not sell personal data)
• Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment

To submit a verifiable consumer request, please contact us at privacy@everythingesthetic.com.

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Privacy Shield certification (where applicable)
• Adequacy decisions by the European Commission

Children's Privacy

Our website is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will take steps to delete such information.

Changes to This Policy

We may update our privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. We will notify you of any material changes by:

• Posting the updated policy on this page with a new "Last Updated" date
• Sending an email notification to registered users (for significant changes)
• Displaying a prominent notice on our website

We encourage you to review this privacy policy periodically. Your continued use of our website after changes are posted constitutes your acceptance of the updated policy.

Contact Us and Data Protection Officer

If you have any questions about this privacy policy, wish to exercise your data protection rights, or have concerns about how we handle your personal information, please contact us:

We will respond to your request within 30 days (or as required by applicable law). For your protection, we may need to verify your identity before processing certain requests.