Privacy policy

Privacy Policy

Effective Date: 26/08/2025
Last Updated: 26/08/2025

Introduction

Pimple Patch Club ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a purchase, or interact with our services.

Information We Collect

Personal Information You Provide

When you interact with our services, we may collect:

Account & Purchase Information:

  • Name and contact details (email, phone, address)
  • Billing and shipping addresses
  • Payment information (processed securely by our payment processors)
  • Order history and purchase preferences
  • Account credentials and profile information

Communication Information:

  • Customer service inquiries and correspondence
  • Product reviews and feedback
  • Marketing preferences and subscription choices
  • Survey responses and contest entries

Information Automatically Collected

When you visit our website, we automatically collect:

Technical Information:

  • IP address and general location data
  • Browser type, version, and settings
  • Device information and operating system
  • Website usage patterns and navigation data
  • Pages visited, time spent, and referral sources

Cookies and Tracking Technologies:

  • Essential cookies for website functionality
  • Analytics cookies to understand user behavior
  • Marketing cookies for personalized advertising
  • Session cookies for shopping cart functionality

How We Use Your Information

We use your personal information for the following purposes:

Order Processing & Customer Service

  • Processing and fulfilling your orders
  • Managing payments and shipping
  • Providing customer support and handling returns
  • Sending order confirmations and shipping updates

Business Operations

  • Maintaining and improving our website and services
  • Analyzing usage patterns and customer preferences
  • Conducting quality assurance and security monitoring
  • Complying with legal obligations and preventing fraud

Marketing & Communications

  • Sending promotional emails and special offers (with consent)
  • Personalizing your shopping experience
  • Conducting market research and customer surveys
  • Managing loyalty programs and rewards

Legal Basis for Processing (GDPR/UK GDPR)

We process your data based on:

  • Contract performance: To fulfill your orders and provide services
  • Legitimate interests: For business operations, fraud prevention, and analytics
  • Consent: For marketing communications and non-essential cookies
  • Legal obligation: To comply with tax, accounting, and regulatory requirements

Information Sharing and Disclosure

We may share your information with:

Service Providers

  • Shopify: E-commerce platform hosting and order processing
  • Payment processors: Stripe, PayPal, and other secure payment gateways
  • Shipping partners: Postal services and courier companies for delivery
  • Email service providers: For transactional and marketing communications
  • Analytics providers: Google Analytics and similar services (anonymized data)
  • Customer support tools: Help desk and chat support platforms

Legal Requirements

We may disclose information when required by law or to:

  • Comply with legal processes, court orders, or government requests
  • Protect our rights, property, or safety, or that of others
  • Prevent fraud, security breaches, or illegal activities
  • Enforce our terms of service and other agreements

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to this privacy policy.

Data Retention

We retain your personal information for as long as necessary to:

  • Fulfill the purposes outlined in this policy
  • Comply with legal, accounting, and regulatory requirements
  • Resolve disputes and enforce our agreements

Specific Retention Periods:

  • Account information: Until account deletion or 7 years after last activity
  • Order and payment data: 7 years for tax and accounting purposes
  • Marketing communications: Until you unsubscribe or opt-out
  • Website analytics: 26 months (Google Analytics default)
  • Customer service records: 3 years after resolution

Your Privacy Rights

Depending on your location, you may have the following rights:

Universal Rights

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your data (subject to legal requirements)
  • Marketing opt-out: Unsubscribe from promotional communications

GDPR/UK GDPR Rights (EU/UK Residents)

  • Data portability: Receive your data in a portable format
  • Processing restriction: Limit how we use your data
  • Objection: Oppose processing based on legitimate interests
  • Automated decision-making: Opt-out of automated profiling

CCPA Rights (California Residents)

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of personal information
  • Opt-out: Of the sale of personal information (we don't sell data)
  • Non-discrimination: Equal service regardless of privacy choices

PIPEDA Rights (Canadian Residents)

  • Access and correction of personal information
  • Withdrawal of consent where processing is based on consent
  • Complaint filing with the Privacy Commissioner of Canada

International Data Transfers

Your information may be transferred to and processed in countries outside your residence, including:

  • United States: Where our Shopify store and some service providers are located
  • Other countries: Where our service providers have operations

We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) for EU data transfers
  • Adequacy decisions where available
  • Binding corporate rules and certification schemes
  • Service provider agreements with privacy protections

Cookies and Tracking Technologies

Types of Cookies We Use

  • Strictly Necessary: Essential for website functionality and security
  • Performance/Analytics: Help us understand how visitors use our site
  • Functional: Remember your preferences and settings
  • Targeting/Marketing: Deliver relevant advertisements and measure campaign effectiveness

Managing Cookies

You can control cookies through:

  • Browser settings to block or delete cookies
  • Our cookie consent banner preferences
  • Opt-out tools provided by advertising networks
  • Privacy-focused browser extensions

Note: Disabling certain cookies may affect website functionality and your user experience.

Data Security

We implement appropriate technical and organizational measures to protect your information:

Security Measures

  • Encryption: SSL/TLS encryption for data transmission
  • Secure hosting: Protected servers and databases
  • Access controls: Limited employee access on a need-to-know basis
  • Regular monitoring: Security assessments and vulnerability testing
  • Incident response: Procedures for handling potential data breaches

Payment Security

  • PCI DSS compliance: Through certified payment processors
  • Tokenization: Secure payment token storage
  • No direct storage: We don't store complete payment card information

Children's Privacy

Our services are not intended for individuals under 16 years of age (13 in the US). We do not knowingly collect personal information from children. If we discover we have collected information from a child, we will delete it promptly.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to review their privacy policies.

Privacy Policy Updates

We may update this privacy policy periodically to reflect changes in our practices or applicable laws. We will:

  • Post the updated policy on our website
  • Update the "Last Updated" date
  • Notify you of material changes via email or website notice
  • Obtain new consent where required by law

Contact Information

For privacy-related questions, concerns, or to exercise your rights, contact us:

Email: pimplepatchclub@gmail.com
Subject Line: Privacy Inquiry
Response Time: Within 30 days (or as required by applicable law)

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at: pimplepatchclub@gmail.com

Supervisory Authorities

You have the right to lodge a complaint with your local data protection authority:

  • EU: Contact your national data protection authority
  • UK: Information Commissioner's Office (ICO)
  • Canada: Office of the Privacy Commissioner of Canada
  • US/California: California Attorney General's Office

Legal Compliance

This privacy policy complies with applicable privacy laws, including:

  • EU General Data Protection Regulation (GDPR)
  • UK General Data Protection Regulation (UK GDPR)
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA) - Canada
  • Privacy Act 1988 - Australia
  • Various US state privacy laws

By using our services, you acknowledge that you have read and understood this Privacy Policy.