Privacy Policy
1. Introduction
At The Teapot Project, accessible at theteapotproject.com, we are firmly committed to safeguarding your privacy and protecting your personal data. We understand the importance of your privacy and conduct all data processing activities in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”). This Privacy Policy outlines how we collect, use, disclose, and protect your data when you visit our website or interact with us.
2. Scope of This Policy & Role of Data Controller
This Privacy Policy applies to all users of our website and associated digital services. For all personal data collected through or in connection with the services provided on theteapotproject.com, The Teapot Project is the data controller and responsible for your personal data. You may contact us regarding data protection inquiries at [email protected].
3. Categories of Personal Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
This includes information about how users interact with our website, such as IP address, browser type, language preferences, referring URLs, pages viewed, length of visit, session frequency, and other diagnostic data.
b. Account Data
Includes data provided by you during account registration or updates, such as your full name, email address, postal address, phone number, and login credentials.
c. Profile Data
This includes information about your preferences, purchase history, interests, participation in promotions, and other behavior-based insights based on your interactions with our services.
d. Communication Data
Encompasses any correspondence between you and The Teapot Project, including emails, support requests, helpdesk tickets, chat messages, and your contact history with our customer service teams.
e. Technical Data
Comprises information about the devices and technology you use to access our services, such as device identifiers, operating system, mobile network information, application version numbers, and system configurations.
f. Transaction Data
Involves information necessary to process purchases or service orders, including billing address, delivery address, payment methods and receipts, order history, and the nature and quantity of goods and services transacted.
g. Preference Data
Covers values such as product interests, frequency of use, newsletter subscriptions, marketing communications preferences, and consent records.
4. Legal Bases for Processing
We rely on the following legal bases to process your personal data:
– Performance of a Contract: When data processing is necessary to fulfill a contractual obligation, such as processing a purchase or delivering a service.
– Consent: Where you have provided clear and informed permission for us to process your data for a specific purpose (e.g., marketing communications).
– Legitimate Interests: For purposes that are necessary to our business operations and which do not override your rights, such as website optimization, fraud prevention, and analytics.
– Legal Obligation: When processing is required by applicable law or legal processes.
5. Your Data Protection Rights
Under the GDPR, and subject to your jurisdiction (including certain rights under CCPA), you may exercise the following rights:
– Right of Access: Obtain confirmation as to whether we process your data and access a copy of your personal information.
– Right to Rectification: Request that we correct any inaccurate or incomplete data held about you.
– Right to Erasure: Also known as the “right to be forgotten”, request deletion of your personal data where applicable.
– Right to Restrict Processing: Ask us to suspend or limit the processing of your personal data in certain circumstances.
– Right to Data Portability: Request to receive your personal data in a structured, commonly used format and transmit it to another controller.
– Right to Object: Object to processing of personal data based on legitimate interests or for direct marketing purposes.
To exercise any of these rights, you may contact us at [email protected].
6. Security Measures
We take appropriate technical and organizational security measures to protect your personal data, including but not limited to:
– Data encryption protocols for data in transit and at rest
– Role-based access controls and authentication mechanisms
– Routine security audits and vulnerability assessments
– Use of secure cloud infrastructure and firewalls
– Staff confidentiality agreements and privacy training
While we take all necessary precautions, no method of data transmission or storage is 100% secure. We encourage users to take personal precautions as well.
7. International Data Transfers
If we transfer your data to countries outside the European Economic Area (EEA) or other jurisdictions with different data protection standards, such transfers are made in compliance with applicable law. We rely on adequacy decisions, standard contractual clauses approved by the European Commission or equivalent mechanisms to ensure appropriate safeguards.
8. Data Retention
We retain personal data only for as long as necessary for the purposes collected, including:
– Usage Data: Up to 24 months for analytics and diagnostic purposes
– Account, Profile, and Transaction Data: For the duration of your relationship with us and up to 7 years thereafter for legal, financial, and regulatory requirements
– Communication Data: Retained for up to 3 years from last contact, unless required for ongoing support or legal matters
– Preference Data: Retained for as long as marketing consents remain active or until withdrawal of consent
Upon reaching retention expiration, data is securely deleted, anonymized, or archived in accordance with legal obligations.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience. We categorize cookies as follows:
– Essential Cookies: Required for the website to function properly; includes session management and login functionality.
– Functional Cookies: Support personalization features, such as remembering preferences or language selection.
– Analytics Cookies: Provide insights into site performance and usage patterns; we may use services such as Google Analytics in accordance with their privacy terms.
– Performance Cookies: Help us measure the effectiveness of our communications and optimize site navigation.
10. Cookie Management and User Consent
Upon your first visit to theteapotproject.com, you will be presented with a cookie banner allowing you to manage your preferences. You may accept all cookies, reject non-essential cookies, or manage individual categories. You can modify your preferences at any time via the cookie settings on our website or by adjusting your browser settings.
California residents may exercise their rights under the CCPA to opt-out of the selling or sharing of personal information by clicking the appropriate links provided throughout the site or contacting us directly.
11. Protection of Children’s Data
The Teapot Project does not knowingly collect or solicit personal information from children under the age of 13. If you are under 13, please do not provide any data to us. Parents or legal guardians who believe that their child may have submitted personal data without consent are encouraged to contact [email protected] so we can delete such information.
12. Changes to the Privacy Policy
We reserve the right to update or amend this Privacy Policy at any time to reflect changes in legal, regulatory, or operational requirements. Where material changes are made, we will take appropriate steps to notify you, which may include email communication or prominent notification on the website.
Continued usage of theteapotproject.com following updates constitutes your acknowledgment and agreement to the revised terms.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our use of your personal data, please contact us at:
Email: [email protected]
We are committed to full compliance with all applicable data privacy frameworks and welcome your inquiries and feedback regarding your privacy rights.