Privacy Policy
1. Introduction
At Subshakes, accessible via subshakes.com, we prioritize your privacy and are committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
We recognize the importance of privacy-preserving practices, and we adhere to principles of transparency, accountability, and user control throughout our data handling processes.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users who interact with our website, services, platforms, or communications linked to subshakes.com. Subshakes is the data controller of all personal data collected through our site and services unless expressly stated otherwise. As a data controller, we determine the purposes and means of processing your personal data.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
Usage Data: Information about how you use our website and services, including your IP address, browser type, referring URLs, access times, and online behavior.
Account Data: Personal identifiers you provide when opening an account or placing an order, such as full name, billing and shipping addresses, email address, and phone number.
Profile Data: Information relating to your preferences, purchase history, product interests, survey responses, and behavioral insights based on interactions with our services.
Communication Data: Records of your interactions with our customer support team, including emails, chat sessions, support tickets, and any other correspondence or queries submitted via subshakes.com or affiliated platforms.
Technical Data: Device and system specifications, such as operating system, device type, browser settings, language preferences, and other technical identifiers.
Transaction Data: Details relating to purchases made through our website, including payment identifiers (processed via third parties), delivery confirmations, and order fulfillment details.
Preference Data: Information reflecting your communication choices, marketing subscriptions, newsletter enrollments, and product or brand preferences.
4. Legal Bases for Processing
We rely on several legal bases to process your data under GDPR and CCPA requirements:
– Consent: Where required, we obtain your explicit consent before collecting and processing certain types of personal data (e.g., cookie preferences, marketing communication).
– Contractual Necessity: We process personal data necessary for the performance of a contract with you, such as order fulfillment, customer support, and account management.
– Legal Obligation: To comply with applicable legal requirements, including tax or consumer law.
– Legitimate Interests: We may process your data for our legitimate business interests, such as preventing fraud, improving user experience, and marketing similar products to existing customers, unless your rights override such interests.
5. Your Rights
Under applicable data protection laws, you have the following rights regarding your personal data:
– Right to Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You can request corrections to inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your data where legally permitted.
– Right to Restriction of Processing: You can ask us to temporarily stop processing your data under specific circumstances.
– Right to Data Portability: You have the right to request your data in a structured, commonly used, machine-readable format, and to transmit it to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement robust organizational and technical safeguards to ensure the confidentiality, integrity, and availability of your personal data:
– Data encryption during transmission (e.g., SSL/TLS protocols)
– Access control mechanisms with restricted permissions
– Regular data backups and secure storage
– Employee training in data protection and secure handling practices
– Monitoring for vulnerabilities and unauthorized access attempts
7. International Transfers
Wherever your personal data is transferred or stored outside the European Economic Area (EEA), we implement appropriate safeguards in accordance with GDPR, including the use of Standard Contractual Clauses and other legally approved mechanisms. We take similar measures to ensure compliance with CCPA requirements if your data is transferred from California or related jurisdictions.
8. Data Retention
We retain personal data for only as long as necessary to fulfill the purposes outlined in this Privacy Policy:
– Usage Data: 12 months from date of collection
– Account Data: Retained during active usage and for seven (7) years after account deactivation (for tax/legal compliance)
– Profile Data and Preferences: 2 years from last activity or until consent is withdrawn
– Communication Data: 3 years from last contact
– Technical Data: 12 months from collection
– Transaction Data: 7 years (in accordance with accounting standards)
– Marketing Preferences: Retained until consent is withdrawn
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience on subshakes.com. Our cookies fall into the following categories:
– Essential: Necessary for website functionality, such as secure login and navigation.
– Functional: Enable personalization and remember your settings.
– Analytics: Collect aggregated, anonymous statistics on website usage and performance (e.g., Google Analytics).
– Performance: Evaluate website responsiveness, load times, and error monitoring.
10. Cookie Management and Compliance with GDPR & CCPA
Upon your first visit to subshakes.com, you will be presented with a cookie consent mechanism allowing you to accept or manage your preferences. You may withdraw or adjust your consent at any time through our Cookie Settings interface.
Under GDPR and CCPA, you also have the right to:
– Opt-out of non-essential cookie categories
– Request information about third-party trackers used
– Set browser-level cookie preferences or use browser ‘Do Not Track’ functions
11. Special Protections for Children Under 13
Our website is not directed to individuals under the age of 13. Subshakes does not knowingly collect or solicit personal information from children. Should we learn that a minor under 13 has provided us with personal data, we will take prompt steps to delete such information. Parents or guardians who believe their child may have provided us with personal data should contact us at [email protected].
12. Policy Updates and User Notifications
We reserve the right to amend this Privacy Policy as necessary to reflect changes in legal and regulatory obligations, our business practices, or the functionality of subshakes.com. Material changes to this policy will be highlighted on our website and, where appropriate, communicated via email or on-platform notifications.
13. Contact Information
If you have any questions, concerns, or wish to exercise your data protection rights outlined in this Privacy Policy, please contact our Data Protection Officer at:
Email: [email protected]
Subshakes is committed to privacy compliance and adheres to the principles of data minimization, transparency, and user empowerment. We encourage users to reach out at any time with privacy inquiries, feedback, or concerns.