Privacy Policy
SproutTrail (“we,” “our,” or “us”) is committed to safeguarding the privacy and personal data of all users who access and interact with our website (https://sprouttrail.com). This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of your information and explains your rights under applicable data protection laws including, but not limited to, the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
At SproutTrail, we prioritize the protection and responsible handling of your personal data. We respect your right to privacy and are committed to transparency in how we process your information, ensuring your data is handled lawfully, fairly, and securely.
2. Scope and Data Controller
This Privacy Policy applies to visitors, users, and others who access sprouttrail.com. SproutTrail is the data controller for the personal data collected through this website. As the primary decision-maker regarding how your data is processed, we determine the purposes and means of such processing.
If you have questions about this Privacy Policy or your personal data, you may contact us at: [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
– Usage Data: Includes information about your interaction with sprouttrail.com, such as browser type, language preference, IP address, time zone, navigation patterns, pages visited, session information, and referring URLs.
– Account Data: Provided directly by you when creating an account or making a purchase; includes your name, billing and shipping address, email address, and phone number.
– Profile Data: May include preferences, feedback, interests in products, historical activity, purchase history, and behavioral metrics related to how you use our services.
– Communication Data: Includes correspondence between you and our support team or other personnel, along with any submitted inquiries, support requests, or contact form interactions.
– Technical Data: Captures information relating to your device, including hardware model, operating system version, screen resolution, system settings, and browser configuration.
– Transaction Data: Includes details related to payments made or received, products purchased, delivery details, and associated metadata necessary for processing transactions.
– Preference Data: Includes your stated marketing preferences, consent statuses, opt-in/opt-out records, and details regarding the types of content or products of interest to you.
4. Legal Bases for Processing Personal Data
We process personal data lawfully under the following legal bases, depending on the context:
– Consent: Where required, we will obtain your explicit consent before processing your data (e.g., email marketing).
– Contractual Obligation: Processing necessary to perform a contract with you, such as fulfilling product purchases or delivering requested services.
– Legitimate Interest: To pursue our legitimate business interests, such as improving website functionality, fraud detection, network security, and ensuring a tailored user experience—always balanced against your privacy rights.
– Legal Obligation: In circumstances where processing is required to comply with a legal or regulatory obligation.
5. Your Data Protection Rights
Under applicable data protection laws, you have the following rights:
– Right of Access: Request information about the data we hold on you.
– Right to Rectification: Ask us to correct inaccurate or incomplete information.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain legal grounds.
– Right to Restrict Processing: Ask us to limit the processing of your personal data.
– Right to Data Portability: Receive a copy of your personal data in a structured, commonly used, machine-readable format and request we transfer it to another controller.
To exercise any of these rights, please contact us at: [email protected]. You also have the right to lodge a complaint with your local data protection authority.
6. Data Security
We implement robust security measures to protect your personal data, including:
– Encryption protocols (including HTTPS and SSL/TLS) for secure data transmission.
– Role-based access control and authentication mechanisms.
– Routine data backups and disaster recovery protocols.
– Staff training on data protection and privacy awareness.
– Regular security audits and assessments.
7. International Data Transfers
Where personal data may be processed in or transferred to countries outside your region (such as the United States), we ensure appropriate safeguards are in place. These include:
– Standard Contractual Clauses approved by the European Commission;
– Transferring only to jurisdictions the EU or competent authorities have deemed adequate;
– Implementing supplementary technical and contractual protections where necessary.
8. Data Retention
We retain personal data only for as long as necessary for fulfilling the purposes for which we collected it, including legal, regulatory, tax, or accounting requirements. Retention periods vary:
– Usage and Technical Data: Retained for up to 12 months for analytics.
– Account and Profile Data: Retained as long as the account is active and for 6 years thereafter for regulatory compliance.
– Transaction Data: Retained for 7 years to satisfy legal recordkeeping obligations.
– Communication Data: Stored for up to 3 years from the last interaction.
– Preference Data: Retained until updated or revoked by the data subject.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance your browsing experience. Cookies fall into the following categories:
– Essential Cookies: Necessary for core website functionality, such as access to secure areas and page navigation.
– Functional Cookies: Support personalization features, such as remembering user preferences.
– Analytics Cookies: Collect anonymous statistical data to improve website performance and user experience.
– Performance Cookies: Monitor website uptime, speed, and usage to enhance reliability.
10. Cookie Management and Compliance
When you first visit sprouttrail.com, a cookie banner allows you to provide or withhold consent for optional cookies in accordance with GDPR and CCPA requirements. You may change your cookies preferences or withdraw your consent at any time via the “Cookie Settings” link in the website footer or through your browser settings.
Under CCPA, California residents have the right to opt out of the sale of personal information. SproutTrail does not sell your personal data. However, if you would like to exercise data rights under CCPA, please contact us at: [email protected].
11. Protection of Children
SproutTrail does not knowingly collect or process data from individuals under the age of 13. If we become aware that a child under 13 has provided us with personal data, we will promptly delete such information from our systems. Parents or guardians who believe their child has provided us personal data may contact us to request deletion.
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. Material changes will be communicated to users via our website or through direct communication when appropriate. You are encouraged to review this Policy periodically.
13. Contact Us
If you have questions or concerns about this Privacy Policy or your personal information, you may contact us at:
SproutTrail
Email: [email protected]
We are committed to compliance with GDPR, CCPA, and other relevant privacy frameworks. Should you have any inquiry regarding your rights or our use of your personal data, please contact us directly.