Privacy Policy
1. Introduction
Flashsays.com (“Company,” “we,” “us,” or “our”) is committed to protecting the privacy and personal data of our users. We respect your privacy and are dedicated to maintaining the confidentiality, integrity, and security of personal data entrusted to us. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in line with applicable data privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through our website, flashsays.com, and related digital services. Flashsays.com operates as the data controller for your personal data, determining the purposes and means of processing such information. This Policy does not apply to third-party websites or services which may be linked from flashsays.com.
3. Categories of Data Processed
We may collect and process the following categories of personal data when you interact with our website or services:
a) Usage Data – Includes browser type, IP address, device identifiers, date/time of access, pages visited, referring URLs, and session duration.
b) Account Data – Includes your name, billing and shipping address, email address, phone number, username, and password, typically provided when creating an account.
c) Profile Data – Includes user preferences, purchase history, behavior on flashsays.com, saved settings, and browsing patterns.
d) Communication Data – Includes the contents and metadata of support requests, inquiries sent to our contact address, live chat records (if any), and email correspondence history.
e) Technical Data – Includes device type, operating system version, browser type/version, screen resolution, language settings, and system configurations.
f) Transaction Data – Includes product orders, delivery status, payment card details (processed via third-party services), billing records, and shipping tracking.
g) Preference Data – Includes marketing communication preferences, newsletter subscription status, survey responses, and expressed interests in products or services.
4. Legal Bases for Processing
We process your personal data only when permitted by law. The legal bases include:
– Contractual Necessity: for purposes such as account management, facilitating purchases, and providing customer support.
– Legitimate Interests: for improving website performance, protecting our digital infrastructure, preventing fraud, and conducting business analysis.
– Consent: where required, such as for receiving marketing materials or for using non-essential cookies.
– Legal Obligation: to comply with applicable legislation, subpoenas, or regulatory requirements.
5. Your Rights Under GDPR and CCPA
Depending on your jurisdiction, you may have the following rights regarding your personal data:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You are entitled to have inaccurate or incomplete data corrected.
– Right to Erasure: You may request deletion of your data when it is no longer needed or if you withdraw consent.
– Right to Restriction: You can ask to temporarily suspend processing in certain circumstances.
– Right to Data Portability: You may receive a copy of your data in a structured, machine-readable format.
– Right to Object: You can object to processing based on legitimate interests or to receiving direct marketing.
– Right to Non-Discrimination (under CCPA): You will not be discriminated against for exercising your privacy rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement strict administrative, technical, and physical security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These include:
– Encryption of sensitive data in transit and at rest
– Multi-layered access controls and authentication procedures
– Firewall and anti-malware defenses
– Regular system audits and vulnerability assessments
– Secure backup infrastructure and recovery planning
– Privacy and security training for personnel
7. International Transfers
Your information may be transferred to, and maintained on, servers located outside your jurisdiction, including in countries that may not provide the same level of data protection laws. In such cases, we rely on standard contractual clauses approved by the European Commission or implement equivalent safeguards to ensure the protection of your personal data.
8. Data Retention
We retain personal data only for as long as is necessary for the purposes described in this Policy, including for legal, regulatory, tax, accounting, or reporting purposes. Specific retention periods include:
– Account Data: Retained while your account is active, and for up to 7 years following closure
– Usage Data: Retained for a rolling period of 12–24 months
– Transaction Data: Retained for 7 years for legal compliance
– Communication Data: Retained for 3 years for support verification
– Technical and Profile Data: Retained for analytical purposes for 24 months
– Marketing Preferences: Retained until you revoke your consent
When the relevant retention period expires, personal data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to improve your experience on flashsays.com. These include:
– Essential Cookies: Necessary for website functionality (e.g., login sessions, shopping cart)
– Functional Cookies: Remember user preferences and enhance usability
– Analytics Cookies: Collect aggregated data on site usage to help us improve performance
– Performance Cookies: Monitor system metrics and load times for optimization
10. Cookie Management and Compliance
Upon your first visit to flashsays.com, you will be presented with a cookie banner allowing you to manage your preferences in accordance with GDPR and CCPA requirements. You may customize or withdraw consent at any time via our Cookie Settings panel. Additionally, browsers allow users to control cookie behavior or delete stored cookies.
We honor “Do Not Track” signals from web browsers where feasible and required by law.
11. Protection of Children’s Data
Our services are not directed to children under the age of 13, and we do not knowingly collect personal data from such individuals. If we become aware that we have inadvertently collected personal information from a child under 13, we will promptly delete it. Parents or legal guardians who believe their child has submitted data to us are encouraged to contact us at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes. Users will be notified of material updates via prominent notices on flashsays.com or by direct communication where reasonably practicable. Continued use of our services after such updates constitutes acknowledgment of the revised policy.
13. Contact Us
If you have questions regarding this Privacy Policy or wish to exercise your rights concerning your personal data, please contact us at:
Email: [email protected]
We are committed to ensuring that our privacy practices are transparent, fair, and in full compliance with GDPR, CCPA, and other relevant privacy regulations. For any concerns, we encourage you to reach out to our Data Protection team via the contact email above.