Shine & Glow Beauty Privacy Policy
Identity and Contact Details (Who We Are)
Data Controller: Shine & Glow Beauty operates the website Shine & Glow Beauty (https://shineglowbeauty.com) and as the Data Controller for the personal data collected via the site.Contact Information for Privacy Requests: For all privacy-related matters, including to exercise any of your legal data rights (such as the Right to Access or Right to Erasure), please contact us directly at our dedicated privacy channel: email: vibevitalitych@gmail.com
Who we are
Comments
Our website does not have a comments section, and we do not collect any data from visitors who attempt to leave comments.
Media
We do not allow visitors to upload images to our website. Our administrators upload any images on this site.
Cookies and Tracking Technologies
Our website uses various first-party and third-party tracking technologies, including cookies, web beacons, and pixels, for different purposes.
1. Strictly Necessary (Administrator) Cookies
When you log in to our website (as an administrator), we set up several cookies to save your login information and your screen display choices. These are strictly necessary for the function of the administrative area. Duration: Login cookies last for two days, and screen options cookies last for a year. Logging out of your account removes the login cookies.
2. Affiliate and Third-Party Tracking Cookies
We participate in affiliate programs or may embed content from other websites (e.g., videos, images, social media feeds). Function: When you click on an affiliate link or interact with embedded content, these third parties (Affiliate Networks, Data Analytics Providers, etc.) may set their own tracking cookies. These cookies track user interactions for affiliate commission, personalized advertising, and cross-context behavioral advertising. Legal Basis (GDPR): The deployment of these non-essential cookies and the subsequent processing of data requires your Consent, which we obtain via our cookie banner. Third-Party Policies: These third-party websites behave in the exact same way as if the visitor has visited their original website. Please refer to their individual privacy policies for details on how they handle your data and how long they retain it.
3. Embedded Content from Other Websites
Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, and embed additional third-party tracking. They also monitor and track your interaction with the embedded content, especially
Contact Forms and Legal Basis
When you use our contact form, we collect the data shown in the form, including your name, email address, and your message. Purpose of Processing: We use this information solely to respond to your inquiry and provide you with customer support. Lawful Basis (GDPR): The processing of this personal data is necessary for our Legitimate Interest to respond to user communications and manage customer inquiries effectively. Sharing: The data is not used for marketing purposes or otherwise shared with external third parties, other than our email provider (acting as a service provider).
Data Collection Overview and Lawful Basis
We collect limited personal data for the following specific purposes, relying on a lawful basis for each:
| DATA COLLECTED | SOURCE/METHOD | LAWFUL BASIS (GDPR) | SHARING/DISCLOSURE (CCPA/CPRA) |
|---|---|---|---|
| Contact Data (Name, Email, Message) | Contact Form Submission | Legitimate Interest | Shared with our internal team and email service provider. |
| Online Identifiers (IP Address, User Agent) | Automated Spam Detection | Legitimate Interest (Network and information security/fraud prevention). | Shared with Automated Spam Detection Service (e.g., Akismet). |
| Online Identifiers (IP Address, Device ID, Referral URL, Browsing History) | Affiliate Links/Cookies (Third Parties) | Consent (Obtained via cookie banner, where applicable). | Shared/Sold to Affiliate Networks and Data Analytics Providers. |
How long we retain your data
We retain personal data for only as long as necessary to fulfill the purposes for which it was collected.
1. Server Access and Error Logs
When you visit our website, our hosting provider (Hostinger) automatically collects standard server log data. This data includes information such as your IP address, the time and date of your visit, the pages you view, your browser type, and your operating system. Purpose and Legal Basis for Processing: We process this log data to ensure the security and stability of our website. This processing also helps us detect and prevent malicious activity (such as cyberattacks or fraudulent requests) and troubleshoot technical issues. Our legal basis is our legitimate interest (Art. 6(1)(f) of the GDPR). Data Retention: This log data is automatically retained for a maximum period of 30 days. After this period, the data is permanently deleted and cannot be recovered.
2. Contact Form Data (Name, Email, Message):
We retain this data for a period of up to 12 months after your inquiry is fully resolved.
3. Online Identifiers (Spam/Security Logs):
Data collected for security and spam detection… is typically retained for up to 30 days for network security and fraud prevention purposes.
4. Login/Administrator Cookies:
These cookies are retained for the duration specified in the Cookies and Tracking Technologies section.
Your Data Protection Rights
Depending on your location, you have certain comprehensive rights regarding the personal data we hold about you.
A. Rights under the General Data Protection Regulation (GDPR)
If you are a resident of the European Economic Area (EEA) or the United Kingdom (UK), you have the right to:
- The Right of Access: The right to request copies of your personal data.
- The Right to Rectification: The right to request that we correct or complete information you believe is inaccurate or incomplete.
- The Right to Erasure (‘Right to be Forgotten’): The right to request that we delete your personal data, under certain conditions.
- The Right to Restrict Processing: The right to request that we restrict the processing of your personal data, under certain conditions.
- The Right to Object to Processing: The right to object to processing based on our Legitimate Interests or for Direct Marketing.
- The Right to Data Portability: The right to request that we transfer your data to another organization or directly to you, under certain conditions.
B. Rights under the California Consumer Privacy Act (CCPA/CPRA)
If you are a California resident, you have the following rights:
- The Right to Know: The right to request disclosure of the personal information we have collected, used, shared, or sold about you in the preceding 12 months.
- The Right to Delete: The right to request the deletion of personal information we have collected from you, subject to certain exceptions.
- The Right to Opt-Out of Selling or Sharing: The right to direct us not to sell or share your personal information (including sharing for cross-context behavioral advertising, which covers affiliate link tracking).
- The Right to Non-Discrimination: The right to exercise your CCPA/CPRA rights without facing discrimination.
How to Exercise Your Rights:
To exercise any of these rights, please submit your request to us via vibevitalitych@gmail.com. We must be able to verify your identity to process the request.
International Data Transfers
We may use third-party service providers (such as our email provider and hosting provider) who are located outside of the European Economic Area (EEA) and the UK. When transferring personal data outside of these regions, we use appropriate legal safeguards, such as Standard Contractual Clauses (SCCs), to ensure the transfer protects your data with a level of protection consistent with the GDPR.
Do Not Sell or Share My Personal Information
We share Online Identifiers (such as IP addresses and device IDs) with third-party advertising partners and affiliate networks, which may be considered “Sharing” under the CCPA/CPRA for cross-context behavioral advertising. California residents have the right to opt-out of this sharing.
How to Submit Your Opt-Out Request
To exercise your right to opt-out, please submit a request via email to our dedicated privacy channel: vibevitalitych@gmail.com Please include “CCPA Opt-Out Request” in the subject line. We will process your request within 15 business days and take steps to immediately cease the sharing of your personal information. We will notify any third parties with whom we have shared your information to instruct them to do the same.