How We Protect and Process Your Personal Data

1. Introduction and Data Controller

Beautyfaunadyn, operating at 936 Irving St, San Francisco, CA 94122, USA, is the data controller responsible for your personal information collected through this website. We are committed to protecting your privacy and processing data in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA) where applicable, and other relevant international data protection laws.

By accessing or using our website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our data practices, please discontinue use of the website and contact us to request deletion of any data we may hold about you.

For privacy-related inquiries, contact us at assist@beautyfaunadyn.world or call +1 415-702-6200 during business hours.

2. Information We Collect

2.1 Information You Provide Directly

When you interact with our website, you may voluntarily provide the following categories of personal data:

• Identity and contact information: full name, email address, and phone number when submitted through our contact form or during purchase.
• Communication content: the text of messages you send us, including inquiries about our educational recovery planning resources.
• Transaction information: billing name, billing address, and payment confirmation details when you purchase educational materials. Payment card data is processed by our third-party payment processor and is not stored on our servers.
• Consent records: timestamps and categories of cookie consent you provide through our cookie preference banner.

2.2 Information Collected Automatically

When you visit our website, certain technical data may be collected automatically through cookies and similar technologies, subject to your consent preferences:

• Device and browser information: operating system, browser type and version, screen resolution, and device type.
• Usage data: pages visited, time spent on pages, referral URLs, click patterns, and navigation paths within the site.
• Network data: IP address (which may be anonymized or truncated), approximate geographic location derived from IP, and internet service provider.
• Session identifiers: unique session tokens necessary for website functionality and security.

2.3 Information We Do Not Collect

We do not intentionally collect sensitive personal data such as health records, medical diagnoses, government identification numbers, or financial account credentials beyond what payment processors handle directly. Our educational content relates to general evening routine planning and does not require health-related personal information.

3. Purposes and Legal Bases for Processing

We process your personal data only for specified, explicit, and legitimate purposes. The table below outlines our primary processing activities and their legal bases under GDPR Article 6:

• Responding to contact form submissions and customer inquiries — Legal basis: performance of a contract or steps prior to entering a contract (Art. 6(1)(b)), or legitimate interest in communicating with prospective customers (Art. 6(1)(f)).
• Processing purchases and delivering educational materials — Legal basis: performance of a contract (Art. 6(1)(b)).
• Website functionality and security — Legal basis: legitimate interest in maintaining a secure and functional website (Art. 6(1)(f)).
• Analytics to improve content and user experience — Legal basis: consent (Art. 6(1)(a)), obtained through our cookie banner.
• Marketing communications about educational products — Legal basis: consent (Art. 6(1)(a)), which you may withdraw at any time.
• Compliance with legal obligations — Legal basis: compliance with a legal obligation (Art. 6(1)(c)), such as tax record retention requirements.

We will not use your personal data for purposes incompatible with those described above without notifying you and, where required, obtaining fresh consent.

4. Data Sharing and Third-Party Processors

We do not sell your personal data to third parties. We may share information with the following categories of recipients under strict data processing agreements:

• Payment processors: to facilitate secure transaction processing for educational product purchases.
• Email service providers: to deliver purchase confirmations, download links, and responses to your inquiries.
• Analytics providers: to aggregate and analyze website usage patterns, only when you have consented to analytics cookies.
• Hosting and infrastructure providers: to store website data and ensure availability of our digital services.
• Legal and regulatory authorities: when required by applicable law, court order, or governmental request.

All third-party processors are contractually obligated to process data only on our instructions, implement appropriate security measures, and comply with applicable data protection laws. A list of our primary subprocessors is available upon request.

If data is transferred outside the European Economic Area or the United Kingdom, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or adequacy decisions.

5. Data Retention Periods

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law:

• Contact form submissions: retained for 24 months from the date of submission, then securely deleted unless an active customer relationship exists.
• Purchase and transaction records: retained for 7 years to comply with tax and accounting regulations.
• Cookie consent records: retained for 12 months from the date of consent, then refreshed upon your next visit.
• Analytics data: retained in aggregated, anonymized form for up to 26 months, or deleted upon withdrawal of consent.
• Marketing preferences: retained until you withdraw consent or unsubscribe, plus a 30-day suppression period.
• Server logs and security records: retained for 90 days for security monitoring and incident investigation.

When retention periods expire, personal data is securely deleted or irreversibly anonymized using industry-standard methods.

6. Security Measures

We implement technical and organizational measures designed to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

• Encryption of data in transit using TLS/HTTPS protocols for all website communications.
• Access controls limiting personal data access to authorized personnel on a need-to-know basis.
• Regular security assessments and vulnerability monitoring of our hosting infrastructure.
• Secure password policies and multi-factor authentication for administrative systems.
• Employee training on data protection principles and incident response procedures.
• Data backup procedures with encrypted storage and tested recovery protocols.

While we strive to protect your personal information, no method of electronic transmission or storage is completely secure. In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34.

7. Your Rights Under GDPR and Applicable Laws

Depending on your location, you may have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): request a copy of the personal data we hold about you.
• Right to rectification (Art. 16 GDPR): request correction of inaccurate or incomplete personal data.
• Right to erasure (Art. 17 GDPR): request deletion of your personal data where no compelling reason exists for continued processing.
• Right to restriction of processing (Art. 18 GDPR): request that we limit how we use your data in certain circumstances.
• Right to data portability (Art. 20 GDPR): receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21 GDPR): object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
• Right to lodge a complaint: file a complaint with your local data protection supervisory authority.

California residents may additionally have rights under the CCPA, including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

To exercise any of these rights, contact us at assist@beautyfaunadyn.world with sufficient information to verify your identity. We will respond within 30 days, or inform you if an extension is necessary.

8. Children's Privacy

Our website and educational services are intended for adults aged 18 and older. We do not knowingly collect personal data from individuals under 16 years of age. If we become aware that we have collected data from a child without appropriate parental consent, we will take steps to delete that information promptly. Parents or guardians who believe their child has provided us with personal data should contact us immediately.

9. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you via email or a prominent notice on our website. We encourage you to review this policy regularly to stay informed about how we protect your information.

10. Contact Information

For questions, concerns, or requests related to this Privacy Policy or our data processing practices, contact:

Beautyfaunadyn
936 Irving St, San Francisco, CA 94122, USA
Email: assist@beautyfaunadyn.world
Phone: +1 415-702-6200

Related policies: Cookie Policy, Terms of Use, Refund Policy.