Privacy Policy
1. Introduction
At Roxy Magic (“we,” “our,” or “us”), accessible at roxymagic.com, we are committed to safeguarding the privacy and personal data of our website visitors, customers, and users (“you” or “your”). We take data protection seriously and ensure that the handling of personal data complies with applicable laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”), as amended. This Privacy Policy outlines how we collect, process, store, and protect your personal data, ensuring transparency and reinforcing our commitment to your fundamental right to privacy.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through your use of roxymagic.com and related services. Roxy Magic is the data controller for the purposes of GDPR, and, for California residents, is considered a “business” under the CCPA. If you have any questions regarding this Policy or your personal data, you may contact us at [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data:
a) Usage Data
Information about your interactions with our website, such as your IP address, browser type and version, time zone setting, referring websites, pages visited, time spent on pages, and session activity.
b) Account Data
Personal details you provide when creating an account, including your full name, billing and shipping addresses, email address, and phone number.
c) Profile Data
Information related to your user preferences, past purchases, interests, behavior on the website, and other information that personalizes your experience.
d) Communication Data
Correspondence sent to us via customer support forms, emails, inquiries, or other interactions. This includes messages, support requests, and contact history.
e) Technical Data
Details about the devices you use to access our services, which may include device type, operating system, hardware settings, language preferences, and system configurations.
f) Transaction Data
Records concerning your transactions with us, including products purchased, payment method (not including full financial information, which is processed by secure third parties), delivery address, transaction amounts, and timestamps.
g) Preference Data
Your expressed preferences regarding marketing communications, product alerts, subscription settings, and interests derived from interactions with our website or marketing materials.
4. Legal Bases for Processing
We only process your personal data when legally permitted. Under GDPR, we rely on the following legal bases:
– Consent: Where you provide explicit permission (e.g., subscribing to newsletters).
– Contract: Where processing is necessary to fulfill a contractual obligation (e.g., fulfilling an order).
– Legal Obligation: Where we are required to comply with legal or regulatory obligations.
– Legitimate Interest: Where processing is necessary for our legitimate business interests, except where such interest is overridden by your rights and interests. These include fraud prevention, analytics, improving our services, and marketing (subject to consent where required).
For users subject to the CCPA, we do not sell your personal data and only process personal information as defined under CCPA for disclosed business purposes.
5. Your Data Protection Rights
Subject to applicable law, you may exercise the following rights in relation to your personal data:
– Right of Access: Obtain a copy of the data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request the deletion of your data where legally permitted (“right to be forgotten”).
– Right to Restrict Processing: Limit the use of your personal data in specific circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format, and request its transmission to another controller.
– Right to Object: Object to processing based on legitimate interest, or to direct marketing.
– Right Not to Be Subject to Automated Decision-making: We do not use your information for any automated decision-making that has legal or similarly significant effects.
To exercise your rights, please contact us via email at [email protected]. We may need to verify your identity before processing your request.
6. Security Measures
We implement appropriate technical and organizational measures to secure your data against unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:
– Encryption of data in transit and at rest
– Role-based access controls and authentication systems
– Regular system updates and vulnerability assessments
– Staff privacy and security training
– Secure backup and disaster recovery protocols
Despite our efforts, no internet-based system can be guaranteed 100% secure. We encourage you to choose strong passwords and protect your credentials.
7. International Transfers
Your personal data may be transferred to, stored, and processed in countries outside of your jurisdiction, including countries that may not offer the same level of protection. Where required by law, we ensure such transfers are made under approved safeguards, including use of Standard Contractual Clauses (SCCs), adequacy decisions, or other legally recognized mechanisms.
8. Data Retention
We retain your personal data only as long as necessary for the purposes set out in this Privacy Policy, and in accordance with applicable legal, tax, or regulatory obligations. Specific retention periods include:
– Account and Profile Data: retained while you have an active account, and for up to 6 years after cancellation.
– Transaction Data: retained for up to 7 years to comply with tax and accounting requirements.
– Communication Data: retained for up to 3 years from last interaction.
– Technical and Usage Data: retained for up to 24 months for analytics and operational purposes.
– Preference and Marketing Data: retained until you withdraw your consent or update your preferences.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience on roxymagic.com. These include:
– Essential Cookies – Necessary for website functionality and security.
– Functional Cookies – Enhance usability, remember preferences.
– Analytics Cookies – Collect anonymized visitor statistics and insights.
– Performance Cookies – Monitor system performance and loading speed.
For detailed information on the cookies we use, please refer to our dedicated Cookie Policy page, accessible from our website footer.
10. Cookie Management and Compliance with GDPR & CCPA
You are in control of your cookie preferences. Upon first visit to roxymagic.com, you will be presented with a cookie banner with options to accept or manage cookie settings. You may revoke or alter your consent at any time by accessing our cookie settings screen.
Under GDPR, processing cookies for analytics or advertising purposes requires opt-in consent. Under CCPA, California residents have the right to opt out of the sale or sharing of personal information through cookies. While we do not sell personal information, you can exercise cookie preferences, including Do Not Track (DNT), through your browser or system settings.
11. Children’s Privacy
Roxy Magic does not knowingly collect or solicit personal data from individuals under the age of 13. If you are a parent or guardian and believe that we may have collected personal data from a child without appropriate consent, please contact us immediately at [email protected] so that we may take appropriate steps to delete such information.
12. Policy Updates & User Notifications
We reserve the right to modify or update this Privacy Policy as necessary to reflect changes in law, our practices, or technological developments. Any material changes will be communicated via our website or through direct communication when appropriate. Your continued use of roxymagic.com constitutes your acceptance of any revised terms.
13. Contact
If you have any questions, concerns, or exercise requests regarding this Privacy Policy or your personal data, please reach out to our Data Protection contact at:
Email: [email protected]
Website: https://roxymagic.com
We are committed to strict legal compliance and to protecting your privacy at every step. For any data protection concerns, please do not hesitate to contact us.