1. Introduction

Beauty Theory Cosmetics® ("we," "us," or "our") is committed to protecting the privacy of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way. This policy is designed to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as applicable.

2. Information We Collect

We collect the following categories of personal information:

Contact Information: This includes your name, email address, phone number, and postal address.

IP Address: We automatically collect your IP address when you access our website.

Usage Data: This includes information about how you use our website and services, such as the pages you visit, the products you view, and the actions you take.

3. Purposes of Data Collection and Use:

We use the information collected for the following purposes:

 Service Improvement: To analyze user behavior and preferences to improve our website, products, and services.

Analytics: To understand how our website is being used and to track the effectiveness of our marketing campaigns.

Marketing and Promotions Alignment: To send you promotional emails, newsletters, and other marketing communications about our products and services, tailored to your interests.

Order Fulfillment: To process and fulfill your orders, including shipping and handling.

Customer Support: To respond to your inquiries and provide customer support.

Security: To protect our website and services from fraud, abuse, and other security threats.

Legal Compliance: To comply with applicable laws and regulations.

4. Legal Basis for Processing (GDPR):

If you are located in the European Economic Area (EEA), our legal basis for processing your personal information is as follows:

Consent: We will rely on your consent to send you marketing communications. You have the right to withdraw your consent at any time.

Contractual Necessity: We will process your personal information when necessary to fulfill a contract with you, such as processing your order.

Legitimate Interests: We may process your personal information for our legitimate interests, such as improving our services and preventing fraud, provided that your rights and freedoms are not overridden.

Legal Obligation: We may process your personal information to comply with a legal obligation.

5. Data Retention:

We will retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

Contact Information: We will retain your contact information as long as you are a customer or subscriber, and for a reasonable period thereafter for marketing purposes, unless you unsubscribe.

IP Address: We retain IP addresses for a limited period for security and analytics purposes.

Usage Data: We retain usage data for as long as necessary to improve our services and understand user behavior.

6. Data Sharing and Disclosure:

We do not share or disclose your personal information to third parties, except as required by law.

7. Your Rights (GDPR and CCPA)

You have certain rights regarding your personal information, including:

Right to Access: You have the right to request access to the personal information we hold about you.

Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal information.

Right to Erasure (Right to be Forgotten): You have the right to request that we erase your personal information, under certain circumstances.

Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal information, under certain circumstances.

Right to Data Portability: You have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.

Right to Object: You have the right to object to the processing of your personal information, under certain circumstances, including for direct marketing purposes.

Right to Withdraw Consent: If we are processing your personal information based on your consent, you have the right to withdraw your consent at any time.

Right to Non-Discrimination (CCPA): You have the right not to be discriminated against for exercising your CCPA rights.

Right to Know (CCPA): California residents have the right to request information about the categories and specific pieces of personal information we have collected about them, the sources of the information, the purposes for collecting it, and the categories of third parties with whom we share it.

Right to Delete (CCPA): California residents have the right to request that we delete their personal information, subject to certain exceptions.

8. Exercising Your Rights:

To exercise your rights, please contact us using the contact information provided below. We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request.

9. Data Security:

We take reasonable measures to protect your personal information from unauthorized access, use, or disclosure. These measures include:

*   Using encryption to protect sensitive data.

*   Implementing access controls to limit access to personal information.

*   Regularly monitoring our systems for security vulnerabilities.

*   Training our employees on data privacy and security practices.

While we strive to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. Therefore, we cannot guarantee the absolute security of your information.

10. Children's Privacy:

Our website and services are not directed to children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to delete the information.

11. Changes to this Privacy Policy:

We may update this Privacy Policy from time to time. We will post any changes on our website and update the effective date. Your continued use of our website or services after the posting of changes constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.

12. Contact Information:

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Beauty Theory Cosmetics®

202 Blum Court Suite 142, Bel Air MD 21014

Bizlikeyours@outlook.com

Contact by Email Only

13. GDPR Representative (If Applicable):

If you are located in the EEA and we have a GDPR representative, their contact information will be provided here. (If you don't have one, remove this section).

14. California Residents – CCPA Notice:

In addition to the rights described above, California residents have the following rights under the CCPA:

Right to Opt-Out of Sale: Beauty Theory Cosmetics® does not sell your personal information.

Authorized Agent: You may designate an authorized agent to make requests on your behalf. To do so, you must provide the authorized agent with written permission to act on your behalf, and we may require you to verify your identity and confirm that you provided the agent permission to submit the request.

15. Complaints:

If you believe that we have violated your privacy rights, you have the right to lodge a complaint with supervisory authority.

For GDPR: You can lodge a complaint with the supervisory authority in your country of residence.

For CCPA: You can lodge a complaint with the California Attorney General.

16. International Data Transfers:

[If you transfer data internationally, include this section. If not, remove it.]

If we transfer your personal information to countries outside of the EEA or California, we will ensure that appropriate safeguards are in place to protect your information, such as:

*   Using standard contractual clauses approved by the European Commission.

*   Transferring data to countries that have been deemed to provide an adequate level of protection.

Important Considerations and Disclaimer:

Legal Review: This is a sample privacy policy and should be reviewed and customized by legal counsel to ensure it complies with all applicable laws and regulations.

Specificity: The policy should be tailored to your specific business practices and the types of personal information you collect.

Transparency: Be as transparent as possible about your data practices.

Regular Updates: Review and update your privacy policy regularly to reflect changes in your business or the law.

Third-Party Services: Since you stated you don't use any third-party services, I've omitted that section. If you begin using them, you MUST update this policy to disclose that information.  This includes things like analytics providers (Google Analytics, etc.), advertising platforms (Facebook Ads, Google Ads), email marketing services (Mailchimp, Klaviyo), and payment processors.

Cookies and Tracking Technologies: If you use cookies or other tracking technologies on your website, you need to disclose this in your privacy policy and provide users with information about how to manage their cookie preferences.  Consider adding a separate Cookie Policy or section within this document.

"Sale" under CCPA: The definition of "sale" under the CCPA is broad.  Even if you don't directly sell personal information for money, certain data sharing practices could be considered a "sale."  Review your data sharing practices carefully to determine if you need to provide users with the right to opt out of the "sale" of their personal information.