Sassy Gems Privacy Policy

Type of website: Ecommerce

Effective date: 5th day of May, 2025

 

sassygems.co (the “Site”) is owned and operated by Sassy Gems Co.

Sassy Gems Co. is the data controller and can be contacted at:

 

📧 sassygemsco@gmail.com

🌐 sassygemsco.com

 

 

Purpose

 

The purpose of this privacy policy (this “Privacy Policy”) is to inform users of our Site of the following:

 

• The personal data we will collect;

• Use of collected data;

• Who has access to the data collected; and

• The rights of Site users.

 

This Privacy Policy applies in addition to the terms and conditions of our Site.

 

 

GDPR Compliance

 

For users in the European Union, we adhere to Regulation (EU) 2016/679 (GDPR). For users in the UK, we comply with the Data Protection Act 2018.

 

We have not appointed a Data Protection Officer, as we are not required under Article 37 of the GDPR.

 

 

Consent

 

By using our Site, users agree that they consent to:

 

1. The conditions set out in this Privacy Policy.

 

 

Legal Basis for Processing

 

We collect and process personal data about users in the EU only when we have a legal basis under Article 6 of the GDPR, specifically:

 

Processing is necessary to fulfill a contract (e.g., fulfilling an order).

If the necessary data is not provided, we cannot complete shipping or delivery.

 

 

Personal Data We Collect

 

Automatically:

 

• Location

 

Non-Automatically (e.g., via forms or account creation):

 

• First and last name

 

This data is collected when users:

 

• Create an account

• Place an order

 

 

How We Use Personal Data

 

Automatically collected data is used for:

 

• Site usage statistics

 

Data collected via user action is used for:

 

• Communication and order fulfillment

 

 

Who We Share Personal Data With

 

Employees

Access is given only to team members who need it to fulfill their job functions.

 

Third Parties

We may share user data with:

 

• Printful (for order fulfillment)

 

Only data necessary to perform the task (e.g., item purchased) is shared.

 

We do not sell or share your personal data except:

 

• If required by law

• For legal proceedings

• To protect our rights

• If selling the company or its assets

 

Note: We are not responsible for third-party site privacy practices.

 

 

Data Retention

 

Personal data is stored only as long as necessary to fulfill its intended purpose. You will be notified if your data is stored longer than that period.

 

 

Data Protection Measures

 

We use:

 

• Strong browser encryption

• Secure servers

• Access limited to authorized staff under confidentiality agreements

 

While we strive to protect your data, no internet transmission is completely secure.

 

 

Your Rights (GDPR)

 

Under the GDPR, you have:

 

• Right to be informed

• Right of access

• Right to rectification

• Right to erasure

• Right to restrict processing

• Right to data portability

• Right to object

 

 

Children

 

We do not knowingly collect personal data from children under 16. If we learn this has happened, we will delete the data immediately. Parents or guardians may contact us if needed.

 

 

Data Inquiries & Requests

 

To access, modify, or delete your personal data, or to exercise your rights, please contact:

 

📧 sassygemsco@gmail.com

 

 

Do Not Track Notice

 

Our Site does not respond to browser-initiated DNT signals. We are not responsible for third-party DNT behavior.

 

 

Modifications

 

We may update this Privacy Policy as needed. Changes will be reflected by the updated “Effective Date” above. You are encouraged to review this Privacy Policy periodically. We may notify you by email if significant changes occur.