Privacy Policy for Mama Roots World
1. Introduction
At Mama Roots World (“we,” “us,” “our”), accessible via mamarootsworld.com, we are firmly committed to safeguarding the privacy and personal data of our website visitors, customers, and users (“you,” “your”). We recognize the importance of data protection and uphold a privacy-first approach across all aspects of our operations. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Scope of This Policy and Our Role as a Data Controller
This Privacy Policy applies to all personal data collected, processed, or stored through our website, mamarootsworld.com, and any services offered through it. Mama Roots World is the data controller responsible for the processing of your personal data under this Privacy Policy, meaning we determine the purposes and methods of the data processing.
3. Categories of Personal Data We Process
We collect and process the following categories of personal data:
a. Usage Data
Data related to your interactions with our website, including IP address, browser type and version, time zone setting, browser plug-in types, geolocation data, operating system and platform, referral sources, page views, session duration, and navigation paths.
b. Account Data
Data provided during account creation or purchase processes, including your full name, billing and shipping address, email address, and telephone number.
c. Profile Data
Information about your preferences, interests, purchase history, item views, wishlist contents, and general behavior on mamarootsworld.com.
d. Communication Data
Records of all correspondence between you and our support or customer services teams, including emails, live chats, and messages sent through contact forms.
e. Technical Data
Information about devices used to access mamarootsworld.com, including hardware model, device identifiers, system configurations, language settings, and diagnostics data.
f. Transaction Data
Details of purchases and payments you make on our website, including order history, payment method, shipping schema, and invoicing data.
g. Preference Data
Information regarding your choices about receiving marketing communications, newsletter subscriptions, product personalization settings, and other consent-based preferences.
4. Legal Bases for Processing Personal Data
We process your data in accordance with various legal foundations as recognized under GDPR and CCPA:
– Legitimate Interests: For purposes such as website security, fraud prevention, and optimization of user experience.
– Contractual Necessity: To carry out obligations under any contract we enter into with you, including processing purchases and delivering goods or services.
– Consent: When required, we will obtain your explicit consent—for example, before sending you marketing emails or utilizing non-essential cookies.
– Legal Obligation: When we are required to process your data to comply with a legal obligation, such as financial recordkeeping.
5. Your Rights Under Data Protection Laws
You are entitled to exercise the following rights:
– Right of Access: You may request confirmation of whether we process your personal data and obtain a copy of the data we hold about you.
– Right to Rectification: You may request the correction of inaccurate or incomplete personal data.
– Right to Erasure: In certain cases, you may request we delete your personal data, such as when it is no longer necessary for the purposes we collected it.
– Right to Restrict Processing: You may request we limit processing of your data under certain conditions.
– Right to Data Portability: You may request your personal data in a structured, commonly used, machine-readable format so that it can be transmitted to another controller.
To exercise any of these rights, please contact us directly at [email protected].
6. Security Measures
We implement and maintain robust administrative, technical, and physical security measures designed to protect your data:
– Encryption protocols during data transmission and storage
– Role-based access control and secure login environments
– Regular data backups and disaster recovery planning
– Staff training on data privacy and security procedures
Despite these measures, no platform is entirely immune to risks. We urge users to take similar precautions to help protect their personal data.
7. International Data Transfers
Certain services or third-party providers we engage may be based outside of your country of residence, resulting in transfers of personal data internationally, including to jurisdictions outside the European Economic Area (EEA).
Where necessary, we implement appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission and compliance with regional data transfer standards to ensure lawful data transfers in accordance with applicable privacy regulations.
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this policy:
– Usage and Technical Data: up to 2 years for analytics
– Account and Transaction Data: up to 7 years post-transaction in accordance with tax and accounting laws
– Communication Data: up to 3 years following the closure of an inquiry
– Preference and Profile Data: retained until the data subject withdraws consent or deletes their account
After expiry of the retention period, or upon valid request for erasure, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies on mamarootsworld.com to enhance functionality, analyze traffic, personalize content, and manage user sessions. Cookies are categorized as:
– Essential Cookies: Necessary for basic operations and security
– Functional Cookies: Enable preferences to be saved and improve usability
– Analytics Cookies: Help us understand how users interact with the website
– Performance Cookies: Monitor site performance to improve speed and user experience
We do not use cookies to identify you personally without your express permission or combine cookie data with your other personal data without appropriate legal basis.
10. Cookie Management and Compliance
We comply with GDPR and CCPA requirements regarding user consent and data transparency. When you first visit mamarootsworld.com, a cookie banner provides the option to consent or modify your preferences.
You may update your cookie preferences at any time via our Cookie Settings interface, or by adjusting your browser settings to refuse or remove cookies.
Under CCPA, California residents also have the right to opt out of the “sale” of personal information. We do not sell personal data within the meaning of the CCPA.
11. Children’s Privacy
Mama Roots World does not knowingly collect or process personal data of children under the age of 13. If we become aware that personal data from a child under 13 has been collected without appropriate parental consent, we will take reasonable steps to delete it.
We encourage parents or guardians to contact us at [email protected] if they believe a child has submitted personal data to mamarootsworld.com without proper authorization.
12. Policy Updates and Notifications
We reserve the right to update or amend this Privacy Policy from time to time to accommodate changes in applicable laws, technology, or our operational practices. Material changes will be communicated via notices on our website or, where appropriate, by direct notification. We encourage you to review this page periodically for the latest updates regarding our privacy practices.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: https://mamarootsworld.com
At Mama Roots World, we are dedicated to privacy compliance and transparent data practices. If you believe your rights have been violated or wish to file a complaint, please contact us at your earliest convenience. We will respond promptly and in accordance with applicable data protection laws.