Privacy policy
🔐 PRIVACY POLICY (GDPR – Firework Boutique)
1. Data Controller
Firework Boutique is responsible for processing your personal data.
2. Data We Collect
We may collect:
- Name
- Email address
- Shipping and billing address
- Phone number (if provided)
- Payment information (processed securely by third-party providers)
- Order history
- Website usage data (cookies, analytics)
3. Legal Basis for Processing (GDPR)
We process your data based on:
- Contract necessity (order fulfillment)
- Legal obligations (tax and accounting laws)
- Legitimate interest (fraud prevention, service improvement)
- Consent (marketing emails, cookies where required)
4. How We Use Your Data
Your data is used to:
- Process and deliver orders
- Provide customer support
- Manage returns and refunds
- Prevent fraud and abuse
- Improve website performance
- Send marketing communications (if consented)
5. Data Sharing
We only share your data with necessary third parties:
- Payment processors (e.g. Shopify Payments, Stripe, PayPal)
- Shipping carriers and logistics providers (including suppliers like Dreamlove for fulfillment)
- IT and analytics providers
We never sell personal data.
6. International Transfers
Some data may be processed outside the EU.
In such cases, we ensure appropriate safeguards (e.g. Standard Contractual Clauses).
7. Data Retention
We retain personal data only as long as necessary:
- Order data: up to 7 years (tax/legal requirements)
- Customer support data: up to 24 months
- Marketing data: until consent is withdrawn
8. Your Rights (GDPR)
You have the right to:
- Access your data
- Correct inaccurate data
- Request deletion (“right to be forgotten”)
- Restrict processing
- Object to processing
- Data portability
To exercise these rights, contact us via support email.
9. Cookies
We use cookies to:
- Enable website functionality
- Analyze traffic
- Improve user experience
- Support marketing campaigns
You can manage cookie preferences through your browser settings.
10. Data Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, or loss.
11. Contact
For privacy-related questions, contact our support team via the email listed on our website.