Privacy Policy
1. Introduction
At Trust Little (“we,” “us,” “our”), accessible via trustlittle.com, we are committed to protecting your privacy and safeguarding your personal data. We recognize the importance of maintaining the confidentiality, integrity, and availability of personal information, and strive to meet or exceed data protection standards including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and protect personal information, and how you can exercise your rights in relation to that data.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of trustlittle.com and associated services. It governs our data collection, processing, and usage practices. In the context of applicable data protection laws, Trust Little acts as the data controller for the personal data you provide to us.
3. Categories of Personal Data We Process
We collect and process various categories of personal information depending on your interaction with our services. These include:
– Usage Data: Includes information about how you use our website and services, such as browser type and version, IP address, time zone settings, clickstream paths, session duration, and device identifiers.
– Account Data: Information provided when creating or updating an account, including your full name, email address, phone number, and billing or shipping addresses.
– Profile Data: Includes preferences, user behavior on our platform, consent history, product interests, and purchase history.
– Communication Data: Records of correspondence with us, such as support tickets, emails, messages through contact forms, and other communications.
– Technical Data: Includes details about the devices you use to access our services, operating systems, screen resolutions, system configurations, and mobile network data.
– Transaction Data: Payment details (processed via third-party payment processors), order records, delivery addresses, timestamps, and transaction identifiers.
– Preference Data: Includes your preferences relating to receiving marketing from us, your communication choices, and product categories of interest.
4. Legal Bases for Processing
We process personal data based on one or more of the following lawful bases under GDPR and similar rules under CCPA:
– Performance of contract: When processing is necessary for entering into or fulfilling a contractual arrangement with you.
– Consent: When you have freely given informed and unequivocal consent for the specific processing activity.
– Legitimate interests: When processing is necessary for our legitimate business interests and does not override your rights and freedoms (e.g., fraud prevention, product improvement).
– Legal obligation: When processing is necessary to comply with legal or regulatory requirements.
5. Your Data Protection Rights
Subject to the conditions and limitations set forth by applicable law, you may exercise the following rights regarding your personal data:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of any inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to certain exceptions.
– Right to Restrict Processing: Request limitation of how we process your data.
– Right to Data Portability: Request to receive your personal data in a structured, commonly used, machine-readable format and the right to transmit that data to another controller.
– Right to Object: Object to processing based on legitimate interests, including direct marketing.
– Right Not to Be Subject to Automated Decision-Making: We do not use automated decisions that produce legal or similar significant effects.
To exercise any of your rights, please contact our team at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to protect personal data from unauthorized access, disclosure, alteration, or destruction. Security protocols include but are not limited to:
– Encryption of data in transit and at rest,
– Role-based access controls,
– Regular security training for staff,
– Secure user authentication,
– Scheduled system backups and disaster recovery protocols.
7. International Data Transfers
Where personal data is transferred outside of the European Union, United Kingdom, or other jurisdictions with similar regulations, we ensure appropriate safeguards are in place. These may include Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules, or reliance on recognized adequacy determinations.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, and in accordance with legal, accounting, and regulatory requirements. Typical retention periods include:
– Usage Data: Up to 12 months
– Account Data: Maintained for as long as the account is active and up to 6 years post-closure
– Communication Data: Up to 3 years following last contact
– Transaction Data: Retained for a minimum of 7 years for tax and audit purposes
– Preference & Marketing Data: Until you withdraw consent or up to 24 months of inactivity
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, provide analytics, improve functionality, and offer personalized content. We use the following categories of cookies:
– Essential Cookies: Necessary for the proper functioning of our website including security, authentication, and accessibility.
– Functional Cookies: Enable the website to remember selections you’ve made, such as your region and language.
– Analytics Cookies: Collect aggregated data on website usage to improve site performance and user interface.
– Performance Cookies: Measure the effectiveness of our content and marketing campaigns.
10. Cookie Management and Legal Compliance
To comply with GDPR and CCPA requirements:
– On your first visit to trustlittle.com, you will be prompted with a cookie consent banner that allows you to manage your preferences.
– You may withdraw or modify your consent by adjusting cookie settings at any time via the “Cookie Settings” link available on our site.
– Most web browsers also allow control over cookies through browser settings.
11. Children’s Privacy
Our services are not directed to individuals under the age of 13, and we do not knowingly collect or process personal data from children. If we become aware that we have unintentionally collected such data, we will delete it promptly. Parents or legal guardians who believe their child may have provided us with personal information may contact us at [email protected].
12. Updates to This Policy
We reserve the right to amend this Privacy Policy to reflect changes in legal, technical, or business developments. We will provide prominent notice on trustlittle.com and, where appropriate, notify users directly if material changes are introduced. You are encouraged to review this Policy periodically for updates.
13. Contact Us
For further questions about this Privacy Policy, your data rights, or our data protection practices, you can reach us at:
Email: [email protected]
We remain committed to ensuring ongoing compliance with data privacy regulations and to upholding the highest standards of transparency and integrity in all data-related matters. Please contact us with any concerns, and we will endeavor to address your inquiry promptly and thoroughly.