Privacy Policy

1. Who this policy covers

This policy applies to visitors, prospective customers, and anyone who places an order or communicates with us through the channels listed on our Contact Us page.

Our website is not directed at children under 16; we do not knowingly collect data from children. If you believe we have, contact us and we will delete it promptly where required.

2. Data controller

For the purposes described here, SPLENDID DIGITAL is responsible for deciding how certain personal information is handled. Operational hosting, email sending, or payment-processing partners may process data strictly on our instructions or their own lawful bases as described below.

3. Information we collect

Depending on how you interact with us, categories may include:

• Identity & contact: name; email address; phone number when you voluntarily provide it; country or timezone if inferred from communication.
• Order & transaction data: items purchased, quantities, prices, currencies, timestamps, payment status references, and identifiers from our payment processor (Dodo Payments) required to correlate orders and deliver digital products.
• Communications: messages submitted through forms, replies, attachments you send, troubleshooting notes maintained by staff.
• Technical & usage data: IP address, browser type/version, approximate device/OS, referrer URL, timestamps, coarse geolocation inferred from IP, pages viewed or actions taken (analytics if enabled), session identifiers needed for carts or authenticated admin areas.
• Cookies & similar technologies: small files or storage keys that keep sessions coherent, remember preferences, or measure aggregated traffic (details in Section 6).
• We generally do not request sensitive categories (such as medical data); please do not send them unnecessarily.

4. Why we process data

• Contractual necessity: to take steps at your request prior to ordering, fulfil digital purchases after payment verification, communicate order confirmations, issue secure links, administer downloads, investigate payment matching.
• Legitimate interests: secure the site against abuse, analyse aggregated usage to improve UX, administer internal records, handle disputes.
• Legal obligations: retain records required for tax/accounting/compliance where applicable.
• Consent: where mandatory for specific marketing emails or optional cookies not strictly necessary — you may withdraw anytime via unsubscribe or browser controls.

5. Lawful retention

We retain data only as long as needed:

• Order logs and invoicing artefacts: typically retained for statutory accounting periods relevant to operations (often multi-year horizons tied to audits/tax).
• Support correspondence: until issues resolve plus a reasonable period for follow-up.
• Security logs & technical diagnostics: shortened rolling retention unless investigation requires longer.
• You may ask for deletion where lawful; fulfilment artefacts may persist if overriding legal duties require retention.

6. Cookies & trackers

Necessary cookies/session storage help operate shopping carts and prevent CSRF or session spoofing basics. Preference cookies remember UI choices sparingly.

Analytics or marketing trackers (if any) will be disclosed in layering notices or banners where required.

You can block cookies via browser settings; critical site functions such as checkout may degrade if strictly necessary cookies are disabled.

7. Sharing & recipients

We do not sell mailing lists or personal data to data brokers.

Processors / categories we may rely on:

• Hosting/CDN/infrastructure vendors storing site files.
• Email delivery providers for transactional notices (orders, confirmations, receipts).
• Dodo Payments for payment processing and digital product delivery (hosted checkout, download links, customer portal).

Each processor is expected to obey confidentiality commitments and comply with GDPR-style or equivalent safeguards where transfers cross borders (see Section 8).

8. International transfers

Infrastructure providers may reside outside your country. Where required we implement appropriate safeguards (standard contractual clauses, adequacy findings, supplementary measures).

9. Security

We employ administrative, technical, and organisational measures appropriate to risk: hashed passwords on admin consoles, HTTPS where configured, restrictive file access paths for downloads, least-privilege server accounts where practicable.

No online system is risk-free — report suspected compromises immediately.

10. Your choices & rights

Depending on geography (for example GDPR in the EU/UK, analogous laws elsewhere), you may have rights including:

• Access copies of personal information we maintain.
• Rectify inaccurate entries.
• Request erasure (“right to be forgotten”) subject to exemptions.
• Restrict or object to certain processing paths.
• Data portability where processing is automated and based on contract/consent.
• Lodge complaints with supervisory authorities.

Submit requests via Contact Us or email info@splendidhooddigital.shop. Verification may require proof of identity to prevent unauthorised disclosure.

11. Automated decision-making

Order screening may involve rules-based automation (risk flags); no solely automated profiling that produces legally significant outcomes without human review is intended.

12. Links to third parties

Outbound links operate under third-party policies; review them independently before submitting data.

13. Changes

If we materially alter this policy we will revise the effective date (and optionally notify recurring customers by email).

14. Contact — privacy enquiries

Privacy questions go through our Contact Us page (info@splendidhooddigital.shop) with subject line “Privacy request” plus enough context to locate your interactions.