Effective Date: November 14, 2025

Last Updated: November 14, 2025

This Privacy Policy governs the collection, use, and protection of information obtained from visitors and users of silknatura-wig.com (the “Site”, “we”, “us”, or “our”). We are committed to protecting your privacy and personal data in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other applicable privacy laws.

  1. Definitions and Scope

Data Controller: The operator of this Site. Contact details in Section 10.
Personal Data: Any information relating to an identified or identifiable individual.
Processing: Any operation performed on Personal Data, including collection, storage, use, disclosure, and deletion.

This Policy applies to information collected through:

  • All pages of silknatura-wig.com
  • Email, live chat, and social media communications
  • Order management and payment processing systems
  1. Types of Personal Information We Collect

2.1 Information You Provide Voluntarily

  • Account Information: Name, email address, password (encrypted), account preferences
  • Order Information: Shipping address, phone number, product specifications, customization requests (wig color, length, cap size)
  • Payment Information: Credit card numbers, PayPal details (processed by third-party payment processors; we do not store full card numbers)
  • Communication Records: Customer service emails, chat transcripts, return requests
  • Reviews and Feedback: Product reviews, survey responses, testimonials

2.2 Automatically Collected Technical Data

  • Device Information: IP address, device type, operating system, browser version, time zone
  • Usage Data: Browsing history, clickstream data, session duration, page interactions
  • Cookies and Tracking Technologies: We use:
    • Essential Cookies: For basic site functionality (e.g., shopping cart)
    • Analytics Cookies: Via Google Analytics for traffic analysis
    • Marketing Cookies: For Facebook Pixel retargeting (requires consent)
    • Functional Cookies: To remember preferences (language, currency)

2.3 Special Category Data

For custom wig orders, you may upload head photos or provide body measurements. This data is encrypted and used solely for product customization, with strict access controls.

  1. Legal Basis for Processing (GDPR)

We process your data based on:

  • Contract Performance: Order fulfillment, shipping, after-sales service (Art. 6.1(b))
  • Legal Obligation: Tax, accounting, consumer protection laws (Art. 6.1(c))
  • Legitimate Interests: Fraud prevention, website optimization, analytics (Art. 6.1(f))
  • Consent: Marketing communications, non-essential cookies (Art. 6.1(a))
  1. Detailed Purposes of Data Use
  • Order Processing: Confirm orders, coordinate production, package shipments
  • Logistics: Share necessary details with DHL, FedEx, UPS for delivery
  • Payment Security: Verify transactions via Stripe/PayPal and prevent fraud
  • Customer Support: Respond to inquiries, process returns, provide wearing guides
  • Personalization: Recommend products based on purchase history (with consent)
  • Site Improvement: Analyze user behavior to enhance UX and product display
  • Legal Compliance: Maintain transaction records for tax audits
  • Security: Monitor suspicious logins and transactions
  1. Third-Party Data Sharing

We DO NOT sell your Personal Data. We share it only when necessary:

Categories of Service Providers:

  • Payment Processors: Stripe, PayPal (see their policies: Stripe Privacy, PayPal Privacy)
  • Logistics Partners: DHL, FedEx, UPS (shipping details only)
  • Warehousing: FBA or third-party fulfillment centers
  • Marketing Tools: Mailchimp (email), Google Analytics, Facebook Pixel
  • IT Infrastructure: Hosting providers (e.g., SiteGround), cloud storage (AWS S3)
  • Compliance Services: Tax software, anti-fraud systems

Sharing Principles:

  • Minimum data necessary for specific purposes
  • Data Processing Agreements (DPA) with all processors
  • Regular audits of third-party security measures

Other Disclosure Scenarios:

  • Legal Requirements: Court orders, government investigations
  • Corporate Restructuring: Mergers, acquisitions, asset transfers
  • Protection of Rights: To prevent fraud or protect safety/IP rights
  1. International Data Transfers

Our servers may be located outside the EU. We ensure:

  • Adequacy decisions by the European Commission (if applicable)
  • Standard Contractual Clauses (SCCs) with supplementary measures
  • Transfer Impact Assessments (TIA) conducted prior to transfer
  1. Data Retention Periods
  • Account Data: 6 months after account deletion
  • Order Records: 7 years per tax law requirements
  • Payment Data: Transaction IDs retained for 7 years; full card numbers never stored
  • Cookies: Maximum 13 months (EU regulation)
  • Support Tickets: Deleted 6 months after resolution
  • Marketing Data: Immediately unsubscribed upon request, but opt-out records retained
  1. Your Legal Rights

GDPR Rights (for EU residents):

  • Right to Access: Obtain a copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure (“Right to be Forgotten”): Delete data under specific conditions
  • Right to Restriction: Suspend data processing
  • Right to Data Portability: Receive data in a structured, machine-readable format
  • Right to Object: Oppose processing based on legitimate interests or direct marketing
  • Right to Withdraw Consent: At any time
  • Right to Lodge a Complaint: With supervisory authorities (e.g., Irish DPC)

CCPA/CPRA Rights (for California residents):

  • Right to Know: Categories, sources, and purposes of collected data
  • Right to Delete: Request deletion of personal information (with exceptions)
  • Right to Opt-Out: Opt-out of sale of personal information (WE DO NOT SELL DATA)
  • Right to Non-Discrimination: No discrimination for exercising privacy rights
  • Right to Correct: Correct inaccurate personal information
  • Right to Limit Use of Sensitive Personal Information: Restrict use of sensitive data

How to Exercise Rights:

  • Email zzz2337374357@gmail.com with subject “Privacy Rights Request”
  • Response within 30 days (extendable to 90 days for complex requests)
  • Identity verification required (order number, email verification, or ID copy)
  1. Cookie Management

Manage cookies via browser settings:

  • Chrome: Settings > Privacy and Security > Cookies
  • Firefox: Options > Privacy & Security > Cookies
  • Safari: Preferences > Privacy > Cookies

Adjust preferences via our Cookie consent banner. Rejecting non-essential cookies does not affect site functionality.

  1. Data Security Measures

We implement:

  • Encryption: TLS 1.3 for data transmission, AES-256 for sensitive data storage
  • Access Control: Role-based access, minimum privilege principle
  • Regular Audits: Quarterly vulnerability scans and penetration tests
  • Employee Training: Annual data protection training
  • Backups: Daily encrypted backups in multiple geographic locations
  • Incident Response: Data breach response plan with 72-hour notification
  1. Data Breach Notification

In case of a breach:

  1. Immediate investigation and containment
  2. Report to supervisory authorities within 72 hours (GDPR)
  3. Notify affected users via email with breach scope, risks, and remediation
  4. Offer free credit monitoring if financial data is involved
  1. Third-Party Links

Our Site may link to YouTube (tutorials), Instagram, etc. We are not responsible for their privacy practices. Review their policies before providing data.

  1. Children’s Privacy
  • Minimum Age: 16 years old. We do not knowingly collect data from children.
  • Upon Discovery: Immediate deletion and account termination
  • Parental Rights: Parents can contact us to delete child’s data
  1. Updates to This Policy

We may update this Policy periodically:

  • Material Changes: 30-day advance notice via email and site banner
  • Minor Changes: Immediate update on this page
  • Continued use constitutes acceptance of the updated Policy
  1. Contact Us

Data Controller: SilkNatura Wig
Email: zzz2337374357@gmail.com
Physical Address: [Please provide your business address if applicable]
Website: https://silknatura-wig.com

Data Protection Officer (DPO): We have not appointed a dedicated DPO. For privacy inquiries, please contact the email above, and we will assign a responsible person.