PRIVACY POLICY

Privacy Policy – Bathbudy

1. Personal Data and Contact Details of the Controller

1.1 Thank you for visiting our website. This Privacy Policy explains how we handle your personal data when you use our website. Any data that can be used to identify you is considered personal data.

1.2 Under the General Data Protection Regulation (GDPR), Bathbudy is the data controller—meaning we determine the purposes and methods of processing your personal data.

1.3 For your security, this website uses SSL or TLS encryption to protect personal data and sensitive content during transmission. You can identify a secure connection by the "https://" prefix and padlock symbol in your browser's address bar.

2. Data Collection When You Visit Our Website

When you browse our website without registering or submitting information, we collect only the data your browser sends to our server. This includes:

• Website visited

• Date and time of access

• Data volume transferred

• Source or referring site

• Browser and operating system used

• IP address (may be anonymised)

This data is processed under Article 6(1)(f) of the GDPR to improve website performance. We do not use this data for profiling or other purposes unless illegal activity is suspected.

3. Cookies

We use cookies to make your experience more user-friendly and to enable certain functions. Cookies are small text files stored on your device.

• Session cookies are deleted when you close your browser.

• Persistent cookies remain and allow us or our partners (third-party cookies) to recognise your browser on your next visit.

Cookies may store browser data, location info, or IP addresses. If cookies process personal data, we do so either:

• Under Article 6(1)(b) GDPR (performance of a contract), or

• Article 6(1)(f) GDPR (legitimate interest in website functionality).

Note: You can configure your browser to notify you before accepting cookies, or to block them entirely. However, some features may not work if you block cookies.

Browser-specific settings:

• Chrome

• Firefox

• Safari

• Opera

• Edge/Explorer

4. Contacting Us

If you contact us via a form or email, we collect the personal data you provide to respond to your enquiry. This is processed under:

• Article 6(1)(f) GDPR (our legitimate interest in responding), or

• Article 6(1)(b) GDPR (pre-contractual steps), if applicable.

Your data will be deleted once your request is resolved unless legally required to retain it.

5. Customer Accounts and Contracts

When you create an account or place an order, we process your data under Article 6(1)(b) GDPR. Your data is stored as long as needed to fulfil the contract, then blocked or deleted as required by tax and trade laws—unless you consent to further use.

6. Direct Marketing

6.1 Email Newsletter
If you sign up for our newsletter, we will send you updates about our products. You must confirm your subscription via a confirmation email (double opt-in). We store your IP address, registration date, and email to prevent misuse.

You may unsubscribe at any time via the link in the newsletter or by contacting us.

6.2 Customer Email Marketing
If you've made a purchase, we may email you about similar products based on our legitimate interest (Article 6(1)(f) GDPR). You can opt out at any time.

7. Data Sharing with Third Parties

7.1 Shipping
We share necessary information (e.g. name and address) with delivery partners to fulfil your order.

7.2 Payment Providers
Depending on your chosen payment method, data may be shared with providers like PayPal or SOFORT (Klarna). These services may conduct credit checks in line with Article 6(1)(f) GDPR.

More on PayPal privacy: PayPal Privacy Policy
More on Klarna (SOFORT): SOFORT Privacy

8. Product Reviews

We may email you once after a purchase to ask for a review, based on your consent under Article 6(1)(a) GDPR. You can withdraw consent at any time.

9. Social Media Plugins (Shariff Integration)

To protect your privacy, our site uses social sharing buttons (Facebook, Instagram, Google+) as simple links. These do not contact social media servers unless you click on them. All social networks mentioned are Privacy Shield certified.

• Facebook Privacy

• Instagram Privacy

• Google Privacy

10. Online Marketing and Tracking

We use tools like:

• Google DoubleClick & Google Ads Conversion Tracking
  For targeted ads and performance tracking (Article 6(1)(f) GDPR). More info:
  Google Ads Privacy

• Facebook Pixel
  To track ad performance and optimise targeting, only with your explicit consent (Article 6(1)(a) GDPR). Learn more at:
  Facebook Privacy

11. Web Analytics – Google Analytics

We use Google Analytics (with IP anonymization) to analyse visitor behaviour and improve our site (Article 6(1)(f) GDPR).

To opt out:
Google Opt-Out Plugin
More on Google Analytics

12. Remarketing

We use Google AdWords and Facebook Retargeting to show relevant ads across platforms. You can opt out via:

• Google Ads Settings

• Digital Advertising Alliance

13. Your Rights Under GDPR

You have the right to:

• Access your data (Art. 15 GDPR)

• Correct inaccuracies (Art. 16)

• Delete your data (Art. 17)

• Restrict processing (Art. 18)

• Data portability (Art. 20)

• Withdraw consent (Art. 7(3))

• Object to processing (Art. 21)

• Lodge a complaint with a supervisory authority (Art. 77)

To exercise your rights, contact us at: [Insert Contact Email Here]

14. Data Retention

We store your personal data only as long as necessary to fulfil the purpose or as legally required. Once no longer needed, data is routinely deleted unless you’ve consented to longer retention.