Privacy Policy - The Soho Dolls

1. Introduction

At thesohodolls.com (“Website”, “we”, “our”, or “us”), your privacy is of paramount importance. We are committed to protecting the personal data of our visitors, customers, and users in accordance with global data protection laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines our practices concerning the collection, use, disclosure, and protection of personal data and underscores our commitment to transparency, accountability, and user control with a privacy-first approach.

2. Scope and Role of the Data Controller

This Privacy Policy applies to all personal data collected through thesohodolls.com, including data collected via online interactions with the website, email communications, or third-party integrations. For purposes of applicable data protection laws, The Soho Dolls acts as the data controller with respect to your personal data.

If you have any questions about this Privacy Policy or how we process your personal data, you may contact us at [email protected].

3. Categories of Data Processed

We collect and process the following categories of personal data, either directly from you or automatically via your interaction with thesohodolls.com:

a. Usage Data
Includes data such as your browser type, IP address, referral source, user-agent string, access times, session duration, clicked links, and pages visited.

b. Account Data
Includes personal identifiers such as your full name, email address, billing and shipping address, phone number, and account credentials if you create or maintain an account with us.

c. Profile Data
Includes information such as preferences, purchase history, behavioral insights, and responses to user experience features or marketing-related surveys.

d. Communication Data
Includes messages sent to us via website forms, email correspondence, customer support inquiries, chats, and call history (if applicable).

e. Technical Data
Includes data related to device hardware, operating system, browser configuration, screen resolution, language settings, and other system diagnostics.

f. Transaction Data
Includes payment and billing details used during purchases (e.g., payment method, order history, delivery information). Payment details are processed securely via third-party payment processors and are not stored directly on our systems.

g. Preference Data
Includes information about your marketing preferences, communication consents, newsletter subscriptions, and expressed interests in content or products.

4. Legal Bases for Processing

We only process your personal data when permitted by applicable law. Under GDPR, the lawful bases include:

– Contractual Necessity: Processing necessary to fulfill contractual obligations, such as processing your orders or account management.

– Legitimate Interest: Processing for the purposes of network security, fraud prevention, analytics, direct marketing (with opt-out), and service improvement, provided that such interests are not overridden by your rights.

– Consent: When you provide your informed, explicit consent for specific processing activities, such as for newsletter subscriptions, analytics tracking, or targeted marketing.

– Legal Obligation: When processing is required to comply with applicable legal or regulatory obligations.

5. Your Rights

Under GDPR and, where applicable, the CCPA, you have the right to:

– Access: Request confirmation of whether we hold your personal data and obtain a copy.
– Rectification: Request correction of inaccurate or incomplete personal data.
– Erasure (“Right to be Forgotten”): Request deletion of data we hold about you, subject to legal retention obligations.
– Restriction: Request limitation of processing of your personal data under specific conditions.
– Portability: Receive your personal data in a structured, commonly used machine-readable format and have the right to transmit that data to another controller (where technically feasible).
– Objection: Object to certain types of processing, such as direct marketing or processing based on legitimate interest.
– Do Not Sell My Information (under CCPA): California residents have the right to opt out of the sale of their personal information.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We take appropriate technical and organizational measures to protect the confidentiality, integrity, and availability of your personal data, including but not limited to:

– Use of HTTPS encryption and secure protocols across thesohodolls.com;
– Role-based access controls to sensitive data;
– Regular backups and disaster recovery strategies;
– Data minimization and pseudonymization practices;
– Security awareness training for personnel handling data.

While no system can be guaranteed to be 100% secure, we implement industry best practices to safeguard your data.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place, such as:

– Standard Contractual Clauses (SCCs) approved by the European Commission;
– Data Protection Addenda executed with third-party processors;
– Additional transfer impact assessments where required by law.

By using thesohodolls.com, you acknowledge and consent to such transfers in compliance with applicable data protection frameworks.

8. Data Retention

We retain personal data for no longer than is necessary for the purposes for which it was collected, including for the following durations:

– Usage and Technical Data: 12 months.
– Account and Profile Data: Retained for the life of the account and up to 6 months after account closure.
– Transaction Data: 7 years in accordance with accounting and tax laws.
– Communication Data: 24 months for customer service reference.
– Preference Data: Until consent is withdrawn or 24 months of inactivity.

In cases where legal obligations require a longer retention period, the data will be retained accordingly.

9. Cookie Policy

We use cookies and similar tracking technologies on thesohodolls.com to improve user experience and better understand our visitors. These cookies fall into the following categories:

– Essential Cookies: Required for the website to function properly (e.g., session login, form functionality).
– Functional Cookies: Enhance functionality and personalization (e.g., remembering user preferences).
– Analytics Cookies: Collect aggregated data about site usage for performance optimization (e.g., Google Analytics).
– Performance Cookies: Monitor load times and identify site errors.

10. Cookie Management and Compliance

Upon your first visit to thesohodolls.com, a cookie banner allows you to accept or customize your cookie preferences in compliance with GDPR and CCPA. You may change or withdraw consent at any time through our Cookie Settings located in the footer of the website.

California residents may use a browser-enabled Global Privacy Control (GPC) signal to automatically opt out of sale/sharing, which we honor where applicable.

11. Children’s Privacy

We do not knowingly collect, solicit, or process personal information from children under the age of 13. If you believe that a child has provided us with personal data without appropriate consent, please contact us immediately at [email protected]. We will take steps to delete such information as soon as possible.

12. Policy Updates

We may amend this Privacy Policy from time to time to reflect changes in legal obligations or in our operations. Changes to the Privacy Policy will be posted on thesohodolls.com, and if material, we may notify you via email or site notice. You are encouraged to review this policy periodically.

13. Contact Us

If you have any questions regarding this Privacy Policy, your personal data, or your rights, you may contact us at:

Email: [email protected]
Website: https://thesohodolls.com

We are fully committed to safeguarding your personal data and ensuring compliance with applicable privacy laws and best practices. Please do not hesitate to contact us with any concerns regarding your data privacy.