Protection

At Lush Layers Bakery, we recognize the importance of safeguarding personal data and are committed to handling your information with the utmost care and in compliance with all relevant privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection frameworks. This Data Protection Policy describes how we collect, process, use, store, share, and protect personal data obtained through your interaction with our website, applications, services, and communications.

Types of Personal Data We Collect

• Identification Data: full name, username, customer ID
• Contact Information: email address, phone number, physical mailing address
• Account and Login Details: passwords, login credentials (encrypted)
• Transaction Data: billing address, purchase records, payment confirmations
• Technical and Device Data: IP address, browser type and version, time zone setting, device identifiers, cookies, operating system and platform
• Usage Data: clickstream data, features used, session duration, access times
• Location Data: if you enable location services through your device or browser
• Communications: support messages, survey responses, and feedback

Purposes of Processing Personal Data

• Providing access to and maintaining our services
• Managing your account and billing preferences
• Personalizing content and user experience
• Sending service announcements, transactional messages, or promotional emails
• Processing payments securely through verified providers
• Responding to inquiries, support requests, and complaints
• Conducting analytics to improve system performance, features, and customer satisfaction
• Preventing fraud, ensuring IT security, and enforcing our Terms of Service
• Meeting legal, tax, audit, or regulatory requirements

Legal Grounds for Data Processing

We process your personal data on one or more of the following lawful bases: consent, contract performance, legal obligation compliance, and legitimate interests. You may withdraw your consent at any time without affecting prior processing.

Data Sharing and Third-Party Disclosure

We do not sell your personal data. We may share data with service providers, legal authorities, affiliates, or in mergers/sales under strict conditions requiring data protection compliance.

International Data Transfers

We use standard contractual clauses, approved frameworks, and additional safeguards to protect data transferred internationally.

Data Retention and Deletion

We retain personal data only as long as needed to fulfill purposes or legal obligations, after which we delete or anonymize it securely.

Your Rights Regarding Personal Data

• Access your personal data
• Request corrections or updates
• Request deletion or anonymization
• Object to or restrict processing
• Withdraw consent where applicable
• Request data portability
• Lodge a complaint with a data protection authority

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

Data Security Measures

• Data encryption (SSL/TLS)
• Role-based access controls
• Secure servers and cloud environments
• Regular security assessments
• Employee confidentiality agreements
• Backup and disaster recovery protocols

Use of Cookies and Tracking Technologies

We use cookies and similar tools to enhance your experience and analytics. Manage preferences via browser settings or our cookie banner.

Children’s Privacy

Our services are not intended for children under 16. We do not knowingly collect data from children without consent. Such data will be deleted upon discovery.