Privacy Policy

1. Introduction

At Puzzle Postcards, we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, share, and protect your information when you visit our website at puzzlepostcards.shop or use our services.

Puzzle Postcards is the data controller responsible for your personal data. Our contact details are:

2. Information We Collect

We collect different types of information depending on how you interact with our website and services:

2.1 Information You Provide

• Identity and contact information: Name, email address, phone number (if provided)
• Shipping information: Recipient name, shipping address, and any delivery instructions
• Order information: Details of your orders, including product selections, quantities, and preferences
• Uploaded content: Photographs, images, text messages, and optional video/audio recordings you submit to create your puzzle postcard
• Communication data: Messages you send to us via email, contact forms, or customer support channels
• Account information: If you create an account, your login credentials (password is stored securely hashed)

2.2 Information Collected Automatically

• Device and browser information: IP address, browser type and version, operating system, device type, screen resolution
• Usage data: Pages visited, time spent on pages, links clicked, referring URLs, navigation paths
• Cookies and similar technologies: See Section 8 for details on cookies

2.3 Information from Third Parties

• Payment processors: Transaction status and confirmation from Stripe and PayPal (we do not receive or store your full payment card details)
• Shipping carriers: Delivery status updates, tracking information, and delivery confirmations

3. How We Use Your Information

We use your personal data for the following purposes:

4. Who We Share Your Information With

We share your personal data only with trusted third parties who help us operate our business and provide our services. We do not sell your personal data to third parties.

4.1 Service Providers

• Payment processors: Stripe and PayPal process your payments securely. They receive payment details necessary to complete transactions.
• Shipping carriers: We share recipient names and addresses with shipping carriers (e.g., national postal services, courier companies) to deliver your orders.
• Print/fulfilment partners: If we use third-party printing or fulfilment services, they receive your uploaded images and shipping information to produce and ship your order.

  [PLACEHOLDER — If you use a 3PL/print partner, name them here, e.g., "We use [Partner Name] for printing and fulfilment."]

• Hosting provider: Our website is hosted on Vercel. They may process technical data as part of providing hosting services.
• Email provider: We use email services to send transactional emails (order confirmations, shipping updates) and, with your consent, marketing emails.
• Analytics: We use Google Analytics to understand how visitors use our website. See Section 8 for more details.

4.2 Legal and Regulatory

We may disclose your personal data if required to do so by law, court order, or regulatory authority, or if we believe disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

5. International Data Transfers

Some of our service providers are located outside the European Economic Area (EEA). When we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place to protect your data, such as:

• Adequacy decisions: Transfers to countries with an adequate level of data protection as determined by the European Commission
• Standard Contractual Clauses (SCCs): EU-approved contractual clauses that provide appropriate data protection guarantees
• Binding Corporate Rules: For transfers within corporate groups with approved data protection policies

You may request more information about the specific safeguards we use by contacting us at hello@puzzlepostcards.shop.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

After the retention period expires, we will securely delete or anonymise your personal data.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit using TLS/HTTPS
• Secure storage of passwords using industry-standard hashing algorithms
• Access controls limiting who can access your personal data
• Regular security assessments and updates
• Secure payment processing through PCI-compliant providers (Stripe, PayPal)

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience on our website. Cookies are small text files stored on your device that help us recognise you and remember your preferences.

8.1 Types of Cookies We Use

• Essential cookies: Necessary for the website to function properly (e.g., session management, security). These do not require consent.
• Functional cookies: Remember your preferences and settings to enhance your experience.
• Analytics cookies: Help us understand how visitors use our website. We use Google Analytics, which collects anonymised usage data.

8.2 Google Analytics

We use Google Analytics to analyse website traffic and user behaviour. Google Analytics uses cookies to collect information about your use of our website, including your IP address (anonymised), pages visited, and time spent on pages. This data is transmitted to and stored by Google on servers that may be located outside the EEA.

For more information, see Google's Privacy Policy and opt-out options.

8.3 Managing Cookies

You can control and manage cookies through your browser settings. Most browsers allow you to:

• View and delete cookies
• Block all cookies or only third-party cookies
• Set preferences for specific websites

Please note that blocking certain cookies may affect the functionality of our website.

9. Your Rights

Under the General Data Protection Regulation (GDPR) and other applicable data protection laws, you have the following rights regarding your personal data:

• Right of access: You have the right to request a copy of the personal data we hold about you.
• Right to rectification: You have the right to request correction of inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"): You have the right to request deletion of your personal data in certain circumstances.
• Right to restriction of processing: You have the right to request that we restrict processing of your personal data in certain circumstances.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to object: You have the right to object to processing of your personal data based on legitimate interests, including for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at hello@puzzlepostcards.shop. We will respond to your request within one month, as required by law.

Right to Lodge a Complaint

If you believe that we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For EU residents, you can find your local data protection authority at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

10. Children's Privacy

Our website and services are not intended for children under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children.

If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at hello@puzzlepostcards.shop, and we will take steps to delete such information.

11. Third-Party Links

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices or content of these third parties. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or for other operational, legal, or regulatory reasons. When we make changes, we will update the "Effective Date" at the top of this page.

For significant changes, we may notify you via email (if you have provided one) or by posting a prominent notice on our website. We encourage you to review this Privacy Policy periodically.