PRIVACY POLICY
Fantaslook.com Privacy Policy
(Effective Date: August 15, 2025)
(Compliant with GDPR, CCPA, and Other Applicable Laws)
1. Introduction
Fantaslook.com (“we,” “us,” or “our”) operates the Fantaslook website and mobile applications (“Services”). This Privacy Policy explains how we collect, use, share, and protect Personal Information (as defined below) in compliance with the EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable laws. By using our Services, you consent to the practices described herein.
2. Data Collection & Use
2.1 Types of Data Collected
A. Data You Provide:
Account Registration: Name, email, phone number, password.
Transactions: Credit/debit card details (masked), billing/shipping addresses.
Interactions: Customer support chats, survey responses, return requests.
B. Automatically Collected Data:
Device Data: IP address, browser type, OS, device identifiers.
Behavioral Data: Pages viewed, cart activity, session duration.
Location: Approximate GPS coordinates (non-precise).
C. Cookies & Tracking Technologies:
Purpose: Session management, analytics, personalized ads, security.
Management: Users may configure browser settings to reject non-essential Cookies [Cookie Policy].
2.2 Purposes of Data Processing
Service Delivery: Process orders, prevent fraud, maintain account security.
Improvement: Analyze usage trends to enhance functionality.
Communication: Send service updates, promotional emails (with consent).
Legal Compliance: Respond to law enforcement requests.
3. Data Sharing & Third Parties
We share data only as necessary under the following circumstances:
Service Providers:
Payment Processors: Masked card details, billing addresses.
Logistics Partners: Shipping addresses, contact info.
Marketing Vendors: Device IDs, purchase history (for ads).
Contracts: Require data minimization, annual audits, and deletion post-delivery.
Legal Obligations:
Disclose data under valid court orders, tax audits, or national security requests.
Business Transfers:
In mergers/acquisitions, transfer data to new owners under SCCs or BCRs.
4. User Rights & Choices
4.1 GDPR Rights (EU Users):
Access/Correct/Delete: Submit requests via privacy@fantaslook.com.
Portability: Receive data in machine-readable format.
Objection: Restrict processing for direct marketing.
4.2 CCPA Rights (California Users):
Opt-Out of Sales: No sales of personal data; opt-out via Global Privacy Control signal.
Delete Requests: Erase personal data within 30 days.
4.3 Children’s Privacy:
Age Restrictions: Do not knowingly collect data from children under 13 (COPPA) or 16 (CCPA).
Takedown Process: Delete data within 24 hours of discovery.
5. Cross-Border Data Transfers
EU Data: Transmitted to the U.S. under SCCs and EU-US Data Privacy Framework.
User Consent: Required for transfers outside the EEA.
6. Security Measures
Encryption: TLS 1.3 for data in transit; AES-256 for stored data.
Access Controls: Role-based permissions, multi-factor authentication.
Audits: Quarterly vulnerability scans, annual SOC 2 Type II reports.
7. Data Retention
Retention Period: Data retained only as necessary for stated purposes or legal requirements (typically 24 months post-account closure).
Deletion: Automated deletion of inactive accounts after 12 months.
8. Updates to This Policy
Changes: Policy updates communicated via email or banner alerts.
Effective Date: Continued use after updates constitutes acceptance.
9.Third-Party Services
External Links: Not responsible for third-party privacy practices (e.g., social media widgets).
10. Contact Information
Privacy Team: privacy@fantaslook.com