1. Introduction:

SpicyTropics.Com (hereinafter called “We/we”, or “Us/us” or “Our/our”) is committed to protecting your privacy. When you visit, access, and use our website, you trust us with your data including personal data. In this privacy policy, we describe our practices with respect to your data. By reading the policy, you will get to know what data we collect, how we use it, and what rights you have in relation to it. Please take some time to read through it carefully, as it is important. By continuing to use our website, you acknowledge that you have had the chance to review and consider this privacy policy, and you acknowledge that you agree to it. This means that you also consent to the use of your data and the method of disclosure as described in this privacy policy. If you do not agree to the privacy policy, then you agree to immediately cease your use of our website.

2. What personal data do we collect about you?

The personal data that we collect depends on the context of your interactions with us and the Website. All personal data that you provide must be true, complete, and accurate, and you must notify us of any changes to such personal data. Briefly stating, we collect the following personal data that you voluntarily provide to us:

1. email address;
2. postal address;
3. phone number;
4. payment data;
5. user account login data, and social media login data for authentication and security purposes.

With respect to (v), we provide you with the option to register using social media account details, like your Facebook, Instagram, or other social media account. If you choose to register through your social media accounts, we will collect the social media login data.

3. What data is automatically collected when you visit, access, or use our website?

Some data that we collect about you do not reveal your personal identity. Such data is automatically collected by us when you visit, use, or navigate the websites. Such data may include device and usage data, such as your IP address, browser, and device characteristics, operating system, language preferences, referring urls, device name, country, location, data about how and when you use our website, and other technical information. This data is primarily needed to maintain the security and operation of our website, and for our internal analytics and reporting purposes.

4. For what purposes do we process, or utilize your data?

1. To make it possible for you to register or signup on the website by creating a personal user account or personal user profile on the website, enabling the sign-in or login process, and managing your user account;
2. To fulfill and manage your purchases for the product(s) on the website including the payments, returns, and exchanges made through the website;
3. To send you marketing and promotional communications, news, special offers, and general information about our product(s). You can opt out of our marketing emails at any time by clicking on the unsubscribe option;
4. To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication, regarding website or product(s) updates or informative communications related to the product(s), including the security updates, when necessary or reasonable for their implementation;user account login data, and social media login data for authentication and security purposes.
5. To send administrative information to you about your user account, website, product(s), information about changes to our terms, conditions, and policies, or any other or related information;
6. To post testimonials on the website that may contain personal data. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update or delete your testimonial, please contact us at and be sure to include your name, testimonial location, and contact information;
7. To deliver targeted advertising to you to develop and display content and advertising tailored to your interests and/or location and to measure its effectiveness;
8. To request feedback about our website, and product(s);
9. To protect our website as part of our efforts to keep our websites safe and secure (for example, for fraud monitoring and prevention);
10. To enable user-to-user communications in online discussion forums;
11. To enforce our terms, conditions, and policies;
12. To respond to legal requests and prevent harm to you or to us. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond;
13. For business activities, to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or another sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which data held by us about our users is among the assets transferred;
14. For other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and evaluating and improving our websites, product(s), marketing, and your experience;
15. To attend and manage your requests to us;
16. To otherwise interact with you for any other legitimate purpose or activities.

5. What is the legal basis for processing your personal data?

We may process personal data under the following conditions:

1. Consent:
   You have given your consent for processing personal data for one or more specific purposes.
2. Performance of a contract:
   Provision of personal data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
   
3. Legal obligations:
   Processing personal data is necessary for compliance with a legal obligation to which you are subject.
4. Vital interests:
   Processing personal data is necessary in order to protect your vital interests or of another natural person.
5. Public interests:
   Processing personal data is related to a task that is carried out in the public interest or in the exercise of official authority vested with us.
6. Legitimate interests:
   Processing personal data is necessary for the purposes of our legitimate interests pursued by us.
   In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

6. Will your data be shared with anyone?
We only share data with your prior consent, to comply with laws, protect your rights, or fulfil our business obligations. We only share and disclose your data in the following situations or to the following recipients:

1. Government bodies or courts:
   We may share or disclose your data where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal processes, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements). We may disclose your data where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
2. Service providers:
   We may share your data with third-party service providers including consultants, vendors, independent contractors, or agents who perform services for us or on our behalf and require access to such data to perform such services. Such services may include marketing or promotional efforts, customer service, hosting services, payment processing, data analysis, and email delivery. Unless described in this Policy, we do not share, sell, rent or trade any of your data with third parties for their promotional purposes.
3. Business transfers, mergers, or acquisitions:
   We may share or transfer your data in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
4. Third-party advertisers:
   We may use third-party advertising companies to serve ads when you visit the website. These companies may use data about your visits to our website and other tracking technologies in order to provide advertisements about the product(s) of interest to you.
5. Affiliates and business partners:
   We may share your data with our affiliates and business partners, in which case we will require those affiliates and business partners to comply with this privacy policy.
   
6. Other users:
   When you share data by posting comments, contributions, or other content to the website or otherwise interacting with public areas of the website, such data may be viewed by all users and be publicly distributed outside the website in perpetuity. When you interact with other users of the website, the other users may be able to view your user profile and descriptions of your activity. 
7. With your consent:
   We may disclose your data for any other purpose with your prior consent.

7. Do we use cookies and other tracking technologies on the website?

Yes, we use cookies, web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs), and similar tracking technologies to access, track or store data. Cookies are small pieces of data stored on your computer or mobile device by your web browser. These small files contain a string of characters, to your IP address, giving the browser distinct identification, in order to keep track of your preferences. Among other things, cookies help us improve our website and your experience. Cookies are used to track your online activity and behavior for marketing purposes.

Given the commercial nature of cookies, such cookies are subject to regulatory restrictions especially the European Union’s General Data Protection Regulation, and explicit consent of the users is required for using such cookies. Most web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to remove cookies and reject cookies. If you set your browser to reject cookies, then you may not be able to access some features or functionalities on our website. For more information on how to reject cookies, see your browser’s instructions on changing your cookie settings. You can prevent the storage of cookies by choosing a ‘disable cookies” option in your browser settings.

Certain sections of our website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

8. Do we use website analytics?

Yes, we use Google Analytics to monitor and analyze your use of our website.

9.  How do we handle your social media login?

If you choose to register or log in to our website using a social media account, we may have access to certain data about you.

Our website offers you the ability to. Where you choose to register and log in using your third-party social media account details (like your Facebook or Twitter logins), we will receive certain profile information about you from your social media provider. The profile information we receive may vary depending on the social media provider concerned, but will often include your name, profile picture, friends or connections, posts as well as other data you choose to make public. 

We will use the data we receive only for the purposes that are described in this privacy policy or that are otherwise made clear to you on the website. Please note that we do not control, and are not responsible for, other uses of your data by your third-party social media provider. We recommend that you review their privacy policy to understand how they collect, use and share your data, and how you can set your privacy preferences on their websites and apps.

10. What about links to third-party websites and mobile applications on the website?

Our website may, from time to time, contain links to and from other websites or mobile apps of third parties. Please note that if you follow a link to any of these websites or mobile apps, such websites or mobile apps will apply different terms to the collection and privacy of your personal data and we do not accept any responsibility or liability for these policies. When you leave our website, we encourage you to read the privacy policy of every website you visit.

11. How long do we retain your data?

Briefly stating, we will only keep your data for as long as it is necessary for the purposes set out in this privacy policy unless a longer retention period is required or permitted by law. When we have no ongoing legitimate business need to process your data, we will either delete or anonymize it, or, if this is not possible (for example, because your data has been stored in backup archives), then we will securely store your data and isolate it from any further processing until deletion is possible.

12.  How do we secure and protect your data?

We take due care to protect your data. We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal data. We take reasonable steps to help protect your data in an effort to prevent the loss, misuse, unauthorized access, disclosure alteration, and destruction. The data you provide to us is shared on our secure servers. We have implemented appropriate physical, technical and organizational measures designed to secure your data against accidental loss and unauthorized access, use, alteration, or disclosure. In addition, we limit access to personal data on a need-to-know basis to those employees or third parties that have a legitimate business need for such access.

If you are concerned about your data, you have the right to request access to the personal data which we may hold or process about you. You have the right to require us to correct any inaccuracies in your data free of charge. At any stage, you also have the right to ask us to stop using your personal data for direct marketing purposes. However, please also remember that we cannot guarantee that anything on the internet itself is completely secure. Although we will do our best to protect your data, the transmission of data to and from our website is at your own risk. You should only access the website within a secure environment.

13. How do we transfer your data?

Your data is processed at our operating offices and in any other places where the parties involved (third-party service providers) in the processing are located. It means this data may be transferred to and maintained on devices outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction. Your consent to this privacy policy followed by your submission of such data represents your agreement to that transfer. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy and no transfer of your data will take place to an organization or a country unless there are adequate controls in place including the security of your data.

14. How do we deal with the data collected from minors?

We do not knowingly collect data from children under 16 years of age. We do not knowingly market our product(s) to children under 16 years of age. By using the website, you represent that you are at least 16 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the website. If we become aware that data from users under the age of 16 years has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.  If you become aware of any data, we have collected from children under the age of 16, please contact us at Privacy@SpicyTropics.Com.

15. How do we process your payment data?

We display paid product(s) on the website. In that case, we will use third-party services for payment processing (e.g., payment processors). We will not store or collect your payment card details. That data is provided directly to our third-party payment processors namely Visa, Mastercard, and PayPal whose use of your data is governed by their privacy policies. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment data. You should contact the payment processor directly for any questions regarding the collection, processing, storage, use, and retention of your payment data.

16. What are your rights under the GDPR?

We respect the confidentiality of your personal data. We will provide you with complete support in exercising your rights. You have the right under this privacy policy, and by law, if you are within the European Union, to:

1. Request access to your personal data:
   The right to access, update or delete the data we have about you. Whenever made possible, you can access, update or request deletion of your personal data directly by contacting us. This also enables you to receive a copy of the personal data we hold about you.
2. Request correction of personal data:
   You have the right to have corrected any incomplete or inaccurate data we hold about you.
   
3. Object to processing of your personal data:
   This right exists where we are relying on legitimate interest as the legal basis for our processing and there is something about your particular situation, which makes you want to object to our processing of your personal data on this ground. You also have the right to object to where we are processing your personal data for direct marketing purposes.
   
4. Request erasure of your personal data:
   You have the right to ask us to delete or remove your personal data when there is no good reason for us to continue processing it.
   
5. Withdraw your consent:
   You have the right to withdraw your consent to use your personal data. If you withdraw your consent, we may not be able to purchase our product(s) or we may not be able to provide you with access to the website.
   

17. How can you exercise your GDPR data protection rights?

You may exercise your rights of access, rectification, cancellation, and opposition by contacting us at Privacy@SpicyTropics.Com. Please note that we may ask you to verify your identity before responding to such requests. If you make a request, we will try our best to respond to you as soon as possible. You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

18. Do we make updates to this policy?

We may update this privacy policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy policy, we may notify you through email. We encourage you to review this privacy policy frequently to be informed of how we are protecting your data.

19.  How can you contact us?

If you have any questions regarding this policy, please contact us at Privacy@SpicyTropics.Com.