1. Information We Collect

Personal Information

  • Identity & Contact Data: Full name, billing/shipping addresses, phone number, email address (e.g., [email protected]), and payment details.
  • Order Data: Purchase history, product preferences, and delivery instructions.
  • Account Data: Username/password for Summitlys accounts, wishlist items, and saved payment methods.

Technical & Usage Data

  • Device/Browser Data: IP address, device type, operating system, browser type, and unique identifiers (e.g., cookies).
  • Behavioral Data: Webpages visited, time spent on site, clickstream data, and referral sources.
  • Location Data: Approximate location derived from IP address or GPS (if enabled).

Third-Party Sources

  • Social media profiles (e.g., Facebook login), marketing partners, and payment processors (e.g., Stripe).

2. How We Use Your Information

  • Core Services: Process orders, deliver products, issue refunds, and provide customer support.
  • Marketing & Personalization: Send promotional emails (e.g., bedding sales), recommend products, and display targeted ads.
  • Business Improvements: Analyze sales trends, optimize website performance, and conduct customer surveys.
  • Legal Compliance: Prevent fraud, comply with tax laws (e.g., IRS reporting), and respond to court orders.

3. Data Sharing & Disclosure

  • Service Providers: Share data with logistics partners (e.g., UPS, FedEx), payment gateways, and cloud hosting services (e.g., AWS).
  • Legal & Safety: Disclose information to law enforcement, regulatory bodies, or in case of emergencies (e.g., product recalls).
  • Business Transfers: If Summitlys is acquired, customer data may be transferred to the new owner.
  • User Consent: Share data with third-party apps (e.g., Google Analytics) if users opt in.

4. Your Privacy Rights

  • Access/Correction: Request a copy of your data or correct inaccuracies via [email protected].
  • Deletion: Request deletion of personal data (subject to legal/tax retention requirements).
  • Opt-Out: Unsubscribe from marketing emails using the “unsubscribe” link or adjust cookie preferences.
  • CCPA Rights (California): Opt-out of data sales, request data portability, and limit use of sensitive information.
  • GDPR Compliance (EU/UK): Exercise right to erasure, object to automated profiling, and request data transfer.

5. Data Security

  • Encryption: Payment data encrypted via PCI-DSS standards; sensitive files protected with AES-256.
  • Access Controls: Role-based access for employees; multi-factor authentication for critical systems.
  • Breach Response: Notify affected users within 72 hours of a confirmed data breach.
  • No Storage of Sensitive Data: We do not store full payment card numbers or CVV codes.

6. International Transfers

  • Data Hosting: Data stored on U.S.-based servers (e.g., AWS East Coast region).
  • EU-U.S. Data Transfers: Compliant with EU-U.S. Privacy Shield frameworks for international users.

7. Policy Updates & Contact

  • Updates: Revised policies posted on www.summitlys.com/privacy-policy with a 30-day notice period.
  • Contact: For privacy inquiries, email [email protected].

8. Additional Legal Compliance

  • COPPA (Children’s Privacy): We do not knowingly collect data from children under 13. Parents can request data deletion via [email protected].
  • CAN-SPAM Act: All marketing emails include clear opt-out links and physical mailing addresses.
  • State-Specific Rules: Compliant with California’s CCPA, Virginia’s CDPA, and other U.S. state privacy laws.