Privacy Policy

1. Introduction

HAPPYPIP ("Company," "we," "us," or "our") is committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you visit our website, HAPPYPIP.COM (the "Website"), and use our services, including purchasing our products.

We recognize the importance of your privacy and are committed to maintaining the trust and confidence of our customers, visitors to our Website, and users of our services. This Privacy Policy is designed to help you understand what information we collect, why we collect it, how we use it, and how we protect it.

This Privacy Policy applies to all users of the Website, regardless of whether you are located within the United States, the European Union, or elsewhere. We process personal data in accordance with applicable privacy laws, including, but not limited to, the General Data Protection Regulation ("GDPR") for users in the European Union, the California Consumer Privacy Act ("CCPA") for residents of California, and applicable U.S. Texas privacy laws.

By accessing or using our Website and services, you agree to this Privacy Policy and consent to our collection, use, disclosure, and retention of your information as described herein. If you do not agree with this Privacy Policy, please do not use our Website or services.

2. Definitions

For the purposes of this Privacy Policy, the following definitions apply:

• "Website" refers to HAPPYPIP.COM and any associated subdomains, platforms, or services owned and operated by the Company.
• "Personal Data" means any information relating to an identified or identifiable natural person ("Data Subject"); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
• "Processing" means any operation or set of operations which is performed on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
• "Controller" means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
• "Processor" means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Controller.
• "Data Subject" refers to any identified or identifiable natural person whose Personal Data is processed by the Controller.
• "GDPR" refers to the General Data Protection Regulation (EU) 2016/679.
• "CCPA" refers to the California Consumer Privacy Act of 2018.
• "Texas Privacy Laws" refers to privacy laws applicable within the state of Texas, including but not limited to the Texas Identity Theft Enforcement and Protection Act (TITEPA) and other relevant state regulations.

3. Data Collection

3.1 Types of Data Collected

HAPPYPIP collects various types of information to provide and improve our services, including the following categories of Personal Data:

• Personal Identification Information: This includes your name, email address, postal address, telephone number, date of birth, and other identifiers.
• Payment Information: Credit card numbers, billing addresses, and other financial data necessary to process your transactions.
• Device and Usage Data: IP addresses, browser type and version, time zone settings, operating system, pages visited, links clicked, and other browsing actions.
• Location Data: We may collect information about your location if you enable this feature on your device.
• Cookies and Tracking Technologies: We use cookies, web beacons, and other tracking technologies to collect information about your browsing behavior.
• Communication Data: If you contact us via email, phone, or other methods, we may collect and store the content of your communication along with your contact details.

3.2 How Data is Collected

We collect data in the following ways:

• Directly from You: When you create an account, place an order, subscribe to our newsletter, or contact customer support.
• Automatically: As you navigate through our Website, using cookies, server logs, and other technologies.
• From Third Parties: We may receive data from third-party partners, such as payment processors, advertising networks, and analytics providers.

3.3 Special Categories of Data

We do not intentionally collect any special categories of personal data (e.g., data related to health, religious beliefs, racial or ethnic origin, or sexual orientation) unless explicitly required by law or necessary for providing our services, and with your explicit consent.

4. Legal Basis for Data Processing

Under the GDPR, CCPA, and other applicable laws, HAPPYPIP must establish a legal basis for processing your Personal Data. The legal bases include:

4.1 Consent

We may process your Personal Data if you have given your explicit consent for one or more specific purposes, such as signing up for our newsletter.

4.2 Performance of a Contract

We process Personal Data when necessary for the performance of a contract, such as processing your order and delivering products.

4.3 Compliance with Legal Obligations

We may process Personal Data when necessary for compliance with a legal obligation, including tax reporting, responding to legal requests, and maintaining records required by law.

4.4 Legitimate Interests

We process your Personal Data when necessary for our legitimate interests, provided that these interests are not overridden by your fundamental rights and freedoms, such as improving our Website or securing our IT systems.

4.5 Vital Interests

In certain rare circumstances, we may process Personal Data to protect the vital interests of you or another person.

4.6 Public Interest

Where necessary, we may process Personal Data for the performance of a task carried out in the public interest.

4.7 Compliance with CCPA

For California residents, we process Personal Data in accordance with the CCPA, which may include fulfilling your requests for information, responding to opt-out requests, and other consumer rights.

5. Purposes of Data Collection and Processing

5.1 To Provide and Improve Our Services

We use your Personal Data to operate, maintain, and improve our Website and services, including processing orders, managing your account, and providing customer support.

5.2 To Personalize Your Experience

We use data to personalize your experience, including providing tailored content, product recommendations, and special offers based on your preferences and browsing history.

5.3 To Process Transactions

Your payment information is used solely for processing transactions and ensuring the security of your financial data.

5.4 To Communicate with You

We use your contact information to communicate about your orders, respond to inquiries, and send updates. If you opt-in, we may also send promotional materials and newsletters.

5.5 To Comply with Legal Requirements

We process your data to comply with legal obligations, such as tax reporting, regulatory requirements, and responding to lawful requests from public authorities.

5.6 To Prevent Fraud and Ensure Security

We process data to detect, prevent, and mitigate fraudulent activities, unauthorized access, and other security threats.

5.7 For Marketing and Advertising

With your consent, we may use your Personal Data for marketing purposes, such as displaying targeted advertisements and measuring the effectiveness of our campaigns.

5.8 To Analyze and Improve Our Business

We use aggregated and anonymized data to understand user behavior, improve our products and services, and make data-driven business decisions.

6. User Rights

Under the GDPR, CCPA, and applicable Texas privacy laws, you have specific rights regarding your Personal Data:

6.1 Right to Access

You have the right to request access to the Personal Data we hold about you, including the purposes of processing, categories of data processed, and recipients of your data.

6.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete Personal Data.

6.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your Personal Data in certain circumstances, such as when the data is no longer necessary for its original purpose or if you withdraw your consent.

6.4 Right to Restriction of Processing

You have the right to request that we restrict processing of your Personal Data in certain situations, such as when you contest the accuracy of the data.

6.5 Right to Data Portability

You have the right to receive a copy of your Personal Data in a structured, commonly used, and machine-readable format, and to request transfer to another controller where technically feasible.

6.6 Right to Object

You have the right to object to processing of your Personal Data based on our legitimate interests or for direct marketing purposes.

6.7 Right to Withdraw Consent

Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

6.8 Right to Non-Discrimination (CCPA)

Under the CCPA, you have the right not to be discriminated against for exercising your privacy rights.

6.9 Exercising Your Rights

To exercise any of these rights, please contact us using the information provided in Section 25. We may require verification of your identity before fulfilling your request.

7. Data Retention

7.1 Retention Periods

HAPPYPIP retains your Personal Data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Criteria include the purpose of collection, legal obligations, and legitimate interests.

7.2 Deletion of Data

Once the retention period expires, or upon your request for deletion (where applicable), we will securely delete or anonymize your Personal Data, unless we are required by law to retain it.

7.3 Data Retention for Marketing Purposes

If you have consented to receive marketing communications, we will retain your contact information until you withdraw your consent or opt-out.

8. Data Security

HAPPYPIP takes the security of your Personal Data seriously and implements appropriate technical and organizational measures to protect your data.

8.1 Security Measures

• Encryption: We use industry-standard encryption protocols to protect your data during transmission and storage.
• Access Controls: Access to Personal Data is restricted to authorized personnel only with strict confidentiality obligations.
• Regular Security Audits: We conduct regular security audits and assessments to identify potential vulnerabilities.
• Incident Response Plan: We have a comprehensive incident response plan to quickly identify, contain, and mitigate data breaches.

8.2 User Responsibilities

• Use Strong Passwords: Create strong, unique passwords and avoid reusing them across sites.
• Secure Your Devices: Ensure your devices have up-to-date antivirus software and firewalls.
• Be Cautious with Phishing: HAPPYPIP will never ask for your password or payment information via email or phone.

8.3 Reporting Security Issues

If you believe your account or data has been compromised, please contact us immediately using the information in Section 25.

9. Cookies and Tracking Technologies

HAPPYPIP uses cookies and similar tracking technologies to enhance your experience on our Website, understand how you interact with our content, and deliver personalized advertisements. Please refer to our Cookie Policy for detailed information.

10. Data Sharing and Disclosure

10.1 Service Providers

We may share your Personal Data with third-party service providers who perform functions on our behalf, such as processing payments, delivering products, providing marketing assistance, and conducting analytics. These providers are contractually obligated to protect your data.

10.2 Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your Personal Data may be transferred to the new owner. We will notify you of such events.

10.3 Legal Requirements

We may disclose your Personal Data when required by law or in response to valid requests by public authorities.

10.4 Data Sharing for Advertising

We may share anonymized or aggregated data with advertising partners for marketing purposes. This data cannot be used to identify you personally.

10.5 Your Rights Regarding Data Sharing

Opt-Out of Data Sharing: California residents have the right to opt-out of the sale of Personal Data under the CCPA. Use the "Do Not Sell My Personal Information" link on our Website or contact us directly.

Data Subject Rights: EU residents have the right to object to data sharing in certain circumstances under the GDPR. Contact us using the details in Section 25.

11. International Data Transfers

11.1 Data Transfers from the European Union

If you are located in the EU, your Personal Data may be transferred outside the EU. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for cross-border data transfers.
• Binding Corporate Rules (BCRs): Where applicable, approved by EU data protection authorities.

11.2 Data Transfers to Other Jurisdictions

For users outside the EU, we comply with relevant data protection laws when transferring data across borders.

11.3 Your Rights Regarding International Transfers

You have the right to request more information about our safeguards for international data transfers. Contact us using the information in Section 25.

12. Children's Privacy

12.1 Age Restrictions

You must be at least 21 years old to use our Website or services. By using our Website, you represent that you meet this age requirement.

12.2 Parental Consent

We comply with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have inadvertently collected Personal Data from a child under 13, we will delete such data promptly.

12.3 Reporting Child Privacy Concerns

If you are a parent or guardian and believe your child has provided us with Personal Data without consent, please contact us immediately using the information in Section 25.

13. Data Subject Requests

13.1 How to Submit a Request

You can submit a data subject request by contacting us through the methods in Section 25. Please include your full name, email address associated with your account, description of your request, and any additional information for verification.

13.2 Verification Process

We may ask you to verify your identity before processing your request, which may include providing proof of identity.

13.3 Response Timeframes

Under the GDPR, we typically respond within one month (extendable by two months). Under the CCPA, we respond within 45 days (with a possible 45-day extension).

13.4 Denial of Requests

We may deny requests where we have a legal basis to do so, such as when data retention is required by law. We will inform you of the reason for denial.

13.5 Cost of Processing Requests

We generally do not charge a fee for processing requests. However, for manifestly unfounded or excessive requests, we reserve the right to charge a reasonable fee or refuse to act.

14. Automated Decision-Making and Profiling

14.1 What is Automated Decision-Making?

Automated decision-making refers to decisions made by automated means, without human involvement, based on Personal Data.

14.2 Your Rights

Under the GDPR, you have the right not to be subject to decisions based solely on automated processing if those decisions produce legal or similarly significant effects. You have the right to:

• Obtain human intervention in reviewing automated decisions
• Express your point of view and contest automated decisions
• Object to profiling, particularly for direct marketing purposes

To exercise these rights, please contact us using the information in Section 25.

15. Marketing Communications

15.1 Consent for Marketing

We will only send marketing communications if you have opted in. Consent may be collected when you create an account, subscribe to our newsletter, or otherwise express interest.

15.2 Types of Marketing Communications

• Email Marketing: Promotional offers, newsletters, and product updates.
• SMS and Push Notifications: With your consent, promotional messages via SMS or push notifications.
• Targeted Advertising: Personalized advertisements based on your browsing history.

15.3 Managing Your Preferences

Opt-Out: You can opt out at any time by clicking "unsubscribe" in marketing emails or adjusting your account settings.

Do Not Track Signals: If your browser sends a "Do Not Track" signal, we will respect your preferences.

15.4 Legal Basis

Under GDPR, marketing processing is based on explicit consent. Under CCPA, California residents can opt out of the sale of Personal Data via the "Do Not Sell My Personal Information" link on our Website.

16. Third-Party Links and Services

16.1 Third-Party Links

Links to third-party websites do not imply endorsement by HAPPYPIP. These links are provided for your convenience, and you access them at your own risk. We encourage you to review third-party privacy policies.

16.2 Third-Party Services

We may engage third-party service providers for payment processing, product delivery, or analytics. These providers are contractually obligated to protect your data. We may also partner with third-party advertising networks who may use cookies to deliver personalized ads.

16.3 Your Responsibilities

Review the privacy policies of any third-party websites you interact with and exercise caution when sharing personal information.

17. Data Breach Response

17.1 Identification and Containment

We continuously monitor our systems for unauthorized access. If a breach is detected, we take immediate steps to contain it.

17.2 Assessment and Mitigation

We assess the scope and impact of any breach and implement appropriate measures to mitigate effects and prevent future breaches.

17.3 Notification Procedures

If a breach is likely to result in high risk to your rights, we will notify affected individuals without undue delay. We will also notify relevant regulatory authorities within required timeframes (e.g., 72 hours under GDPR).

17.4 Legal Obligations and Cooperation

We comply with all legal obligations related to data breach notification and fully cooperate with law enforcement and regulatory authorities.

18. Changes to the Privacy Policy

18.1 Notification of Changes

If we make material changes, we will notify you by posting a notice on our Website or by email. The "Last Updated" date at the top indicates when the Policy was last revised.

18.2 Your Responsibility

We encourage you to review this Privacy Policy periodically. Your continued use of our Website after changes constitutes acceptance of the updated Policy.

18.3 Withdrawal of Consent

If you do not agree with changes, you may withdraw your consent by contacting us as described in Section 25. Withdrawing consent may limit your ability to use certain features.

19. Data Protection Officer (DPO)

19.1 Appointment of a DPO

In accordance with GDPR requirements, HAPPYPIP has appointed a Data Protection Officer to oversee data protection strategies and ensure compliance. The DPO monitors processing activities, provides guidance, conducts impact assessments, and serves as a point of contact for data subjects and supervisory authorities.

19.2 Contacting the DPO

Contact our DPO with any questions or concerns using the information in Section 25. If you are not satisfied with the response, you may lodge a complaint with your local data protection authority.

20. Consent Management

20.1 Obtaining Consent

Where required by law, we obtain explicit consent before collecting or processing your Personal Data for specific purposes. If you are under 21, you are not permitted to use our Website or services.

20.2 Managing and Withdrawing Consent

You can manage your consent preferences at any time through your account settings or by contacting us directly. You have the right to withdraw consent at any time without affecting the lawfulness of prior processing.

20.3 Documentation of Consent

We maintain records of all consents obtained, including date, time, manner of consent, and specific details of what was consented to.

21. Data Anonymization and Pseudonymization

21.1 Anonymization

Anonymization removes personal identifiers so data can no longer be linked to an individual. We may use anonymized data for research, statistical analysis, and improving our services.

21.2 Pseudonymization

Pseudonymization processes Personal Data so it cannot be attributed to a specific person without additional information, which is kept separately and securely. Access to re-identification information is strictly controlled.

22. Employee and Contractor Privacy

22.1 Collection of Employee and Contractor Data

We collect Personal Data from employees and contractors for employment-related purposes, including contact information, payroll data, performance evaluations, and work history.

22.2 Data Processing and Security

We process employee and contractor data in accordance with employment laws and contracts. Data is stored securely with access restricted to authorized personnel.

22.3 Employee Rights

Employees and contractors have the right to access their Personal Data and request corrections. We maintain confidentiality and only share data with third parties for legitimate purposes.

23. Data Integrity and Accuracy

23.1 Accuracy of Data

It is important that the Personal Data you provide is accurate and up-to-date. Please inform us promptly of any changes.

23.2 Data Updates and Corrections

You have the right to request updates or corrections to your Personal Data through your account settings or by contacting us directly.

23.3 Minimization of Data

We adhere to the principle of data minimization, collecting and retaining only Personal Data that is necessary for specified purposes.

24. Law Enforcement and Legal Requests

24.1 Legal Basis for Disclosure

We may disclose Personal Data to law enforcement or governmental authorities if required by law, including in response to court orders, subpoenas, or other legal processes, or when necessary to protect rights, property, or safety.

24.2 Procedure for Handling Requests

We verify the legitimacy of requests before disclosing data and may seek to limit scope where possible. Where permitted by law, we will notify you of legal requests for your data.

24.3 Data Sharing with Authorities

We share only the minimum amount of data necessary to comply with legal requests and cooperate with authorities in a lawful manner.

25. Contact Information and Complaints

25.1 Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at info@happypip.com.

25.2 Complaints and Dispute Resolution

If you believe your rights have been violated or that we have not adhered to this Privacy Policy, you have the right to file a complaint with us. We take all complaints seriously and will work to resolve them promptly.

25.3 Feedback

We value your feedback on how we can enhance our privacy practices. Please let us know using the contact information above.