Skip to main content

GDPR

Crafty Biz GDPR Compliance

Last Updated: June 6, 2025

At Crafty Biz, we are committed to protecting the privacy and security of your personal data. This page outlines our approach to complying with the General Data Protection Regulation (GDPR), a comprehensive data protection law that applies to the processing of personal data of individuals in the European Union (EU) and European Economic Area (EEA).

1. What is GDPR?

The GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It aims to give individuals control over their personal data and simplify the regulatory environment for international business by unifying the regulation within the EU.

2. Our Commitment to GDPR

Crafty Biz is dedicated to ensuring that we handle your personal data lawfully, fairly, and transparently. We strive to:

    • Lawfulness, Fairness, and Transparency: Process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
    • Purpose Limitation: Collect personal data for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
    • Data Minimization: Ensure personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
    • Accuracy: Keep personal data accurate and, where necessary, kept up to date.
    • Storage Limitation: Retain personal data for no longer than is necessary for the purposes for which the personal data are processed.
    • Integrity and Confidentiality: Process personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
  • Accountability: Be able to demonstrate compliance with the above principles.

3. How We Collect and Process Your Data Under GDPR

As outlined in our main Privacy Policy, we collect and process data necessary for the operation of our e-commerce business. This includes:

  • Order Fulfillment: When you place an order, we collect information such as your name, shipping address, billing address, email, and phone number to process your purchase and deliver your goods.
  • Browse Behavior: We collect data on products viewed and abandoned carts to enhance your shopping experience and provide relevant recommendations. This is often processed by apps like Klaviyo.
  • Order Follow-up: We use your contact information for customer service, order updates, and post-purchase communications.
  • Marketing (with Consent): If you provide explicit consent, we may use your email address for marketing communications through platforms like Klaviyo. You can withdraw your consent at any time.
  • Website Analytics & Advertising: We use tools like Facebook Pixel to understand how users interact with our website, measure advertising effectiveness, and deliver targeted ads based on your Browse behavior. Where required by GDPR, we obtain your consent for such activities.

4. Our Use of Third-Party Processors and GDPR

We use several third-party applications and services that may process your data. We have taken steps to ensure that these partners are also committed to GDPR compliance:

  • BigCommerce: Our e-commerce platform is GDPR compliant and provides tools for data management.
  • Klaviyo: As our email marketing and customer communication platform, Klaviyo is GDPR compliant and offers features for consent management and data requests.
  • Facebook Pixel: Facebook has made significant efforts to comply with GDPR. We ensure that our implementation and use of Facebook Pixel respects user consent.
  • Payment Processors (Paywhirl, PayPal, Affirm): These services are responsible for the secure processing of your payment information and are independently GDPR compliant. They act as separate data controllers for the payment data they collect.
  • Other Apps: Any other apps or services integrated into our BigCommerce store are reviewed for their data handling practices and their commitment to GDPR.

5. Your GDPR Rights

Under GDPR, if you are an individual located in the EU/EEA, you have the following rights regarding your personal data:

    • Right to Information: You have the right to be informed about the collection and use of your personal data. This GDPR page and our Privacy Policy aim to provide this information.
    • Right of Access: You have the right to request a copy of the personal data we hold about you.
    • Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
    • Right to Erasure ("Right to be Forgotten"): You have the right to request the deletion of your personal data under certain circumstances (e.g., if the data is no longer necessary for the purposes for which it was collected).
    • Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data under certain conditions (e.g., if you contest the accuracy of the data).
    • Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where technically feasible.
  • Right to Object: You have the right to object to the processing of your personal data for direct marketing purposes, or where processing is based on legitimate interests.
  • Rights in Relation to Automated Decision-Making and Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain conditions are met.
  • Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
  • Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or where an alleged infringement of the GDPR occurred.

6. Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the details below. We will respond to your request within one month, as required by GDPR. We may need to verify your identity before fulfilling your request.

7. Data Protection Officer (DPO)

While Crafty Biz may not be legally required to appoint a Data Protection Officer, we have individuals responsible for ensuring our compliance with data protection principles. For all GDPR-related inquiries, please contact:

Crafty Biz info@craftybiz.net

8. International Data Transfers

As our website is based in the United States and we use US-based service providers (like BigCommerce, Klaviyo, Facebook), personal data collected from individuals in the EU/EEA may be transferred to and processed in the United States. We ensure that such transfers comply with GDPR requirements by relying on appropriate safeguards, such as Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms, where applicable.

9. Changes to This GDPR Page

We may update this GDPR Compliance page from time to time to reflect changes in our practices, legal requirements, or for other operational reasons. We will post the updated page on our website and revise the "Last Updated" date.

10. Contact Us

For any questions or concerns regarding our GDPR compliance or your data privacy, please contact us at:

Crafty Biz: info@craftybiz.net

!