Privacy policy.

Updated Privacy Policy for Empower Palette with GDPR Clauses

Last Updated: April 1, 2025

Welcome to Empower Palette (“we,” “us,” or “our”). This Privacy Policy explains how we collect, use, share, and protect your information when you visit our blog or purchase physical products through our Squarespace-hosted website. By using our site, you agree to this policy.

---

1. Information We Collect

a. Information You Provide:

  • Blog Interactions: Name, email address, and comments when you engage with blog content.

  • Purchases: Name, billing/shipping address, payment details (processed securely via Stripe/PayPal), and contact information.

  • Newsletters: Email address if you subscribe.

b. Automatically Collected Data:

  • Usage Data: Squarespace analytics collect IP address, browser type, device information, pages visited, and referral URLs.

  • Cookies: Squarespace and third-party services (e.g., Google Analytics) use cookies to enhance functionality and track usage.

2. How We Use Your Information

  • Fulfill orders, process payments, and ship products.

  • Respond to inquiries, comments, or requests.

  • Improve blog content and user experience.

  • Send newsletters (with opt-out options).

  • Comply with legal obligations.

Lawful Basis Under GDPR:

  • We process personal data under the following lawful bases:

    • Contractual Necessity: To fulfill orders and provide services you request.

    • Consent: For newsletters, cookies, and marketing communications (you may withdraw consent at any time).

    • Legitimate Interests: To improve our website, prevent fraud, and enhance user experience.

3. Sharing Your Information

  • Service Providers: Squarespace (hosting), Stripe/PayPal (payments), and shipping partners (e.g., USPS, FedEx).

  • Legal Compliance: If required by law or to protect our rights.

  • Business Transfers: In mergers or acquisitions, with notice.

  • International Data Transfers:

    • Your data may be transferred to and processed in the United States, where our hosting provider (Squarespace) and payment processors (e.g., Stripe, PayPal) operate.

    • For EU/UK residents, we ensure safeguards such as:

      • Standard Contractual Clauses (SCCs) with third-party providers.

      • Compliance with the EU-U.S. Data Privacy Framework (DPF) where applicable.

4. Your Rights

  • Access/Correction: Request your data via chelsea@empowerpalette.com.

  • Deletion: Ask to delete non-essential data, subject to legal requirements.

  • Opt-Out: Unsubscribe from emails using the link in newsletters.

  • Cookies: Adjust browser settings to disable cookies (may affect site functionality).

  • CCPA/Californians: California residents may request disclosure/deletion of personal data.

5. Your Rights Under GDPR

EU/UK residents have the following rights regarding their personal data:

  • Access: Request a copy of your data.

  • Rectification: Correct inaccurate or incomplete data.

  • Erasure (“Right to Be Forgotten”): Request deletion of data under certain conditions.

  • Restriction of Processing: Limit how we use your data.

  • Data Portability: Receive your data in a structured, machine-readable format.

  • Object: Opt out of processing based on legitimate interests or direct marketing.

  • Withdraw Consent: Revoke consent for newsletters or cookies at any time.

To exercise these rights, contact us at chelsea@empowerpalette.com. We will respond within 30 days and may request verification of your identity.

6. Data Retention

  • Order data retained for tax/legal purposes (typically 7 years).

  • Blog comments retained until deleted or requested for removal.

  • Marketing data kept until you unsubscribe.

  • Data is retained only as long as necessary for the purposes outlined, in compliance with GDPR principles.

7. Security & Breach Notification

  • We implement SSL encryption and partner with GDPR-compliant vendors.

  • In the event of a data breach affecting EU/UK residents, we will notify relevant authorities (e.g., the ICO or CNIL) within 72 hours and affected users without undue delay.

8. Third-Party Links

Our blog may link to external sites. We are not responsible for their privacy practices.

9. EU Representative

If required under GDPR Article 27, we have appointed an EU-based representative. Contact details:
Chelsea Mason
Email: chelsea@empowerpalette.com
Address: N/A

10. Cookies & Consent

  • We use cookies only with your explicit consent (via a cookie banner). Adjust preferences at any time through your browser settings.

  • Third-party tools (e.g., Google Analytics) comply with GDPR and anonymize IP addresses where possible.

11. Children’s Privacy

We do not target or collect data from children under 13. Contact us to remove accidental data.

12. Contact Us

For GDPR-specific inquiries or to exercise your rights:
Email: chelsea@empowerpalette.com
Postal Address: N/A
EU Representative: Chelsea Mason

13. Updates to This Policy

Changes will be posted here. Material updates affecting EU/UK users will be communicated via email (if we have your contact details).