Privacy Policy

1. Introduction

Firefly Journey ("we," "our," or "us") is committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

This policy applies to all information collected through our website firefly-journey.com and any related services, sales, marketing, or events.

2. Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Create an account or make a purchase
• Subscribe to our newsletter
• Contact our customer service team
• Participate in surveys or promotions
• Apply for employment opportunities

This information may include:

• Name and contact details (email, phone number, address)
• Payment information (processed securely through third-party providers)
• Account credentials and preferences
• Purchase history and order details
• Communication preferences

Automatically Collected Information

When you visit our website, we may automatically collect certain information about your device, including:

• IP address and geographic location
• Browser type and version
• Operating system
• Referral URLs
• Pages viewed and time spent on our site
• Device information and screen resolution

3. How We Use Your Information

We use the information we collect for various purposes, including:

• Processing transactions: To process orders, payments, and deliveries
• Customer service: To respond to inquiries and provide support
• Account management: To create and maintain your account
• Marketing communications: To send newsletters and promotional offers (with your consent)
• Website improvement: To analyze usage patterns and enhance user experience
• Legal compliance: To comply with applicable laws and regulations
• Fraud prevention: To detect and prevent fraudulent activities

4. Legal Basis for Processing (GDPR)

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to fulfill our obligations to you
• Legitimate interests: For business operations, fraud prevention, and website improvement
• Consent: When you have given explicit consent for marketing communications
• Legal compliance: To comply with legal obligations under UK and EU law

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following circumstances:

Service Providers

We may share information with trusted third-party service providers who assist us in:

• Payment processing
• Order fulfillment and shipping
• Email marketing services
• Website analytics
• Customer support tools

Legal Requirements

We may disclose your information if required by law or in response to valid requests by public authorities.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

6. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• SSL encryption for data transmission
• Secure server environments
• Regular security audits and updates
• Access controls and employee training
• PCI DSS compliance for payment processing

7. Data Retention

We retain your personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations
• Resolve disputes and enforce agreements
• Maintain accurate business records

Typically, we retain customer information for 7 years after the last transaction, unless a longer retention period is required by law.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

• Right of access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate information
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data to another service
• Right to object: Object to processing based on legitimate interests
• Right to withdraw consent: Withdraw consent for marketing communications

To exercise any of these rights, please contact us using the information provided below.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your browsing experience. For detailed information about our cookie practices, please refer to our Cookie Policy.

10. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

11. Children's Privacy

Our services are not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries outside the UK/EU. When we transfer data internationally, we ensure appropriate safeguards are in place, including:

• Adequacy decisions by the European Commission
• Standard contractual clauses
• Binding corporate rules
• Certification schemes

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a prominent notice on our website

Your continued use of our services after any changes indicates your acceptance of the updated policy.

14. Contact Information

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

15. Supervisory Authority

If you believe we have not addressed your concerns adequately, you have the right to lodge a complaint with the UK's Information Commissioner's Office (ICO):