Updated: October 25, 2018
We are Data Controller in relationship with all partners including Facebook and Google, except with BabeSafe in New Zealand. BabeSafe is Data Controller and Baby Mattress Covers, LLC is Data Processor when Personal Data is emailed to New Zealand for fulfillment.
Baby Mattress Covers, LLC has determined that it qualifies for the exception and does not need an EEA representative. We have overall relatively low volume in yearly sales. Only 10%, or 51 cover orders, of our sales were specifically to the EEA regions in 2017. We believe our EEA sales can be classified as occasional processing of Personal Data of EEA citizens. The processing is primarily of contact/payment information and thus not on a large scale. The Personal Data is not of a special category such as of criminal offences. Finally, our processing of Data does not put our customer’s freedom or rights at great risk through the processing of that Data.
We are now fully General Data Protection Regulation, that is, fully GDPR compliant and are able to process and ship orders to the European Economic Area countries.
§ 1. Cookies
● Your Accepting Cookies:
◽ If you are do not wish to give your consent for use of this website, but still wish to purchase a mattress cover, please call us during business hours to make your BabeSafe® mattress cover purchase through our Authorize.Net virtual terminal.
● Our Website and Store:
◽ Our Ecwid powered BabeSafe® Store WordPress widget plugin is itself EU General Data Protection Regulation (GDPR) compliant and on a European server, but redirected through the Traverse City IP address.
● Google Tag Manager:
◽ Google Tag Manager contains the following tags on all our pages of our website: Zotabox, Facebook Pixel, Google Analytics and Google Ads. The cookies collected through these services are for e-commerce success evaluation, social media and ad marketing, as well as for page visit analysis. The latter page visit analysis is for site traffic study and for website design improvement.
» The Zotabox tag in Google Tag Manager places script for the EU Cookie Notification banner on all our website pages. Zotabox places a session-cookie on your browser that retains your consent for as long as your browser is open. The Zotabox cookie is also associated with the Social Media Buttons, Social Media Bar on mobile and the Social Reviews (which accesses the web to our reviews made on Google).
» The two Facebook Pixel associated with our website are of the Ad Pixel type. One Pixel is associated with the BabeSafe Mattress Covers Facebook page and the other is associated with the Baby Mattress Covers, LLC Facebook page. Both Pixel IDs accumulate Customer Data consisting of Contact Information (name, email address, phone number, location and gender) and Event Data (actions taken, such as website page visits and purchase steps made). With the EU GDPR, this Customer Data is termed Personal Data.
» The Facebook Contact Information is used with Event Data to make pairing matches with Facebook or Instagram user IDs for your respective accounts. Once the match has been made, the Contact Information is deleted.
» The Facebook Event Data is used to generate Facebook Analytics reports for the Facebook and Instagram ad campaigns we run and to provide business insight into how you interact with our website and Store. We target Facebook-generated ad Audiences taken from non-Baby Mattress Covers, LLC Customer Data provided by Facebook. The audience we select is to Mom’s that we expect to be interested in mattress-wrapping.
» We do not upload email addresses or phone numbers to Facebook, nor do we upload other Sales Data to Facebook for any of the available Facebook Tools.
» The BabeSafe® Store accessed with the Checkout-links from the Baby Mattress Covers, LLC Facebook page is hosted on the Facebook server. This presentation of the Store on Facebook is not under our control in terms of Personal Data. When the Facebook Store Checkout-links then forward you to our website’s BabeSafe® Store pages, there is the EU Cookie Notification consent banner for your consent to Cookies.
» There are two manner of your consent to use Facebook Customer Data: 1.) By your interacting with our website and consenting to our Cookie Banner this shows you agree to our use of Facebook Pixel cookies on our website. 2.) When you are on our Facebook page, or our Instagram account, or their respective ads, it is implied that you have accepted the use of those Facebook cookies by your use of Facebook services. Again, when linked over from Facebook or Instagram to our website, our EU Cookie Banner gains your consent to our use of the Facebook cookies originating from our website.
» We as Data Controller have no way of setting the expiration of Facebook Customer Data. Your Facebook Data does not expire.
» Not in the past, nor at this time do we give any third-party access to our Facebook processed Customer Data.
◽ Google Analytics and Google Ads:
» The Google Analytics (GA) cookie data provides statistics to help us monitor the number of sessions, geolocation of traffic to our website and the efficiency of our business (ecommerce conversion rates and bounce rates). The GA tag also provides us session duration information on how long the average person spends on our website, how they found our website and the path they take on navigating our website once they are here. The GA service has a Real Time feature showing where someone is geolocated that is currently on the website, as well as which and how many pages have been viewed within the last 30 minutes.
» The Google Ads and GA cookie tags provide event information for Remarketing and Conversions. They also supply demographics and impressions information for Advertising. The Ads campaigns we use include Search, Display, Shopping and Remarketing. Our so-called ‘Ads Audience’ is of those who visit our website determined by an Ads tag and GA tag in Google Tag Manager.
» Event Data and User Data is retained on Google Analytics for 26 months. The 26 month time period starts afresh when you revisit our website. No personally identifiable information (like names, email addresses or phone numbers) are collected for us by Google. Because User-ID’s are not enabled on our GA account, visits and behavior specific to you on our site are not tracked. Our Ads are non-personalized. We target Ads by location down to country, state or county. Only the specific zip codes of Benton Harbor, MI and Kalamazoo, MI are the most granular Ads targeting we perform.
» Logical Position (USA), our Google Ads management team, has access to both our Google Ads and Google Analytics account information. Logical Position offers us their functional role of Paid Search Optimization. They have determined that they are neither Data Processor nor Data Controller with respect to your Personal Data.
» This UK website describes how to delete all cookies from your browser: ( www.aboutcookies.org ) It must be noted that completely deleting all cookies may hinder various functions stored on your browser, such as saved logins.
» The Google Analytics browser opt-out add-on ( https://tools.google.com/dlpage/gaoptout/ ) feature is available for most all browsers. When correctly installed on the specific browser you are using to access our website, this add-on prevents your visit behavioral activity from being shared with GA. But other website statistics are still collected.
» For further information on how Google uses your information and how to control their services please visit this site ( https://www.google.com/policies/technologies/partner-sites/ ).
§ 2. Personally Identifiable Information
● Why We use your Personally Identifiable Information:
◽ Your name, address and email address are kept locally on our computer and in our online BabeSafe® Store admin database. This is to keep a record of you as having been a customer for the product lifespan of your BabeSafe® mattress cover. This is in our legitimate interest.
◽ To insure most accurate and timely postal deliveries, we may write to ask you to further complete the address you gave us initially. An example is with the name of the business, if you gave us a business address. Or, if you use abbreviations of your name, we will write asking you to complete out your full name. These changes are used for the postal label.
◽ Your email address is also kept online for the Returning Customer discount authorization. For you to access your discount, Sign-in to our BabeSafe® Store before selecting your cover. The SignIn link is currently at the bottom right of the Store pages.
◽ Your IP address is recorded by our online store and our payment gateways. A truncated version of your IP address (minus the last set of digits) is logged by our Cookie Banner when you click ‘Accept’ and give consent to enter our website. Our site logs your browser type and Operating System as you indicate this consent to Cookies. This proof of your consent is required by the GDPR.
◽ Your Personal Data information is not sold to others and is only used for our Baby Mattress Covers, LLC purposes. We have used some customer mailing addresses for marketing in the past, but chose to no longer do direct-mail marketing to previous customers.
● Record Keeping:
◽ With our normal experience, the active usage lifespan of a BabeSafe® mattress cover begins within 6 months of purchase and ends when your baby is about two years old. For our purposes we consider the active usage lifespan to be 3 years. The full lifespan ends when the cover is either removed from the mattress, the BabeSafe® cover wears out or when the mattress itself wears out. Typically, a mattress cover can function well for two separate baby uses, but not always. Yet, a wrapped mattress can be stored indefinitely, to be used again at any time for that second baby. In the UK, legal claims against a product cannot be made any longer out than 10 years after a product has been put into circulation. The legal product lifespan of the BabeSafe® mattress cover is then considered to be ten years.
◽ Computer records, such as Contact files, are to persist in our local computer’s records for the product lifespan of ten years. Currently, we hold computer records dating back to 2009. In January 2019, the Contacts for the year 2009 will be older than 10 years old and will be deleted.
◽ The last ongoing backup, that is used on the occasion of a computer failure emergency, is rotated out at three months.
◽ Your Personal Data may be still present within archival backups that are accessed only with deliberate effort. These archival records are generated roughly quarterly and are to be deleted after about 4 years of age.
◽ You have a right to ask for the portability of your Personal Data to another BabeSafe® mattress cover distributor. But on doing so your payment given us will be simply refunded. Your payment will not be forwarded to the other distributor.
◽ Your name, address, email address, IP address and the items you have purchased can all be deleted from our current computer records at your request, as by our responsibility under our having legitimate interest.
◽ You are able to ask us, and we will follow your wishes, to remove your contact information from our local computer’s database, from the online store and from our email notification list. In doing so, you will lose your ability to receive a Returning Customer discount and lose any amends by us should there be a complaint on our BabeSafe® mattress cover. We will have no accessible record that you have been our customer. This has been called “the right to be forgotten”. We will retain your email message having made such a request.
◽ Your personal information may be shared with rightful legal authorities if they should make such a request for information.
● Third-Party Affiliations:
◽ Our Ecwid powered BabeSafe® Store is certified under the EU-USA and Swiss-USA Privacy Shield framework for Personal Data transfer between EU-USA and Swiss-USA. But this certification alone is not sufficient to fully meet the requirements of the GDPR.
◽ The Contact Us form on our website processes email using an Ipower email server (USA). We require your recognition with a check box, that when you email us you are sending us Personal Data.
◽ Our WordPress WordFence plugin website security provider, provides a Firewall around our website and Scans our website to detect security issues. Defiant, the WordFence parent company is Data Processor and Baby Mattress Covers, LLC is Data Controller. WordFence is located on Amazon Web Service servers, both in the USA and globally. This is the Defiant company’s description of the Personal Data that is collected by their plugin (the Customer in this case is defined as Baby Mattress Covers, LLC and you are the End User):
“Defiant automatically collects Customer and End User search queries and the date and time of the Customer and/or End User’s request and referral URL. Depending on the settings of a Customer and/or End User’s computer or mobile device (“Device”), Defiant also automatically collects: IP address; MAC address; Device make, model and operating system version; mobile network information; internet service provider; browser type and language; country and time zone in which the Device is located; and metadata stored on the Device. When permitted, Defiant also may collect data about a User’s geographic location through GPS, beacons and similar technology.”
“All of EU Personal Data is collected to operate, manage and improve the Services and ensure the technical functionality and security of the Services.”
We have not enabled the WordFence Live Traffic menu item on our admin Dashboard, as the amount of Personal Data that is exposed to us is unnecessary for our daily purposes. It maybe enabled in the case of a Data Breach or other similar issue, but for security investigation purposes only.
◽ The Authorize.Net and PayPal payment gateways have your credit card number, name, address, email address and IP address on record. Both gateways are PCI-DSS compliant. Your card numbers are entered into the gateways. After your entry, we no longer have access to these numbers. Baby Mattress Covers, LLC does not retain your credit card numbers. No further payments can be accepted by us, but only refunds can be given to your accounts.
◽ Authorize.Net retains your information, and refunds are available, for 180 days. PayPal retains your information indefinitely but refunds on your order are available for only 180 days.
◽ Our local computer is PCI-DSS compliant. We perform a yearly PCI-DSS self-audit inventory.
◽ Our local computer is protected by the latest version of ESET Internet Security™ with the latest updates. ESET provides malware protection, anti-virus and firewall protection. Web browsing, emails and data transfer are scanned by ESET. No alert notifications given by ESET are ignored and all warnings are heeded.
◽ BabeSafe in New Zealand is our supplier of BabeSafe® products. BabeSafe receives from us an order email containing your name, address and the item(s) purchased. BabeSafe drop ships our orders to all countries other than to the EEA, the UK, Switzerland, Canada, Israel and Mexico. Orders from the EEA and these 5 countries are shipped from our Michigan inventory.
◽ Note: We do not take orders from customers asking for shipments to New Zealand. New Zealand parents can find their source of new BabeSafe covers on Trade Me.
§ 3. Marketing
◽ We do not do email marketing, nor do we plan to do so. Your email address is secure. If you start an order in our BabeSafe® Store, but do not complete the order, you will receive an Abandoned Order reminder email.
◽ We rather do use re-marketing ads by Google Ads, that are initiated when you have visited our website.
◽ Our best marketing approach is your active word-of-mouth to other parents and grandparents. Please help us by actively campaigning to prevent SIDS by using this mattress-wrapping method. That is, please share with other parents/grandparents about their using the BabeSafe® mattress covers for their babies and 100% cotton bedding, with no padding or quilting!
§ 4. Location Targeted Discount
◽ We have arbitrarily chosen to facilitate mattress-wrapping in Benton Harbor and Kalamazoo County in Michigan and in the State of Mississippi targeted by zip codes for Discounts in our Ecwid shopping cart. We offer the Discount as a percent reduction from the Free Shipping from New Zealand shipping method for these three billing locations. The discounted amount is calculated on the value of the items in the shopping Basket. Our basis for these Discounts is these areas are with high SIDS/Infant Mortality rates. It is possible to opt-in, or even opt-out of this discount should you feel not impacted as needing a special discount.
§ 5. Email Notifications
◽ MailChimp is the Data Processor and Baby Mattress Covers, LLC is the Data Controller. MailChimp may use sub-processors to process the Personal Data given to MailChimp. MailChimp is certified in compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
§ 6. Data Controller
◽ Site management is performed by our Manager, Paul Knoll, at our physical business address location. Paul is our Primary Contact and Data Protection Officer (DPO) for privacy issues.
§ 7. Business Address
Baby Mattress Covers, LLC
614 Lynn Drive