Privacy Policy
🔒 Privacy Policy
Your privacy is our priority. We're committed to protecting your personal data.
Last Updated: January 21, 2026
Quick Summary: This Privacy Policy explains how Firmly collects, uses, and protects your personal information. We comply with GDPR (EU), CCPA (California), and other international privacy laws. You have full control over your data and can request access, correction, or deletion at any time.
📋 Table of Contents
1. Introduction
This Privacy Policy describes how Firmly ("Website," "we," "us," or "our") collects, uses, and discloses your personal information when you visit, use our services, or make a purchase from myfirmly.com (the "Website") or otherwise engage with us (collectively, the "Services").
By using the Services, you agree to the terms of this Privacy Policy.
Legal Basis: We process your personal data in compliance with:
- General Data Protection Regulation (GDPR) - European Union
- California Consumer Privacy Act (CCPA) - United States
- Other applicable international privacy laws
Data Controller: Firmly, based in Portugal (European Union)
2. Information We Collect
📝 Information You Provide Directly
Contact Details
Name, email address, phone number, shipping address, billing address
Purpose: Order fulfillment, customer service, marketing communications
Order Information
Payment confirmation, purchase history, product preferences, order notes
Purpose: Process transactions, manage returns, improve product recommendations
Account Details
Username, password (encrypted), security questions, account preferences
Purpose: Account management, personalized experience, security
Customer Support Communications
Messages, emails, chat transcripts, feedback, reviews
Purpose: Provide support, improve services, resolve issues
🤖 Automatically Collected Data
Usage Data
IP address, device type, browser type, operating system, pages visited, time spent on site, referring URLs, click patterns
Purpose: Analytics, website optimization, fraud prevention
Collection Method: Cookies, web beacons, log files
Location Data
Approximate location based on IP address
Purpose: Shipping calculations, localized content, fraud detection
🔗 Information from Third Parties
- Payment Processors: Shopify Payments, PayPal (transaction confirmations, fraud prevention)
- Analytics Providers: Google Analytics (website performance, user behavior)
- Marketing Platforms: Email service providers, social media platforms (campaign performance)
- Shipping Carriers: Delivery status, tracking information
3. How We Use Your Information
We use your personal information for the following purposes, based on legal grounds:
| Purpose | Legal Basis (GDPR) |
|---|---|
| Process orders, payments, and shipping | Contractual necessity |
| Provide customer support | Contractual necessity |
| Send marketing emails and promotional offers | Consent (opt-out available) |
| Personalize website experience and product recommendations | Legitimate interest |
| Prevent fraud and ensure security | Legitimate interest |
| Comply with legal obligations (tax, accounting) | Legal obligation |
| Analyze website performance and improve services | Legitimate interest |
| Targeted advertising on third-party platforms | Consent (opt-out available) |
4. Cookies & Tracking Technologies
We use cookies and similar technologies to operate our website, analyze traffic, and deliver personalized experiences.
Types of Cookies We Use:
| Cookie Type | Purpose | Duration | Can Opt-Out? |
|---|---|---|---|
| Essential Cookies | Enable core functionality (shopping cart, checkout, login) | Session / 1 year | ❌ Required |
| Analytics Cookies | Understand website usage (Google Analytics) | 2 years | ✅ Yes |
| Marketing Cookies | Deliver targeted ads (Facebook Pixel, Google Ads) | 1-2 years | ✅ Yes |
| Preference Cookies | Remember your settings and preferences | 1 year | ✅ Yes |
Managing Cookies: You can control cookies through your browser settings. Note that disabling essential cookies may affect website functionality.
Third-Party Cookie Policies:
5. How We Share Your Information
We may share your personal information with the following categories of recipients:
🚚 Service Providers
Who: Shipping carriers (DHL, UPS, FedEx), payment processors (Shopify, PayPal), email service providers, IT support, cloud hosting
Why: To fulfill orders, process payments, send communications, and maintain our services
Safeguards: Data processing agreements, contractual obligations
📊 Analytics & Marketing Partners
Who: Google Analytics, Facebook, advertising networks
Why: To analyze website performance and deliver targeted advertising (with your consent)
Your Control: Opt-out of data sharing
⚖️ Legal & Compliance
When: To comply with legal obligations, respond to subpoenas, enforce our policies, protect rights and safety
Examples: Law enforcement requests, fraud investigations, tax authorities
🏢 Business Transfers
When: In the event of a merger, acquisition, or sale of assets
Protection: You will be notified of any change in data controller
⚠️ Important: We do not sell your personal information to third parties for monetary consideration. However, sharing data with advertising partners may be considered a "sale" under certain U.S. privacy laws (CCPA). You can opt-out at any time.
6. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes outlined in this policy.
Retention Periods:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account Information | Until account deletion or 3 years of inactivity | Provide services, customer support |
| Purchase History | 7 years | Tax compliance, legal obligations |
| Marketing Data | Until unsubscribe or opt-out | Send promotional communications |
| Website Analytics | 26 months (Google Analytics default) | Analyze trends, improve services |
| Customer Support Records | 3 years | Quality assurance, dispute resolution |
| Payment Information | Not stored (handled by payment processors) | Security, PCI compliance |
Deletion: After the retention period, we securely delete or anonymize your data. You can request early deletion by contacting us (subject to legal obligations).
7. Your Privacy Rights
Depending on your location, you have the following rights regarding your personal data:
🔍 Right to Access
Request a copy of the personal data we hold about you
✏️ Right to Rectification
Correct inaccurate or incomplete personal data
🗑️ Right to Erasure
Request deletion of your personal data ("right to be forgotten")
⏸️ Right to Restrict Processing
Limit how we use your personal data
📤 Right to Data Portability
Receive your data in a structured, machine-readable format
🚫 Right to Object
Object to processing based on legitimate interests or for marketing
🔕 Right to Opt-Out
Opt-out of marketing emails and targeted advertising
❌ Right to Withdraw Consent
Withdraw consent for data processing at any time
How to Exercise Your Rights:
Email us: contact@myfirmly.com with "Privacy Request" in the subject line
Include: Your name, email address, and specific request
Response Time: We will respond within 30 days (may extend to 60 days for complex requests)
Verification: We may ask for additional information to verify your identity before processing requests
EU/UK Residents: You have the right to lodge a complaint with your local data protection authority if you believe we have not handled your data properly.
California Residents: You have additional rights under CCPA, including the right to opt-out of the "sale" of personal information. Exercise your CCPA rights here.
8. International Data Transfers
Data Controller Location: Firmly is based in Portugal (European Union).
International Transfers: Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, for the purposes described in this policy.
Safeguards for International Transfers:
- Standard Contractual Clauses (SCCs): Approved by the European Commission for transfers to countries without adequacy decisions
- Adequacy Decisions: Transfers to countries recognized by the EU as providing adequate data protection
- Privacy Shield (where applicable): For U.S.-based service providers
- Data Processing Agreements: Contractual obligations with all third-party processors
Third-Party Processors: Shopify (Canada/US), Google (US), payment processors (various locations)
9. Data Security
We implement industry-standard technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.
Security Measures:
- 🔒 SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted
- 🛡️ Secure Payment Processing: PCI-DSS compliant payment processors (we do not store credit card numbers)
- 🔐 Access Controls: Limited access to personal data on a need-to-know basis
- 🔑 Password Protection: Encrypted password storage with strong hashing algorithms
- 📊 Regular Security Audits: Ongoing monitoring and vulnerability assessments
- 💾 Data Backups: Regular encrypted backups to prevent data loss
⚠️ Important: While we implement robust security measures, no system is 100% secure. Please use strong passwords, do not share your account credentials, and contact us immediately if you suspect unauthorized access to your account.
Data Breach Notification:
In the event of a data breach that poses a risk to your rights and freedoms, we will:
- Notify affected individuals within 72 hours (as required by GDPR)
- Report the breach to relevant data protection authorities
- Provide information about the breach and steps to protect yourself
10. Children's Privacy
Our Services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at contact@myfirmly.com and we will delete the information promptly.
Age Verification: By using our Services, you confirm that you are at least 16 years old (or the age of majority in your jurisdiction).
11. Changes to This Privacy Policy
We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or for operational reasons.
Notification of Changes:
- The revised policy will be posted on this page with an updated "Last Updated" date
- For material changes, we will notify you via email or prominent notice on our website
- Continued use of our Services after changes constitutes acceptance of the updated policy
Review Regularly: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
📧 Email: contact@myfirmly.com
📍 Address: Firmly, Portugal, European Union
⏰ Response Time: Within 30 days
For Privacy-Specific Inquiries: Please include "Privacy Request" or "Data Protection" in your email subject line for faster processing.
EU/UK Data Protection Authorities: If you are located in the EU or UK and are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.
🔐 Your Privacy, Our Commitment
We're dedicated to protecting your personal information and giving you control over your data.
Questions? We're here to help at contact@myfirmly.com
Related Privacy Resources
Your Privacy Choices & Opt-Out | Terms of Service | Return Policy
💙 Firmly – Transparent Practices, Trusted Protection