Pay via PayPal
Facebook-f Instagram

Privacy Policy

PRIVACY POLICY (EU & IRELAND GDPR COMPLIANT)

Last updated: November 2025

1. Introduction

This Privacy Policy explains how Baby Body Fit collects, uses and protects your personal data when you use our website: https://babybodyfit.ie/

By using our Site and services, you confirm that you are over 13 years of age.

Data Controller: Baby Body Fit
Data Protection Officer: Caroline Lynch
Email: cork@babybodyfit.ie

It is important that the information we hold about you is accurate and up to date. Please notify us of any changes by emailing cork@babybodyfit.ie.

2. Personal Data We Collect

“Personal data” means any information that identifies an individual. We collect the following categories of data:

2.1 Communication Data

Includes messages sent through contact forms, email, SMS, social media or any other communication channel.
Legal basis: Legitimate interests (to respond to communications, maintain records and establish or defend legal claims).

2.2 Customer Data

Includes name, billing/shipping address, phone number, email, purchase details, and payment information.
Legal basis: Performance of a contract.

2.3 User Data

Includes data regarding how you use our site, any content posted, and interactions with our online services.
Legal basis: Legitimate interests (to manage and improve our website and services).

2.4 Technical Data

Includes IP address, browser details, login data, page visits, time zone settings, usage frequency, and device information.
Collected through analytics tools such as Google Analytics (with consent).
Legal basis: Legitimate interests (site administration and improvement), and consent where required (analytics cookies).

2.5 Marketing Data

Includes preferences regarding marketing communications.
Legal basis: Consent or legitimate interests (to grow our business).

2.6 Special Category Data (Health Data)

We may collect information relating to your physical health, fitness level or related conditions in order to deliver Baby Body Fit services.
Legal basis: Explicit consent under Article 9(2)(a) GDPR.

3. How We Collect Personal Data

  • Directly from you (forms, email, account registration, purchases).

  • Automatically through cookies and similar technologies (with prior consent, where required).

  • From third parties such as:

    • Google Analytics (outside the EU)

    • Facebook/Meta (outside the EU)

    • Payment processors such as Stripe

    • Technical and delivery service providers

4. Use of Personal Data (Purposes & Legal Grounds)

We only use your data when legally permitted. Common purposes include:

  • Processing orders and providing services

  • Communicating with you

  • Managing our website and internal operations

  • Sending marketing communications

  • Improving our services, advertising and customer experience

  • Complying with legal obligations

We will not use your personal data for any purpose incompatible with those outlined unless we obtain your consent or the law requires it.

We do not carry out automated decision-making or profiling.

5. Marketing Communications

Our lawful basis is your consent or our legitimate interests.
You may opt out at any time by:

We will never share your personal data with third parties for their own marketing purposes without your explicit consent.

6. Disclosures of Personal Data

We may share your personal data with:

  • IT and system administration providers

  • Professional advisers (lawyers, accountants, insurers)

  • Stripe (payment processing)

  • Service providers acting as processors

All third parties must comply with GDPR and may only process data according to our instructions.

We do not transfer your personal data outside the European Economic Area unless appropriate safeguards are in place.

7. Data Security

We implement technical and organizational measures to ensure your data is secure and protected against unauthorized access, alteration, loss or disclosure.

We have procedures in place for handling suspected data breaches and will notify you and the Data Protection Commission (DPC) where legally required.

8. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, including legal and accounting obligations.

For tax purposes, customer data is retained for 6 years after the customer relationship ends.

We may anonymise data for statistical and research purposes. Anonymised data is not subject to GDPR and may be used indefinitely.

9. Your Legal Rights

You have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request deletion

  • Object to processing

  • Restrict processing

  • Request data portability

  • Withdraw consent at any time

You may exercise these rights by emailing cork@babybodyfit.ie.

If you are not satisfied with how your data is handled, you may lodge a complaint with:

Data Protection Commission (Ireland)
https://dataprotection.ie

10. Third-Party Links

Our website may include links to third-party websites. We are not responsible for the privacy practices of external sites. We encourage you to read the privacy policies of any site you visit.