Privacy Policy – Blossom to Success Inc

Effective Date: 2025-08-31
Last Updated: 2025-08-31

1. Introduction

Blossom to Success Inc (“we,” “our,” or “us”) operates the website www.BlossomToSuccess.com (the “Service”). This Privacy Policy informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We are committed to protecting your privacy and ensuring transparency about how we handle your personal information in accordance with applicable privacy laws, including:

• European Union: General Data Protection Regulation (GDPR)
• United States: California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), and other state privacy laws
• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA) and provincial privacy laws
• Other jurisdictions: As applicable based on your location

2. Data Controller Information

Company: Blossom to Success Inc
Website: www.BlossomToSuccess.com
Email: admin@blossomtosuccess.com
Address: 4340 E Indian School Rd #21285, Phoenix, AZ, 85018

For all privacy-related inquiries, please contact us using the information provided above.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

3.1 European Union (GDPR)

• Consent: When you explicitly consent to our processing (e.g., newsletter signup)
• Contract: When processing is necessary for fulfilling our services to you
• Legitimate Interest: When we have a legitimate business interest (e.g., improving our services)
• Legal Obligation: When required by law

3.2 United States

• Business Purpose: Processing for operational business purposes as defined under CCPA
• Commercial Purpose: Direct marketing and advertising with appropriate opt-out mechanisms
• Consent: Where required by applicable state laws
• Service Provision: To deliver requested services and maintain customer relationships

3.3 Canada (PIPEDA)

• Consent: Meaningful consent for collection, use, and disclosure
• Legitimate Purpose: Processing for purposes a reasonable person would consider appropriate
• Implied Consent: Where reasonable to expect based on the circumstances

4. Information We Collect

4.1 Personal Information You Provide

• Contact Information: Name, email address, phone number, mailing address
• Account Information: Username, password, profile information
• Payment Information: Billing address, payment method details (processed securely through third-party providers)
• Communication Data: Messages you send us, feedback, support requests, survey responses
• Marketing Preferences: Your preferences regarding marketing communications
• Demographic Information: Age, location, interests (where voluntarily provided)
• Professional Information: Business details, industry, company size (for B2B services)

4.2 Information Collected Automatically

• Usage Data: How you interact with our website, pages visited, time spent, click-through rates
• Device Information: IP address, browser type, operating system, device identifiers, screen resolution
• Location Data: General location based on IP address (not precise geolocation)
• Cookies and Tracking Technologies: As described in our Cookie Policy
• Log Files: Server logs including access times, pages viewed, and referrer information

4.3 Information from Third Parties

• Social Media: If you connect your social media accounts or interact with our social media
• Analytics Providers: Google Analytics, Facebook Pixel, and similar services
• Email Service Providers: Data from our email marketing platforms
• Public Databases: Publicly available information for business verification
• Data Brokers: Commercial data sources (where legally permitted and with appropriate safeguards)

5. How We Use Your Information

We use your personal data for the following purposes:

5.1 Service Delivery

• Providing and maintaining our coaching services, courses, and content
• Processing payments and managing your account
• Sending service-related communications

5.2 Marketing and Communication

• Sending newsletters, promotional content, and updates (with your consent)
• Personalizing your experience and content recommendations
• Conducting market research and analytics

5.3 Legal and Business Operations

• Complying with legal obligations
• Protecting against fraud and ensuring security
• Improving our services through analytics

6. Data Sharing and Disclosure

We may share your personal data with:

6.1 Service Providers

• Email Marketing: Systeme.io
• Payment Processing: Secure payment processors
• Website Hosting: Our hosting providers
• Analytics: Google Analytics, Facebook Analytics
• Customer Support: Help desk and chat services

6.2 Legal Requirements

We may disclose your information when required by law, court order, or to protect our rights and safety.

6.3 Business Transfers

In the event of a merger, sale, or business transfer, your data may be transferred to the new entity.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do this, we ensure appropriate safeguards are in place, including:

• Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
• Standard Contractual Clauses: EU-approved contract terms with service providers
• Binding Corporate Rules: For transfers within multinational organizations

8. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

8.1 General Retention Periods

• Account Data: Until you delete your account plus 30 days for account recovery
• Marketing Data: Until you unsubscribe plus 3 years for legitimate interest purposes
• Payment Data: 7 years for tax, accounting, and financial audit purposes
• Legal Claims: Until the statute of limitations expires (varies by jurisdiction)
• Communications: Customer service interactions retained for 3 years

8.2 Jurisdiction-Specific Requirements

• EU: Data retained only as long as necessary for the purpose, with regular review
• California: Sensitive personal information deleted or de-identified when no longer needed
• Canada: Personal information destroyed when no longer required for identified purposes

8.3 Automated Deletion

We implement automated systems to delete data when retention periods expire, unless legal holds prevent deletion.

9. Your Privacy Rights by Jurisdiction

9.1 European Union (GDPR Rights)

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (“right to be forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications
• Right to Complain: File a complaint with your local data protection authority

9.2 United States Consumer Rights

California (CCPA/CPRA)

• Right to Know: What personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Correct: Correct inaccurate personal information
• Right to Opt-Out: Opt out of the sale or sharing of personal information
• Right to Limit: Limit use of sensitive personal information
• Right to Non-Discrimination: Not to be discriminated against for exercising rights

Virginia (VCDPA) & Other State Laws

• Right to Access: Confirm and access your personal data
• Right to Delete: Delete personal data we have about you
• Right to Correct: Correct inaccuracies in your personal data
• Right to Data Portability: Obtain your data in a portable format
• Right to Opt-Out: Opt out of targeted advertising and profiling

9.3 Canada (PIPEDA Rights)

• Right to Access: Access your personal information in our custody or control
• Right to Correction: Correct errors or omissions in your personal information
• Right to Withdraw Consent: Withdraw consent at any time (subject to legal restrictions)
• Right to Complain: File a complaint with the Privacy Commissioner of Canada
• Right to Know: Understand how your information is being used

9.4 Exercising Your Rights

To exercise any of these rights, contact us at [insert email]. We will respond within:

• EU: 30 days (extendable to 60 days for complex requests)
• California: 45 days (extendable to 90 days)
• Virginia: 45 days (extendable to 45 additional days)
• Canada: 30 days

We may require verification of your identity before processing requests.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and login information
• Analyze website traffic and user behavior
• Provide personalized content and advertisements
• Improve our services

Cookie Categories:

• Strictly Necessary: Essential for website functionality
• Performance: Analytics and site improvement
• Functionality: Enhanced features and personalization
• Marketing: Advertising and social media integration

You can manage cookie preferences through your browser settings or our cookie consent tool.

11. Children’s Privacy

Our services are not directed to minors, and we do not knowingly collect personal information from children:

• Under 16 (EU/UK): We do not collect personal data from children under 16 without verifiable parental consent
• Under 13 (USA): We comply with COPPA and do not knowingly collect personal information from children under 13
• Under 13 (Canada): We do not knowingly collect personal information from children under 13 without parental consent

If we become aware that we have collected personal information from a child without appropriate consent, we will delete it promptly and may terminate any related accounts.

12. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: Data is encrypted in transit and at rest
• Access Controls: Limited access on a need-to-know basis
• Regular Audits: Security assessments and vulnerability testing
• Staff Training: Regular privacy and security training for our team

13. Third-Party Links

Our website may contain links to third-party sites. This Privacy Policy does not apply to those sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Policy

We may update this Privacy Policy periodically. We will:

• Post the updated policy on our website
• Update the “Last Updated” date
• Notify you of material changes via email or website notice
• Obtain consent for changes requiring it under applicable law

15. Sales and Sharing of Personal Information (US Residents)

15.1 California Residents

Under the CCPA, we may “sell” or “share” personal information as defined by the law. In the past 12 months, we may have disclosed the following categories for business or commercial purposes:

• Identifiers: Name, email, IP address to advertising partners
• Commercial Information: Purchase history to analytics providers
• Internet Activity: Browsing behavior to marketing platforms

Your Right to Opt-Out: You can opt out of the sale/sharing of your personal information by:

• Using our “Do Not Sell My Personal Information” link
• Contacting us directly at [insert email]
• Using browser-based opt-out signals (where technically feasible)

15.2 Sensitive Personal Information

We limit the use of sensitive personal information to necessary business purposes and do not sell or share such information without consent.

16. Contact Information

For privacy-related questions, concerns, or to exercise your rights:

General Privacy Inquiries:
Email: [Insert privacy email]
Address: [Insert business address]

Data Protection Officer (EU): [If applicable]
Privacy Officer (Canada): [If applicable]

US State Law Requests:
Email: [Insert state privacy email]
Phone: [Insert toll-free number for US residents]

EU Representative: [If you don’t have an EU establishment but offer services to EU residents]

17. Regulatory Authorities

If you have concerns about our data practices, you may contact the relevant authority:

European Union

Your local supervisory authority. Find your authority at: https://edpb.europa.eu/about-edpb/board/members_en

United States

• California: California Attorney General’s Office – https://oag.ca.gov/
• Virginia: Virginia Attorney General’s Office – https://www.oag.state.va.us/

Canada

• Federal: Privacy Commissioner of Canada – https://www.priv.gc.ca/
• Provincial: Your provincial privacy commissioner

Additional Notices

Notice to California Residents

This privacy policy includes information required by the California Consumer Privacy Act (CCPA). California residents have additional rights as outlined in Section 9.2.

Notice to Virginia Residents

This privacy policy includes information required by the Virginia Consumer Data Protection Act (VCDPA). Virginia residents have rights as outlined in Section 9.2.

Notice to Canadian Residents

We comply with PIPEDA and applicable provincial privacy laws. Canadian residents have rights as outlined in Section 9.3.

Notice to EU/UK Residents

We comply with GDPR and UK GDPR. EU/UK residents have rights as outlined in Section 9.1.

This Privacy Policy is designed to comply with GDPR, CCPA, VCDPA, PIPEDA, and other applicable privacy laws. However, you should consult with a legal professional to ensure full compliance with all relevant regulations in your specific situation.