DefinitionsPersonal data means any information that identifies a person. Examples include a first name, an email address, an IP address, or a device identifier.

Processing means any action involving personal data. This includes collection, storage, use, sharing, or deletion.

Newsletter means a digital message we send to subscribers. A newsletter contains updates about Fantasy In Black and promotional material.

Affiliate link means a hyperlink with a unique identifier. When a person clicks one of these links and completes a purchase, we might receive a commission.

Cookie means a small file stored on a person’s device. Cookies enable essential functions, remember preferences, measure performance or deliver advertising.About usFantasy In Black operates FANTASYINBLACK.COM and manages the Fantasy In Black newsletter. Our business runs from 9925 Haynes Bridge Road, Alpharetta, GA 30022. This policy document describes how we handle personal data during our marketing and communication activities.What data we collectDuring subscription, we record a first name and an email address. Additional data might arise from optional forms, surveys or support requests. Our systems also record technical data. For example, device type, browser information, IP address, and usage patterns through cookies or similar tracking technologies. When a person clicks an affiliate link or interacts with our emails, we record engagement metrics to evaluate campaign performance.How we collect dataWe obtain personal data directly from subscribers when they fill out a form or contact us via email. We also collect data through cookies and tracking pixels when a person visits our website, interacts with our social channels, purchases items via [Etsy], or clicks links in our emails. Our email service provider [EMAIL_SERVICE_PROVIDER] records delivery and engagement metrics to help manage list quality and compliance.Why we use dataWe use personal data to deliver newsletters, marketing messages and product updates. We also use data to personalise communications, provide relevant promotions, run affiliate campaigns, analyse performance, improve our content, manage account preferences, respond to inquiries, prevent fraud and meet legal or regulatory obligations. We rely on data to maintain suppression lists of individuals who requested to unsubscribe, to ensure we honour opt‑out requests.Legal bases for processing (GDPR and UK GDPR)Where European data protection law applies, our processing rests on lawful grounds. We rely on consent to send marketing messages and to store non‑essential cookies or tracking tags. We rely on contract necessity to deliver requested products or services. We rely on legitimate interest for analytics, service improvement and fraud prevention when our interest does not override the rights of the person. We rely on legal obligation when we must keep records for tax, accounting or regulatory requirements.Marketing, newsletters and affiliate promotionsOur newsletter provides updates, editorial content, promotions and affiliate offers. We require an explicit opt‑in before sending promotional emails in jurisdictions where consent must be obtained. Each email includes a link to unsubscribe or manage preferences. We honour unsubscribe requests promptly. We sometimes segment our list by interest to deliver targeted promotions. Some emails include affiliate links. When a person clicks an affiliate link, a unique identifier passes to the merchant to track the referral. This identifier does not reveal the subscriber’s name or email address. The merchant might record purchase information for commission attribution.Cookies, tracking and analyticsOur website uses cookies and similar tracking technologies. Essential cookies enable core features such as page navigation, subscription forms, and user authentication. Functional cookies remember preferences. Analytics cookies help us measure website traffic and email performance. Marketing cookies support advertising, retargeting, and affiliate tracking. In regions covered by the ePrivacy Directive or similar laws, we obtain consent before placing analytics or marketing cookies on a device. Visitors have the option to select cookie categories and withdraw consent at any time. In other regions, continuing to use our site or services after seeing a cookie banner signals agreement to the use of cookies. For individuals who prefer minimal tracking, we offer a preference to limit cookies to essential functions. We document consent choices and apply them across sessions when technically possible.Sharing and disclosuresWe share personal data with trusted service providers to run our business. This includes [EMAIL_SERVICE_PROVIDER] for email delivery and list management, [ANALYTICS_TOOLS] for analytics, [PAYMENT_PROCESSOR] for purchases, [WEB_HOSTING] for hosting and backup, and affiliate networks to facilitate commission tracking. Each provider must implement privacy and security safeguards and shall only use data to provide services to Fantasy In Black. We do not sell or rent subscriber lists. We disclose data when required by law or in response to valid legal requests. We share aggregated, anonymised or de‑identified statistics with partners or advertisers when necessary. If our business undergoes a merger or acquisition, personal data might transfer to the successor entity under equivalent protections.
Data retentionWe apply technical and organisational measures to protect personal data. These measures include encryption in transit and at rest, firewalls, secure authentication, regular backups and access controls. We train employees on privacy and confidentiality. We select service providers who commit to similar safeguards. No method of transmission over the internet or electronic storage offers a guarantee of security. Absolute protection remains impossible. We strive to mitigate risks.International transfersFantasy In Black operates from the United States. Personal data might reside on servers in different jurisdictions, including the United States and other countries where our service providers operate. When we transfer personal data from the European Economic Area or the United Kingdom to a country without an adequacy decision, we rely on Standard Contractual Clauses or other approved mechanisms to ensure equivalent protection. We will provide further details upon request.Your rights by regionIndividuals in the European Economic Area and the United Kingdom have rights under the GDPR. These rights include the right to be informed, access, rectification, erasure, restriction, portability, objection, and protection from automated decision‑making or profiling with legal or similarly significant effects. Individuals also have the right to lodge a complaint with a supervisory authority.

Residents of U.S. states with consumer privacy laws, including California, Colorado, Connecticut, Utah, Virginia, Indiana, Kentucky, and Rhode Island, have rights to request details about personal information collected, request correction or deletion of personal information, and opt out of sales or sharing of personal information. We respond to authenticated requests in compliance with those laws. We do not process personal information for targeted advertising directed at minors. We honour universal opt‑out signals where required by law.How to exercise rightsTo exercise any rights under this policy, contact us via [CONTACT_EMAIL] or by mail at [BUSINESS_ADDRESS]. Provide enough information to verify your identity. We will respond within the timeframe required by applicable law. We might request additional information to verify identity or clarify the request. We will not discriminate against you for exercising your rights. If you wish to unsubscribe from marketing emails, use the unsubscribe link in any email or contact us directly.Children’s privacyOur services do not target persons under thirteen years old. We do not knowingly collect personal data from children under thirteen in the United States or under sixteen in the European Economic Area without parental consent. Recent amendments to the Children’s Online Privacy Protection Act expand definitions of personal information and require stricter parental notice and consent measures. If a parent or guardian believes a child provided personal data to us without permission, contact us promptly. We will remove the data and close the related subscription.Changes to this policyWe update this policy when our practices or relevant law change. We will post the updated version on [DOMAIN] with a new “Last updated” date. For significant changes, we also notify subscribers via email. Continued use of our services after an update signals acceptance of the revised policy.ContactFor questions or concerns about this policy or your personal data, contact us at [CONTACT_EMAIL] or mail us at [BUSINESS_ADDRESS].Last updated[LAST_UPDATED_DATE]