PRIVACY POLICY

Thank you for visiting keatsinhampstead.com. Your privacy and trust are extremely important to us. This Privacy Policy outlines how we collect, use, and protect your personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are committed to transparency, security, and your control over your personal information.

1. COMMITMENT TO PRIVACY AND DATA PROTECTION

At keatsinhampstead.com, we are committed to protecting the privacy and security of all personal data entrusted to us. We respect your rights under data protection laws and take appropriate steps to safeguard your information with diligence and care. Whether you are browsing our website, contacting us for information, or purchasing goods and services, we process your data with a privacy-first mindset.

2. SCOPE OF THIS POLICY AND DATA CONTROLLER ROLE

This Privacy Policy applies to all users of keatsinhampstead.com and to all personal data collected through this website or associated interactions. For purposes of data protection regulations, Keats in Hampstead is the data controller responsible for determining the purposes and means of processing your personal data.

For any questions concerning this policy or to exercise your data-related rights, please contact us at: [email protected].

3. CATEGORIES OF DATA WE PROCESS

We may collect and process the following categories of personal data, depending on your interactions with us:

– Usage Data: Includes information about your use of our site, such as browser type and version, IP address, geolocation, device identifiers, time zone settings, referring/exit URLs, and interaction data (e.g., pages viewed, time spent, bounce rates).

– Account Data: When you create an account or engage with us directly, we may collect your name, email address, postal address, phone number, and any authentication credentials.

– Profile Data: May include your interests, preferences, purchase history, browsing behavior, and feedback or survey responses you voluntarily provide.

– Communication Data: Comprises correspondence sent to us, such as support queries, complaints, Emails, and messages submitted via forms or social channels.

– Technical Data: Involves information about your device and operating environment, including device type, operating system, browser settings, screen resolution, and system configurations.

– Transaction Data: Includes order details, payments, billing addresses, delivery preferences, refund information, and purchase confirmation.

– Preference Data: May consist of data related to your marketing preferences, communication consents, and product or content interests you have indicated.

We collect this data directly from you or automatically through technologies such as cookies and tracking scripts. Certain data may be aggregated or anonymised to ensure it does not identify you personally.

4. LEGAL BASES FOR PROCESSING PERSONAL DATA

We rely on one or more of the following lawful bases under the GDPR and other applicable legislation for processing your personal data:

– Consent: Where you have provided clear, informed consent for a specific purpose (e.g., email subscriptions, marketing preferences, or optional cookies).

– Performance of a Contract: When data is necessary to fulfill a purchase, render services, or perform obligations derived from contracts with you.

– Legal Obligation: When we are required to process your information in compliance with legal obligations, such as tax law or consumer protection statutes.

– Legitimate Interests: When processing is necessary for our legitimate business interests (e.g., fraud prevention, website performance, improving user experience), provided such interests are not overridden by your fundamental rights and freedoms.

5. YOUR RIGHTS

As a data subject, you are entitled to the following rights under GDPR and, where applicable, the CCPA or other regional laws:

– Right of Access: You have the right to request details of the personal data we hold about you and how it is used.

– Right to Rectification: You may request correction of inaccuracies or omissions in your personal information.

– Right to Erasure: Under certain conditions, you can request the deletion of your data (“right to be forgotten”).

– Right to Restrict Processing: You may request limits on how we use your data, particularly when processing is contested.

– Right to Data Portability: Where applicable, you are entitled to receive a copy of your data in a structured, commonly used, machine-readable format, and to request transfer to another controller.

– Right to Object: You have the right to object to certain types of processing, including direct marketing and profiling based on legitimate interest.

To exercise any of these rights, please contact us at: [email protected]. We may ask for information to verify your identity before fulfilling your request.

California consumers additionally have the right to request disclosure of the categories and specific pieces of personal information collected, as well as the right to opt out of the “sale” of personal data, where applicable.

6. SECURITY MEASURES

We implement industry-standard technical and organizational safeguards to protect your data, including:

– Encryption of data in transit and at rest
– Role-based access controls and authentication protocols
– Secure payment gateways and tokenized transactions
– Regular backups, intrusion detection, and vulnerability assessments
– Staff training on data protection and confidentiality

While we maintain rigorous measures, no digital storage or transmission is completely secure. You are encouraged to use strong passwords and remain vigilant when sharing personal data online.

7. INTERNATIONAL TRANSFERS

Your data may be stored or processed in jurisdictions outside your country of residence, including the United Kingdom, the European Economic Area (EEA), or the United States. In such cases we ensure:

– Adequacy decisions from relevant authorities, or
– Execution of EU-approved Standard Contractual Clauses or equivalent mechanisms
– Additional security controls and due diligence to uphold data protection standards

8. DATA RETENTION

Your personal data will be retained only for as long as necessary to fulfill the relevant processing purpose. Typical retention periods include:

– Usage and Technical Data: up to 26 months for analytics purposes
– Account and Profile Data: for as long as your account remains active and no longer than 2 years after inactivity
– Communication Data: 3 years from last contact
– Transaction Data: 6–7 years in accordance with applicable accounting regulations
– Preference Data: until withdrawn or after 24 months of inactivity

Where retention is no longer required, data will be securely deleted or anonymised.

9. COOKIE POLICY

keatsinhampstead.com uses cookies and similar technologies to enhance your browsing experience, analyze site performance, and deliver personalized content. Cookies we use may be:

– Essential Cookies: Necessary for the functioning of the website (e.g., logging in, shopping cart).
– Functional Cookies: Allow the site to remember your preferences and settings.
– Analytics Cookies: Enable us to understand how visitors interact with the website, such as Google Analytics.
– Performance Cookies: Help us improve load speed, responsiveness, and overall functionality.

We do not use third-party advertising cookies or sell personal data to advertisers.

10. COOKIE MANAGEMENT AND COMPLIANCE

You may manage your cookie preferences through our cookie banner, browser settings, or by clearing cookies from your device. We provide clear opt-in consent mechanisms for non-essential cookies in accordance with GDPR standards. California residents may exercise their rights to object to data sharing practices pursuant to the CCPA by contacting us.

Disabling cookies may affect certain features or functionalities of the website.

11. SPECIAL PROTECTIONS FOR CHILDREN

Our website is not targeted toward, nor intended for use by, children under the age of 13. We do not knowingly collect or process personal data from minors. If we discover that data belonging to a child has been collected in error, we will promptly delete it. If you believe we may hold data from or about a child under 13, please contact us immediately.

12. POLICY UPDATES

We reserve the right to update this Privacy Policy from time to time to reflect changes in the law, our data practices, or website functionality. Updated versions will be posted on this page at keatsinhampstead.com. Where appropriate, users will be notified via banner or email notices. Continued use of the website following changes indicates your acceptance of the revised terms.

13. CONTACT US

For questions regarding this Privacy Policy, to exercise your rights, or to raise a privacy-related concern, please contact us via:

Email: [email protected]

We are committed to resolving all privacy and data issues promptly and thoroughly.

This Privacy Policy is designed to ensure compliance with GDPR and CCPA, and to uphold the privacy rights of all users of keatsinhampstead.com. If you have any concerns, please don’t hesitate to reach out to us directly.