Privacy Policy for keatsinhampstead.com

1. Introduction

At keatsinhampstead.com, we are firmly committed to respecting and safeguarding your personal data. We recognize the importance of privacy and data protection rights and strive to uphold the highest standards in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you interact with our website and related services.

2. Scope of This Policy & Our Role as Data Controller

This Privacy Policy applies when you visit, use, or interact with the website keatsinhampstead.com (the “Website”), or communicate with us through electronic means. For the purposes of applicable data protection legislation, we are the “data controller” with respect to the personal data we collect and process. This means that we determine the purposes and means of the processing of your personal data.

3. Categories of Personal Data We Process

We may collect and process the following categories of personal data, depending on your interactions with our Website:

a. Usage Data
Includes information such as browser type and version, operating system, Internet Protocol (IP) address, device identifiers, referral source, pages visited, time spent on pages, and related diagnostic data collected automatically when you use our Website.

b. Account Data
Includes identification details you provide when creating an account or placing an order, such as your full name, mailing address, email address, and telephone number.

c. Profile Data
Includes information about your preferences, purchase history, behavior on the Website, and content submitted as part of using our services.

d. Communication Data
Includes your communications with us through channels such as email, contact forms, live chat, and support tickets, as well as metadata associated with those communications.

e. Technical Data
Includes information about the devices and technologies you use to access our Website, such as browser plug-in types, time zone settings, screen resolution, language settings, system configuration, and mobile operating system.

f. Transaction Data
Includes data related to purchases and payments you make through our Website, including billing and delivery addresses and details associated with order fulfillment.

g. Preference Data
Includes your communications preferences, such as consent to receive marketing communications, and your interests as indicated through site activity or settings.

4. Legal Bases for Processing Personal Data

We process your personal data in accordance with applicable data protection laws, and only when we have a valid legal basis for doing so. These legal bases include:

– Consent: When you have given us your voluntary, specific, informed, and unambiguous consent.
– Contractual Necessity: When processing is necessary to fulfill a contract with you, such as providing purchased goods or services.
– Legal Obligation: When we are required to comply with legal or regulatory obligations.
– Legitimate Interests: When processing is necessary for our legitimate interests, provided those interests are not overridden by your data protection rights. This includes activities such as analytics, fraud prevention, direct marketing (where permitted), and Website improvement.

5. Your Data Protection Rights

You have the following rights under GDPR and, subject to specific provisions, under CCPA:

– Right of Access: You may request access to your personal data held by us.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request the deletion of your personal data, subject to certain limitations.
– Right to Restriction: You may request restrictions on the processing of your personal data under specific circumstances.
– Right to Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format, and have the right to transmit that data to another controller.
– Right to Object: You may object to certain types of processing, including direct marketing.
– Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time.

To exercise any of the above rights, please contact us at [email protected].

If you are a California resident, you have the right to request information about the categories and specific pieces of personal information we have collected about you, as well as rights to deletion and non-discrimination in the exercise of these rights.

6. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These include, but are not limited to:

– Encryption of personal data at rest and in transit
– Access controls and authentication protocols
– Regular security assessments and audits
– Redundancy and backup procedures
– Staff training surrounding confidentiality and data security practices

While we take commercially reasonable steps to protect your information, no system is impenetrable. Users are encouraged to maintain personal security practices.

7. International Transfers

Your personal data may be transferred to and processed in countries outside of your jurisdiction. Where we transfer data internationally, we do so in accordance with applicable legal requirements, utilizing mechanisms such as:

– Standard Contractual Clauses approved by the European Commission
– Adequacy determinations by the European Commission or relevant authorities
– Binding corporate rules or other lawful transfer mechanisms

We ensure that appropriate safeguards are in place for such transfers.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, and as required to comply with legal, contractual, or regulatory obligations. Retention periods are as follows:

– Usage Data: 12 months for analytics purposes
– Account Data: Active duration of account + 6 years
– Profile Data: Active duration of use + 2 years
– Communication Data: 3 years from last communication
– Technical Data: 12 months for system diagnostics
– Transaction Data: 7 years for tax and accounting compliance
– Preference Data: Until consent is withdrawn or data is updated

We periodically review data held to ensure it remains relevant and necessary.

9. Cookie Policy

We use cookies and related technologies to enhance your experience on keatsinhampstead.com. Cookies may be grouped into the following categories:

– Essential Cookies: Necessary for the functioning of the Website (e.g., secure log-ins, shopping cart functionality).
– Functional Cookies: Enable basic personalization and remember your settings.
– Analytics Cookies: Allow us to analyze site usage to improve performance and user experience.
– Performance Cookies: Used to understand how users interact with the Website, including page load speeds, navigation patterns, and error rates.

10. Cookie Management and GDPR & CCPA Compliance

Upon first visit to the Website, you will be prompted to review and manage your cookie preferences via a cookie consent manager. You may update your preferences at any time by accessing the cookie settings link available on the Website.

You also have the option to control cookies through your browser settings, including deleting or disabling cookies altogether. Note, however, that certain functionalities of the site may be limited if you choose to disable essential cookies.

We honor relevant browser-based signals (such as Global Privacy Control) where applicable.

11. Children’s Privacy

Our Website and services are not intended for children under the age of 13, and we do not knowingly collect personal data from children under 13 without verifiable parental consent. If we become aware that a minor has submitted personal data without appropriate consent, we will promptly take steps to delete such data.

12. Changes to This Privacy Policy

We reserve the right to amend or revise this Privacy Policy at any time. Any changes will be posted on this page. Where required by law, we will notify you of significant changes and, where applicable, obtain your consent. We encourage you to review this Privacy Policy periodically to remain informed about our data practices.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way in which we handle your personal data, please contact us at:

Email: [email protected]

We are committed to complying with all applicable privacy laws and regulations and ensuring that your personal data is handled responsibly and transparently.