Privacy Policy
1. Introduction
At georgia-van-etten.com (“Website”, “we”, “us”, or “our”), we are deeply committed to safeguarding the privacy and personal data of all users who interact with our services. We adhere strictly to applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy explains how we collect, use, disclose, and protect your personal data, and your rights in relation to that information.
We endeavor to process all personal data responsibly, lawfully, and transparently, and we take all necessary measures to ensure the security and confidentiality of your information.
2. Scope and Data Controller
This Privacy Policy applies to all personal data collected through your interactions with georgia-van-etten.com and the services we provide through the Website. For the purposes of data protection laws, the data controller is Georgia van Etten, who determines the purposes and means of the processing of your personal data.
For any questions or concerns regarding the processing of your data, you may contact us at [email protected].
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data, depending on your engagement with the Website and our services:
a. Usage Data: Includes information about your interactions with the Website such as pages viewed, session duration, IP address, browser type and version, referring URLs, and other diagnostic data.
b. Account Data: Includes your full name, email address, physical address, phone number, and other personal identifiers provided when registering for an account or placing an order.
c. Profile Data: Includes your preferences, interests, feedback, responses to surveys, purchase behavior, past orders, and general user behavior on the site.
d. Communication Data: Includes any correspondence you send to us, messages sent through our contact forms, and support inquiries. This also includes communication preferences.
e. Technical Data: Includes device identifiers, hardware model, operating system and version, language preferences, mobile network information, and technical configuration from cookies and similar technologies.
f. Transaction Data: Includes data about payments made, billing details, shipping addresses, and order history.
g. Preference Data: Includes your marketing and communication preferences, product and style interests, preferred music content, and engagement with promotional material.
4. Legal Bases for Processing
We process your personal data in accordance with established legal bases under the GDPR and CCPA. These include:
– Contractual Necessity: Processing required to perform a contract with you, such as fulfilling purchases or registrations.
– Legitimate Interests: Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights. For example, analyzing website usage to improve user experience.
– Consent: Where you have given explicit permission for us to process your data for specific purposes (e.g., marketing).
– Legal Obligation: To comply with applicable laws or enforceable government requests.
5. Your Data Protection Rights
Subject to applicable data protection laws, you may exercise the following rights:
– Right of Access: Obtain confirmation as to whether we process your data and, if so, access a copy.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to lawful limitations.
– Right to Restrict Processing: Limit how we use your data under certain circumstances.
– Right to Data Portability: Receive your personal data in a machine-readable format and transfer it to another controller.
– Right to Object: Object to data processing which relies on our legitimate interests or is used for direct marketing purposes.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We take appropriate technical and organizational measures to ensure personal data is protected against unauthorized access, disclosure, alteration, or destruction. Our security protocols include but are not limited to:
– Encryption of data in transit using SSL/TLS
– Secure access controls and user permissions
– Regular data backups and integrity checks
– Staff training on data privacy and information security
7. International Data Transfers
We may transfer personal information to countries outside your jurisdiction for the purposes described in this Policy. Where we do so, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, compliance with the UK GDPR, and other regional adequacy determinations where applicable.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. Specific retention periods include:
– Usage Data: 12 months from the date of collection
– Account and Profile Data: For the duration of your relationship with us and up to 36 months thereafter
– Communication Data: 24 months from last correspondence
– Transaction Data: 7 years for accounting and tax purposes
– Preference Data: Retained until you update your preferences or withdraw consent
Upon expiration of these periods, the data will be securely deleted or anonymized.
9. Cookie Policy
Cookies are small text files placed on your device to enable specific functionalities and improve user experience. We use the following categories of cookies:
– Essential Cookies: Necessary for the basic functioning of the Website.
– Functional Cookies: Enhance functionality, such as language preference or navigation history.
– Analytics Cookies: Collect anonymized data to understand interactions and improve the Website.
– Performance Cookies: Monitor performance stability and loading times.
10. Cookie Management and Compliance
Users may manage preferences and revoke consent for cookies at any time by adjusting browser settings or using the cookie banner displayed on georgia-van-etten.com. We comply with GDPR and CCPA requirements by obtaining explicit consent where required and offering opt-out mechanisms.
You can also use browser-based tools to manage third-party cookies or block all cookies if desired; however, essential site features may become unavailable.
11. Children’s Privacy
Our Website and services are not directed toward children under the age of 13. We do not knowingly collect or process data from individuals under this age. If we become aware that we have inadvertently collected personal data from a child under 13, we will take immediate steps to delete the information. If you believe we may have collected such data, please contact us promptly at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or user feedback. Where materially significant changes are made, we will provide notice through the Website or direct email notifications when appropriate. Continued use of the Website following any updates constitutes your acceptance of the revised Policy.
13. Contact
For any questions regarding this Privacy Policy, or to exercise your rights under applicable privacy laws, please reach out to us via email at [email protected].
We reaffirm our commitment to privacy and full compliance with applicable data protection standards. Thank you for trusting georgia-van-etten.com with your personal data.