Privacy Policy for ipswich-witches.com
1. Introduction
At ipswich-witches.com (“we,” “our,” or “us”), we are committed to safeguarding your privacy and ensuring the security of your personal data. We understand the importance of privacy rights and aim to collect and process your information in a transparent, responsible, and lawful manner. We are fully aligned with applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to ensure your personal information is handled with the utmost care and respect.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of ipswich-witches.com, including visitors, customers, and individuals who communicate with us through any channel offered on our website. As the data controller, we determine the purposes and means of processing your personal information in compliance with relevant data protection laws.
For the purposes of GDPR, users within the European Economic Area (EEA) can regard Ipswich Witches as the Data Controller with respect to their personal data. For users in California, this notice is also intended to comply with the CCPA guidelines regarding consumer data usage and associated rights.
3. Categories of Data Processed
We may collect, use, store, and transfer the following categories of personal information:
a. Usage Data
This includes data about your visits to and use of ipswich-witches.com such as IP address, browser type and version, time zone setting and location, browser plug-in types, operating system, device information, referring website addresses, session duration, and browsing actions or patterns.
b. Account Data
Information provided by you when creating an account or making a purchase, including your full name, postal address, email address, and telephone number.
c. Profile Data
Includes information about your preferences, order history, interactions with our content, attendance behavior (if applicable to event services), and feedback.
d. Communication Data
Covers all customer service interactions and correspondence with our support team, including emails, contact form submissions, and call/chat logs.
e. Technical Data
Includes information gathered from the devices and infrastructure used to access our services such as system settings, internet service provider info, screen resolution, device identifiers, and system diagnostics.
f. Transaction Data
Comprises payment-related information (processed securely via third-party payment processors), order details, delivery addresses, and contact data related to purchases or event registrations.
g. Preference Data
Data related to your marketing and communication preferences, newsletter subscriptions, and your interests in specific products, services, offers, or content.
4. Legal Bases for Processing
We process your personal data based on one or more of the following legal foundations, as defined under GDPR:
– Consent: When you have granted us clear permission to process your data (e.g., for newsletters or promotional offers).
– Performance of a Contract: When processing is necessary to fulfill contractual obligations, such as delivering purchased goods or services.
– Legal Obligation: When we are legally required to collect, process, or disclose personal data (e.g., for tax or regulatory compliance).
– Legitimate Interests: Where processing is necessary for the purpose of our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms (e.g., data analytics, fraud prevention, and ensuring website security).
Under CCPA, the collection and use of California consumer data are governed by comparable legal principles, ensuring transparency and accountability regarding your personal data.
5. Your Rights
You have specific rights concerning the handling of your personal data. These include:
– Right of Access: You may request access to your personal data and receive a copy of the data we hold about you.
– Right to Rectification: You are entitled to request that any inaccurate or incomplete data be corrected.
– Right to Erasure (“Right to Be Forgotten”): In certain circumstances, you can request the deletion of your personal data.
– Right to Restriction of Processing: You may request the limitation of your data processing under certain conditions.
– Right to Data Portability: You may request that we transfer your data to you or another controller in a structured, machine-readable format.
– Right to Object: You can object to the processing of your personal data under certain scenarios, including direct marketing.
– California Consumer Rights: California residents may additionally request information about the collection, sale, and disclosure of their personal data and request opt-out rights via established mechanisms.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement rigorous technical and organizational security measures to protect your data from unauthorized access, disclosure, alteration, or destruction. These include:
– Encryption of sensitive data in transit and at rest.
– Role-based access control and credential authority.
– Secure data backup and disaster recovery planning.
– Regular staff training and awareness programs.
– Security audits and compliance reviews.
Despite these safeguards, please be aware that no method of electronic transmission or storage is fully secure, and therefore we cannot guarantee absolute data security.
7. International Transfers
If and when the transfer of your data occurs across international borders (e.g., when data is stored or accessed outside the UK or EEA), we ensure such transfers are protected by appropriate safeguards, such as EU Standard Contractual Clauses (SCCs) or adequacy decisions issued by the European Commission. For U.S. users, we maintain practices consistent with CCPA standards and applicable state laws.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes described in this policy or to comply with legal, accounting, or regulatory obligations. Broadly, retention periods are as follows:
– Usage, Technical, and Cookie Data: Retained up to 24 months.
– Account and Transaction Data: Retained for up to 7 years post-transaction for tax and financial reporting obligations.
– Communication and Support Data: Retained for up to 3 years following resolution or final contact.
– Marketing Preference Data: Retained until consent is withdrawn or the data is no longer required.
We perform routine evaluations to ensure data is deleted when no longer needed.
9. Cookie Policy
Our website uses cookies and similar technologies to optimize your browsing experience. Cookies fall into the following categories:
– Essential Cookies: Required for the core functionality of the website (e.g., log-in, basket operations).
– Functional Cookies: Enhance user preferences and customization (e.g., saved settings).
– Analytics Cookies: Enable tracking of usage patterns and visitor behavior using tools such as Google Analytics.
– Performance Cookies: Help measure the effectiveness of website performance and user interface interactions.
10. Cookie Management and Compliance
Upon first navigation to ipswich-witches.com, you will be presented with a cookie consent mechanism compliant with both GDPR and CCPA. Through this interface, you may:
– Accept all cookies.
– Reject non-essential cookies.
– Customize your cookie preferences based on category.
– Revoke or change your consent at any time via the cookie settings link in the website footer.
For California residents, a clear link to “Do Not Sell My Personal Information” is made available where applicable.
11. Children’s Privacy
We do not knowingly collect or process personal information from children under the age of 13. If you believe that a minor has provided us with personal data without parental consent, please notify us immediately so that we can take appropriate action, including data removal.
12. Policy Updates & User Notifications
We reserve the right to update this Privacy Policy from time to time, to reflect operational, legal, or regulatory changes. Any significant changes in how we collect or process personal data will be documented here. Where required by law, or deemed appropriate, we will notify you via email or through prominent notices on ipswich-witches.com.
13. Contact
If you have any questions, requests, or concerns regarding this Privacy Policy or our data protection practices, please contact our Privacy Office at:
Email: [email protected]
Website: https://www.ipswich-witches.com
We are committed to full compliance with GDPR, CCPA, and all relevant data protection frameworks. Please contact us to discuss any privacy concerns or exercise your data rights at any time.