Privacy Policy for jemmasimpson.com
1. Introduction
At jemmasimpson.com (“we”, “our”, “us” or “the Website”), we are committed to respecting and protecting your privacy. We recognize the importance of personal data and we are dedicated to handling it responsibly and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how your personal information is collected, used, stored, and shared when you visit or interact with our Website.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users, visitors, customers, and registered account holders accessing jemmasimpson.com. We act as the “data controller” under GDPR, meaning we determine the purposes and means of the processing of your personal data. For California residents, we function as a “business” under CCPA. This Policy governs your use of the Website and all associated services, features, and communications.
3. Categories of Personal Data We Process
We may collect and process various categories of personal data, which include the following:
– Usage Data: Information about how you interact with the Website, including browser type, internet protocol (IP) address, referring/exit pages, session duration, and other diagnostic data pertaining to user behavior.
– Account Data: Information required to create and manage an account, such as your full name, postal address, email address, and phone number.
– Profile Data: Preferences, purchase history, user behavior, account settings, and other data associated with your profile.
– Communication Data: Records related to support inquiries, feedback, customer service interactions, and correspondence history.
– Technical Data: Device identifiers, operating system, language settings, and system configurations used to access jemmasimpson.com.
– Transaction Data: Details relating to purchases and payments made via the Website, including billing and delivery addresses, payment methods (processed securely via third-party providers), and order details.
– Preference Data: Marketing and communication preferences, including opt-in status, product interests, and promotional activity responses.
4. Legal Bases for Processing
We process your personal data based on the following lawful grounds:
– Contractual Necessity: Processing necessary to fulfill an agreement with you, such as delivering purchased products or providing requested services.
– Consent: Where you have explicitly agreed to the processing of your personal data for specific purposes, such as receiving marketing communications.
– Legitimate Interest: Where processing is necessary for our legitimate business purposes, such as improving website functionality, communicating with users, or preventing fraudulent activity, provided such interests are not overridden by your rights and freedoms.
– Legal Obligation: Where we are required to process your data to comply with applicable legal or regulatory obligations.
5. Your Rights
In accordance with GDPR, CCPA, and other relevant laws, you have the following rights regarding your personal data:
– Right to Access: Obtain confirmation as to whether personal data concerning you is being processed and access to that data.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to legal or contractual obligations.
– Right to Restriction: Request limitation on the processing of your data in specific circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format and have it transmitted to another controller where feasible.
– Right to Object: Object to processing based on our legitimate interests or for direct marketing purposes.
To exercise your rights, you may contact us at [email protected].
6. Security Measures
We implement industry-standard technical and organizational safeguards to protect your personal data. These include:
– Encryption of sensitive storage and transmission,
– Role-based access controls and authentication procedures,
– Regular backups and secure infrastructure management,
– Employee training on data protection principles.
We continuously monitor our systems for vulnerabilities and conduct periodic risk assessments.
7. International Data Transfers
Where your personal data is transferred outside of your country or jurisdiction (including to countries outside the European Economic Area), we ensure such transfers are compliant with applicable laws. Transfers may be safeguarded through the use of Standard Contractual Clauses or other approved mechanisms that ensure an adequate level of data protection.
8. Data Retention
We retain your personal data only as long as necessary for the purposes set out in this Policy, unless a longer retention period is required or permitted by law. Retention timeframes include:
– Usage Data: retained for analytical purposes for up to 24 months.
– Account Data: retained for the duration of the user relationship, and up to 5 years thereafter.
– Transaction Data: retained for 7 years for financial and auditing purposes.
– Communication Data: kept for 3 years following last contact.
– Preference Data: retained until updated or deleted by the user.
9. Cookie Policy
Our Website uses cookies and similar tracking technologies for various purposes:
– Essential Cookies: Strictly necessary for the operation of the Website and enabling security and functionality.
– Functional Cookies: Enhance user experience by remembering preferences and prior interactions.
– Analytics Cookies: Used to monitor web traffic and understand user behavior via tools such as Google Analytics, which helps us improve performance and usability.
– Performance Cookies: Facilitate performance measurement and assist in optimizing content delivery speeds and responsiveness.
10. Cookie Management and Compliance
We provide clear notice and obtain user consent before placing non-essential cookies in accordance with GDPR and CCPA requirements. You have control over your cookie preferences:
– Cookie Consent Banner: Presented upon first visit to allow users to manage their settings.
– Browser Controls: You may disable cookies directly through your web browser settings at any time.
– Do Not Sell: California residents may exercise their right to opt out of the “sale” of their personal data by contacting us at [email protected].
Please note that disabling certain cookies may affect the Website’s functionality.
11. Special Protections for Children
We do not knowingly collect or solicit personal data from children under the age of 13. If we learn that a child has provided us with personal data without verifiable parental consent, we will delete such data promptly. If you believe that a child under 13 may have provided personal information to jemmasimpson.com, please contact us at [email protected].
12. Policy Updates
We reserve the right to modify this Privacy Policy at any time in accordance with legal, operational, or regulatory requirements. Users will be notified of any material changes via email or through prominent notices on the Website. We encourage you to review this Policy periodically to remain informed about how we protect your data.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:
Email: [email protected]
We are committed to full compliance with international data protection regulations and are here to assist you in exercising your rights and understanding how your personal data is processed.