NOTICE FOR EUROPEAN CONSUMERS
Last updated: December 23rd, 2024
We are committed to protecting the privacy and personal data of our customers in compliance with the General Data Protection Regulation (GDPR). This GDPR Compliance Policy outlines our practices and procedures to ensure the lawful and transparent processing of personal data. We strive to uphold the rights of individuals and maintain the security and confidentiality of their information.
1. Data Controller and Contact Information
1.1 Data Controller: Maraschino Cherry Club acts as the data controller for the personal data collected and processed through our website and services.
1.2 Contact Information: If you have any questions, concerns, or requests regarding the processing of your personal data or this GDPR Compliance Policy, please contact our Data Protection Officer through our contact page.
2. Lawful Basis for Data Processing
2.1 Consent: We obtain the necessary consent from individuals before collecting and processing their personal data. By using our website or providing your information, you consent to the processing of your personal data in accordance with this GDPR Compliance Policy.
2.2 Contractual Necessity: We may process personal data as necessary for the performance of a contract with you or to take pre-contractual steps at your request.
2.3 Legitimate Interests: In some cases, we may process personal data based on our legitimate interests, such as improving our services, preventing fraud, or enhancing security. We carefully assess and balance our interests against the rights and freedoms of individuals.
3. Types of Personal Data Collected
We collect and process various types of personal data necessary for the purposes described in our privacy policy. This may include:
• Identifiers, such as name, email address, postal address, and phone number.
• Payment and transaction details.
• User preferences and communication preferences.
• Browsing activity and website usage information.
• Geolocation data.
• Any other information you voluntarily provide to us.
4. Purposes of Data Processing
We process personal data for the following purposes:
• Providing and delivering our products and services to you.
• Processing and fulfilling your orders and requests.
• Communicating with you, including customer support and service-related notifications.
• Personalizing your experience and tailoring our offerings to your preferences.
• Managing and improving our website, products, and services.
• Analyzing data to better understand customer behavior and preferences.
• Complying with legal obligations and protecting our rights and interests.
5. Data Subject Rights
5.1 Right to Access: You have the right to request access to the personal data we hold about you and receive a copy of that data, subject to certain limitations and legal requirements.
5.2 Right to Rectification: You have the right to request the correction of inaccurate or incomplete personal data.
5.3 Right to Erasure: Subject to legal obligations, you have the right to request the deletion of your personal data if it is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
5.4 Right to Restriction of Processing: In certain circumstances, you have the right to request the restriction of the processing of your personal data.
5.5 Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller, where technically feasible.
5.6 Right to Object: You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.
5.7 Automated Decision-Making and Profiling: We do not engage in automated decision-making or profiling that significantly affects you.
6. Data Security and Retention
6.1 Data Security: We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data. These measures include:
• Encryption of personal data during transmission and storage.
• Regular monitoring and testing of our systems for vulnerabilities.
• Access controls and restrictions to limit unauthorized access to personal data.
• Training our employees on data protection and security practices.
• Collaborating with trusted service providers, including Shopify, who maintain robust security measures.
6.2 Data Retention: We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required or permitted by law. The retention period may vary depending on the type of data and the purposes of processing.
7. Data Transfers
We may transfer personal data to recipients located in countries outside the European Economic Area (EEA) that may not provide an adequate level of data protection. In such cases, we will implement appropriate safeguards, such as standard contractual clauses or relying on an adequacy decision by the European Commission.
8. Data Breach Notification
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will promptly notify the relevant supervisory authority and, if required by applicable law, inform you about the breach.
9. Third-Party Service Providers
We may engage third-party service providers who process personal data on our behalf. We carefully select and enter into agreements with these providers to ensure they comply with applicable data protection laws and provide sufficient guarantees regarding the security and confidentiality of personal data.
10. Updates to This Policy
We may update this GDPR Compliance Policy from time to time to reflect changes in our data processing practices or legal obligations. We will post the updated policy on our website and indicate the date of the latest revision.
11. Contact Us
If you have any questions, concerns, or requests related to the processing of your personal data or this GDPR Compliance Policy, please contact our Data Protection Officer through our contact page. We will address your inquiries and strive to resolve any issues in a timely and transparent manner.