Privacy Policy for rosecrownco.com
1. Introduction
At Rose Crown Co. (“we,” “our,” or “us”), accessible via rosecrownco.com, we are committed to safeguarding your personal data and ensuring transparency regarding how your information is used. We recognize the importance of privacy and the need to protect personally identifiable information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. This Privacy Policy outlines how we collect, use, store, disclose, and protect your data when you interact with our website, services, and products.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of the rosecrownco.com website and any affiliated services we offer. We act as the “data controller” under GDPR with regard to the processing of personal data collected through our site and services unless otherwise specified. For California residents, we function as a “business” under CCPA.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
Information automatically collected about how you interact with our website. This may include your IP address, browser type, referral URLs, pages visited, and timestamps of your visits.
b. Account Data
Information you provide when creating an account or making a purchase, such as your name, postal address, email address, and phone number.
c. Profile Data
Details related to your user profile, including your product preferences, past purchases, wish lists, and behavioral data for optimizing your user experience.
d. Communication Data
Information derived from your communications with us, including support inquiries, feedback, and your interaction history with our service teams.
e. Technical Data
Information related to the devices and systems you use to access our services, including device type, operating system, screen resolution, and browser settings.
f. Transaction Data
Details regarding your purchases or attempted purchases, including payment method (processed via third parties), order history, billing and delivery addresses.
g. Preference Data
Data about your marketing preferences, opt-in status for newsletters, product interests, and survey responses.
4. Legal Bases for Processing
We process your personal data on the following lawful bases:
– Consent: Where you have provided explicit permission (e.g., marketing communications).
– Contractual Necessity: To fulfill obligations arising from a contract with you, such as order processing and customer support.
– Legitimate Interests: Where necessary to operate or improve our business, protect against fraud, and analyze usage patterns, provided your interests and rights do not override ours.
– Legal Obligation: To comply with applicable laws or lawful requests from government agencies.
5. Your Rights
You are entitled to the following rights under GDPR and similar laws:
– Right of Access: Obtain confirmation of whether we process your data and access to that data.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of personal data where there is no lawful reason for retention.
– Right to Restriction: Request the limitation of data processing in certain circumstances.
– Right to Data Portability: Receive your data in a structured, machine-readable format for transmission to another service provider.
– Right to Object: Object to processing where we rely on legitimate interests or use your data for direct marketing.
To exercise any rights, please contact [email protected].
6. Security Measures
We implement industry-standard technical and organizational measures to protect your personal data, including:
– TLS encryption for data in transit.
– Access controls ensuring only authorized personnel manage sensitive information.
– Regular security audits and penetration testing.
– Secure data storage solutions and off-site encrypted backups.
– Staff training and awareness programs focused on data protection practices.
7. International Transfers
In cases where we transfer data outside of the European Economic Area (EEA), we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. We ensure that all international data transfers adhere to region-specific regulatory requirements to maintain the security and lawfulness of your information.
8. Data Retention
We retain personal data based on purpose and regulatory requirements:
– Account and Profile Data: Retained for the lifetime of your account plus 12 months post-deletion.
– Transaction Data: Retained for 7 years for audit and compliance purposes.
– Communication and Support Data: Retained for 3 years from the last interaction.
– Marketing Preferences: Retained until revoked or after 5 years of inactivity.
– Technical and Usage Data: Retained for 2 years for analytics and performance purposes.
After these periods, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance the user experience on rosecrownco.com. Cookies fall into the following categories:
– Essential Cookies: Required for navigation, secure log-ins, and basic functionality.
– Functional Cookies: Remember user preferences and choices to improve usability.
– Analytics Cookies: Collect aggregated data about website usage for service improvement.
– Performance Cookies: Monitor website performance and identify errors or optimization needs.
10. Cookie Management and Compliance with GDPR & CCPA
You have the right to control your cookie preferences. Upon your first visit to our site, a cookie banner allows you to opt in or out of non-essential cookies. You can also manage preferences at any time via your browser settings or through our designated cookie control panel.
We honor “Do Not Track” (DNT) signals and provide an option for opting out of the sale of personal information in accordance with CCPA.
11. Special Protections for Children Under 13
Protecting children’s privacy is crucial. Our website and services are not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13 without verified parental consent. If we become aware that such data has been inadvertently collected, it will be promptly removed.
12. Policy Updates & User Notifications
This Privacy Policy is subject to revision to remain compliant with evolving legal standards and business operations. Where changes are material, we will notify users via email or a prominent notice on rosecrownco.com. You are encouraged to review this policy periodically to remain informed of your rights and our practices.
13. Contact
If you have any questions about this Privacy Policy or wish to exercise your rights regarding your personal data, you may contact us at:
Email: [email protected]
We are committed to full compliance with applicable data privacy laws and dedicated to maintaining a safe, transparent, and respectful digital environment for all users of rosecrownco.com.