Privacy Policy
1. Introduction
At Mt. Washington Made (“we,” “our,” or “us”), accessible via mtwashingtonmade.com (the “Website”), we are deeply committed to protecting your privacy and ensuring that your personal data is handled with the utmost care and transparency. We recognize the importance of safeguarding your personal information and adhere to applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, store, and protect your information and your rights concerning your personal data.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users and visitors of mtwashingtonmade.com. Mt. Washington Made is the “data controller” of all personal data collected via our Website, meaning we determine the purpose and manner in which personal data is processed. By accessing or using our Website, you acknowledge awareness of the processing activities described herein.
3. Categories of Data Processed
We collect, use, store, and transfer different categories of personal data, which may include:
a) Usage Data
Information about how you use our Website, including your IP address, browser type and version, operating system, referring URLs, pages viewed, access times, and duration of visits.
b) Account Data
Data you provide when registering or placing orders, including your full name, billing and delivery addresses, email address, and telephone number.
c) Profile Data
Details such as your shopping history, interests, preferences, feedback, and survey responses.
d) Communication Data
Records of your communications with us, including support tickets, queries, and correspondence sent via email or through the Website.
e) Technical Data
Information about your device and configuration, such as device identifiers, browser plugins, network activity, time zone, and other technical identifiers necessary for website operation.
f) Transaction Data
Details of purchases made through mtwashingtonmade.com, including payment methods, order history, delivery information, and invoice records.
g) Preference Data
Information you provide regarding marketing communications, product preferences, mailing list subscriptions, and consent settings.
We do not process sensitive personal information (e.g., racial or ethnic origin, health data, etc.) unless explicitly required for a specified purpose and in compliance with applicable laws.
4. Legal Bases for Processing
We rely on the following legal bases for processing your personal information:
– Consent: When you have provided explicit consent for specific purposes, such as subscribing to marketing communications.
– Contractual Necessity: When processing is necessary to perform a contract with you (e.g., fulfilling an online purchase).
– Legitimate Interests: When we have a legitimate business reason, such as improving our services or detecting fraudulent activity, provided that such use is proportionate and respects your privacy rights.
– Legal Obligation: When processing is required to comply with legal obligations, such as tax or financial reporting regulations.
5. Your Data Protection Rights
In accordance with GDPR and CCPA, you may exercise the following rights regarding your personal data:
– Right to Access: Request access to the personal information we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal information, subject to certain legal exceptions.
– Right to Restrict Processing: Request us to restrict the processing of your data in certain circumstances.
– Right to Data Portability: Obtain a copy of your data in a structured, commonly used format and request transmission to another controller.
– Right to Object: Object to direct marketing or to processing based on our legitimate interests.
– Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of earlier processing.
California residents may also request:
– Disclosure of categories and specific pieces of personal data collected.
– Disclosure of how data is used, shared, or sold.
– Opt-out of the sale or sharing of personal data (we do not sell user data).
– Non-discrimination in terms or conditions when rights are exercised.
To exercise your rights, contact us at: [email protected].
6. Security Measures
We implement robust technical and organizational measures to ensure the security of your personal data. These include:
– TLS (Transport Layer Security) encryption.
– Access control and authentication protocols.
– Regular data backups and disaster recovery systems.
– Role-based access limitations to sensitive data.
– Regular staff training on data protection and confidentiality.
Despite our efforts, no method of data transmission on the Internet is fully secure, and we cannot guarantee absolute protection. However, we continually monitor risks and enhance our security practices accordingly.
7. International Transfers
Your personal data may be transferred to and stored on servers outside of your jurisdiction, including countries that may not offer the same level of data protection. In such cases, we utilize Standard Contractual Clauses (SCCs) or other legally accepted mechanisms to ensure adequate protection of your information in compliance with GDPR and other applicable laws.
8. Data Retention
We retain personal data only as long as necessary for the purposes described in this policy or as required by law. Specific retention periods include:
– Account and Transaction Data: Up to seven (7) years for accounting and compliance purposes.
– Communication Data: Up to five (5) years from the last interaction.
– Marketing Preference Data: Until you withdraw your consent or opt out.
– Technical and Usage Data: Up to two (2) years to provide usage analytics and improve site performance.
Upon expiration of the relevant timeframes, personal data is securely deleted or anonymized.
9. Cookie Policy
Our Website uses cookies and similar technologies to provide a seamless experience. Categories include:
a) Essential Cookies
Required for proper functioning of the Website, including security and navigation.
b) Functional Cookies
Enable enhanced functionality such as remembering your preferences and language selection.
c) Analytics Cookies
Collect anonymous data to help us understand user behavior and improve our Site.
d) Performance Cookies
Measure website performance metrics such as loading speed and responsiveness.
10. Cookie Management and Compliance
Upon first visit to mtwashingtonmade.com, you will be presented with a cookie consent banner to accept or reject non-essential cookies. You may also manage your preferences via your browser settings or by modifying cookie selections on our Website.
In compliance with GDPR and CCPA, we do not deploy non-essential cookies without your express consent. California residents may also exercise the right to opt out of information sharing facilitated through certain cookies.
11. Children’s Privacy
The Website is not directed to children under the age of 13, and we do not knowingly collect personal data from individuals under that age. If we become aware that a child under 13 has provided us with personal information, we will delete such data promptly. Parents or guardians who believe their child has submitted information without consent should contact us directly at [email protected].
12. Policy Updates
We reserve the right to revise or update this Privacy Policy at any time as necessary to reflect operational, legal, or regulatory changes. Substantive updates will be clearly communicated on our Website. We encourage users to review this page regularly to stay informed of our privacy practices.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, please contact:
Mt. Washington Made
Email: [email protected]
We are committed to maintaining transparency in our privacy practices and ensuring your data is treated with respect and care.
Mt. Washington Made is dedicated to full compliance with applicable privacy laws and standards. If you have any privacy concerns or wish to exercise your data rights, please reach out to us at the address above.