Privacy Policy
1. Introduction
At shakespearesrose.com (“we”, “us”, “our”), we are firmly committed to safeguarding your privacy and ensuring the highest level of protection for your personal data. Respecting your privacy is central to the way we conduct our business, and we take our responsibilities regarding data privacy, security, and transparency very seriously. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data processing activities carried out through shakespearesrose.com, including related services, communications, and transactions. For the purposes of applicable data protection laws, the data controller responsible for your personal data is shakespearesrose.com. As the data controller, we determine the purposes and means of the processing of your personal information.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
3.1 Usage Data
Information about how you use our website, including browser type, IP address, session duration, referring URLs, navigation paths, interaction data, and access time stamps.
3.2 Account Data
Information provided during account registration, such as your name, address, email address, telephone number, and login credentials.
3.3 Profile Data
Details related to your preferences, purchase history, behavior on the website, and other lifestyle or interest indicators where applicable.
3.4 Communication Data
Correspondence and contact history, such as support requests, inquiries, messages via contact forms, and customer service interactions.
3.5 Technical Data
Information relating to the device you use to access our services, including device identifiers, system configuration, browser plugins, language settings, time zones, and operating system details.
3.6 Transaction Data
Details pertaining to orders, payment details (processed via secure payment gateways), delivery information, billing addresses, and other transaction records necessary to fulfill contracts with you.
3.7 Preference Data
Choices and consents provided for marketing communications, interest-based preferences, and participation in promotional activities.
4. Legal Bases for Processing
Depending on the nature of the data and purpose of processing, we rely on one or more of the following legal bases:
– Contractual Necessity: When data processing is required to fulfill a contract or pre-contractual requests.
– Legitimate Interest: Where our interests are not overridden by your fundamental rights or freedoms, such as improving our services or fraud prevention.
– Consent: For marketing emails or when legally required to collect certain types of data, we obtain your explicit and informed consent.
– Legal Obligation: Processing that is necessitated by applicable statutory or regulatory requirements.
5. Your Rights
In accordance with applicable privacy laws, you are afforded the following rights:
– Right of Access: You may request confirmation and a copy of the personal data we hold about you.
– Right to Rectification: You may request to correct or update inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, subject to applicable legal retention periods.
– Right to Restriction: You may request limitations on the processing of your data in certain circumstances.
– Right to Data Portability: You may request that we transfer your information to another data controller in a structured, machine-readable format.
– Right to Object: You may object at any time to processing based on our legitimate interests or for direct marketing purposes.
You may exercise these rights by contacting us at [email protected] or [email protected].
6. Security Measures
We implement a comprehensive set of technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data, including:
– Data encryption at-rest and in-transit
– Multi-level access controls and authentication mechanisms
– Secure backups and disaster recovery protocols
– Staff training and internal data protection guidelines
– Regular security assessments and threat monitoring
7. International Transfers
Should your data be transferred outside of the European Economic Area (EEA) or California, we ensure such transfers comply with applicable legal safeguards, including the use of Standard Contractual Clauses approved by the European Commission, regional adequacy decisions, and relevant U.S. state-level data transfer standards, where applicable.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required to comply with legal, accounting, or regulatory obligations. Retention periods vary:
– Account and Profile Data: Retained as long as your account is active and for up to 6 years thereafter for legal and contractual obligations.
– Transaction and Communication Data: Retained for a minimum of 7 years post-transaction to comply with tax, audit, and legal obligations.
– Usage and Technical Data: Retained for a maximum of 12 months for operational analytics.
– Marketing Preferences: Retained until consent is withdrawn.
9. Cookie Policy
We use cookies and similar technologies on shakespearesrose.com for the following purposes:
– Essential Cookies: Required for the functioning of the website, including secure login and session continuity.
– Functional Cookies: Remember your preferences and settings (e.g., language or region).
– Analytics Cookies: Help us analyze site usage to improve performance and user experience.
– Performance Cookies: Assist in understanding the effectiveness of our marketing and content delivery.
10. Cookie Management and Compliance
Upon visiting shakespearesrose.com, you are presented with the option to accept or reject non-essential cookies via a cookie consent banner. You may also adjust consent settings or withdraw consent at any time using the “Cookie Settings” link in the page footer or within your browser configuration. We comply with all applicable GDPR and CCPA requirements regarding the collection and use of cookies, including the implementation of opt-out mechanisms and Do-Not-Sell requests under CCPA.
11. Special Protections for Children
Our website and services are not directed to individuals under the age of 13. If we become aware that we have inadvertently collected personal data from a child under 13 without verifiable parental consent, we will promptly delete such data in compliance with the Children’s Online Privacy Protection Act (COPPA) and other relevant laws.
12. Policy Updates and Notifications
We may update this Privacy Policy from time to time to reflect changes in our practices, legal obligations, or service offerings. Updated policies will be published on shakespearesrose.com. Where required by law or where material changes are made, we will provide you with notice via the email address associated with your account or through prominent notice on the site.
13. Contact
If you have any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
We are committed to ensuring your privacy rights are respected and enforced. If you are unsatisfied with our response, you may have the right to lodge a complaint with your data protection authority.
—
We are fully committed to compliance with GDPR, CCPA, and all relevant data protection laws. For any inquiries, please reach out to us at [email protected].