1. Introduction
At riff-rocker.com (“Website”, “we”, “us”, or “our”), we are committed to protecting your privacy and ensuring the security of your personal data. Our approach is guided by transparency, accountability, and adherence to global data protection standards, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you interact with our Website or services.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of riff-rocker.com and any affiliated services offered through the Website. We act as the “data controller” under the GDPR and the “business” under the CCPA for all personal information collected through our Website. This means we determine the purposes and means of processing your personal information.
3. Categories of Data Processed
We may collect and process the following categories of personal data from you, either directly or through automated means:
a) Usage Data: Includes information about how you interact with the Website, such as IP addresses, browser types, operating system versions, referral URLs, pages visited, session duration, and time stamps.
b) Account Data: Includes identifying information provided when you create an account or make a purchase. This may include your full name, shipping and billing address, email address, and phone number.
c) Profile Data: Includes information such as your user preferences, purchase history, saved items, browsing behavior, and other personalization settings.
d) Communication Data: Includes records of correspondence with us, including customer service interactions, inquiries, support tickets, and chat sessions.
e) Technical Data: Includes device-specific information such as hardware model, device identifiers, screen resolution, internet service provider, and browser settings.
f) Transaction Data: Includes payment details (processed by third-party providers), order history, delivery address, and invoice data.
g) Preference Data: Includes information related to your settings for receiving marketing communications, product or content interests, and notification preferences.
4. Legal Bases for Processing
In accordance with the GDPR, we rely on a range of legal bases to process your personal data, including:
– Performance of a contract: For order fulfillment, account creation, and related services.
– Consent: For sending marketing communications or using non-essential cookies (as required).
– Legitimate interests: For analytics, service improvement, fraud prevention, internal record keeping, customer support, and Website performance enhancements.
– Legal obligations: For compliance with applicable laws, regulations, or legal processes.
5. Your Rights
If you are an individual within the European Economic Area (EEA) or a California resident, you have the following rights concerning your personal information:
– Right of Access – to obtain confirmation whether we process your data and a copy of that data.
– Right to Rectification – to request correction of inaccurate or incomplete data.
– Right to Erasure – to request deletion of your data, subject to limitations.
– Right to Restriction – to request limitation on the processing of your data.
– Right to Data Portability – to receive a copy of your personal data in a structured, machine-readable format.
– Right to Object – to object to processing carried out on the basis of legitimate interests.
– Right to Withdraw Consent – to withdraw previously given consent for certain processing activities.
– Right to Non-Discrimination (CCPA) – to not be discriminated against for exercising these rights.
To exercise your rights, please contact us at [email protected].
6. Security Measures
We implement industry-standard technical and organizational security measures to protect your data against unauthorized access, disclosure, alteration, or destruction. These include:
– End-to-end encryption technologies (HTTPS, TLS)
– Role-based access controls and authentication protocols
– Regular security audits and intrusion detection
– Data backups and disaster recovery plans
– Staff training in data protection best practices
Despite our efforts, no security system is infallible. We therefore cannot guarantee absolute security of your information.
7. International Transfers
When personal data is transferred outside the EEA or other applicable jurisdictions, we implement appropriate safeguards, including the European Commission’s Standard Contractual Clauses or reliance on adequacy decisions. All transfers are performed in compliance with applicable data protection laws to ensure your rights are preserved.
8. Data Retention
We retain personal data only for the duration necessary to fulfill the purposes for which it was collected, or as required by law. Standard retention periods include:
– Account Data: retained for as long as the user maintains an active account.
– Communication Data: retained for up to 3 years unless a longer period is required by legal obligation or dispute resolution.
– Transaction Data: retained for up to 7 years for tax and compliance purposes.
– Preference and Profile Data: retained for a maximum of 2 years after your last interaction with the Website.
Once retention periods lapse, data is securely deleted or anonymized.
9. Cookie Policy
Our Website uses cookies and similar tracking technologies to enhance the user experience and ensure proper functionality. Cookies are categorized as follows:
– Essential Cookies: Necessary for core features like account login, shopping cart, security, and network management.
– Functional Cookies: Enable personalization, such as language choice and region.
– Analytics Cookies: Used to measure usage statistics, user behavior, and optimization effectiveness.
– Performance Cookies: Improve speed, reliability, and performance across devices.
By continuing to use riff-rocker.com, you consent to our use of cookies in accordance with this Policy unless you modify your cookie settings.
10. Cookie Management and Compliance with GDPR & CCPA
Upon first visit to riff-rocker.com, users are presented with a cookie banner that offers clear options to accept, reject, or customize cookie preferences. You may modify these preferences at any time via the “Cookie Settings” section accessible on the Website.
For EU users, we obtain affirmative consent before deploying non-essential cookies. For California residents, you have the right to opt-out of “sale” or “sharing” of personal information, as defined under the CCPA, through a “Do Not Sell or Share My Personal Information” link provided on our Website.
11. Children’s Privacy
Our Website and services are not directed to or intended for children under the age of 13. We do not knowingly collect, solicit, or process personal information from individuals under 13 years old. If we become aware that we have inadvertently collected data from a child, we will take immediate steps to delete such information from our systems. Parents or legal guardians who believe that their child’s data has been collected may contact us at [email protected] to request deletion.
12. Policy Updates and User Notifications
We reserve the right to revise this Privacy Policy at our discretion. Any material changes will be communicated through a notice on riff-rocker.com or via direct notification to users with registered accounts. Continued use of our services following such changes constitutes your acceptance of the updated Policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
We are committed to full compliance with applicable privacy regulations and to protecting your rights as a user. Please contact us at any time to discuss any privacy-related matter.