Privacy Policy
1. Introduction
At Smokey Signals (“we,” “our,” or “us”), accessible via smokey-signals.com, we are fully committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We recognize the importance of maintaining the confidentiality, integrity, and availability of your personal data, and we take our responsibilities seriously.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of our website at smokey-signals.com and covers the collection, processing, and use of personal data through our services. We serve as the data controller for the personal information we collect, meaning we are responsible for determining the purpose and means by which your data is processed. For residents of California and the European Economic Area (EEA), we act in accordance with the respective regulations that govern data rights and consumer protections.
3. Categories of Data We Process
We process the following categories of personal data:
a) Usage Data
This includes information about how you interact with our website, such as your IP address, browser type, language settings, referring URLs, pages visited, access times, and diagnostic data.
b) Account Data
This refers to information you provide when creating an account or registering for services, including your full name, billing and shipping addresses, email address, and telephone number.
c) Profile Data
Profile Data includes any preferences you set on the website, historical purchase data, and behavioral records related to product engagement.
d) Communication Data
Data generated through communications with us, including customer service requests, email correspondences, messaging history, submitted forms, and user feedback.
e) Technical Data
Includes device identifiers, system configuration, hardware models, operating system types and versions, browser settings, and similar diagnostic data captured from your devices.
f) Transaction Data
Details of products or services you have purchased through our website, including payment information (processed securely via our PCI-compliant processors), delivery and fulfillment details, and transaction history.
g) Preference Data
Information regarding your marketing preferences, newsletter sign-ups, consent to targeted advertising, and stated product interests, which help us better tailor our offerings to you.
4. Legal Bases for Processing
We process your personal data under the following legal bases, as required by the GDPR and CCPA:
– Consent: Where you have given clear and informed consent for us to process your data (e.g., marketing emails).
– Contractual Necessity: When processing is required for the performance of a contract to which you are a party, such as fulfilling orders.
– Legitimate Interests: For purposes such as fraud prevention, service improvement, and overall website functionality, provided such interests are not overridden by your personal rights.
– Legal Obligation: Where processing is necessary to comply with applicable laws or regulatory requests.
5. Your Rights
Subject to legal eligibility and jurisdiction, you have the following rights regarding your personal data:
– Right to Access: You may request access to the information we hold about you.
– Right to Rectification: You may ask us to correct or update inaccurate or incomplete data.
– Right to Erasure: Also known as the “right to be forgotten,” you may request that we delete your data under certain conditions.
– Right to Restriction: You may restrict our ability to process your data in specific scenarios.
– Right to Data Portability: You may request a copy of your data in a structured, machine-readable format.
– Right to Object: You may object to the processing of your personal data under certain circumstances, including for direct marketing purposes.
To exercise any of these rights, please contact us at [email protected]. We will respond to valid requests in accordance with legal timelines and requirements.
6. Security Measures
We implement stringent technical and organizational measures to safeguard your personal information, including:
– Encryption of data in transit and at rest
– Firewalls and network security controls
– Role-based access permissions
– Regular data backups and disaster recovery procedures
– Employee security training and access monitoring
While we continuously endeavor to protect your data, please understand that no transmission or storage system is guaranteed to be 100% secure.
7. International Transfers
Your personal data may be transferred to and stored in countries outside of your home jurisdiction, including to countries that may not offer the same level of data protection. Where necessary, such transfers are protected by appropriate safeguards, including the use of European Commission-approved Standard Contractual Clauses and adherence to applicable regional privacy standards.
8. Data Retention
We retain personal data for only as long as is necessary to fulfill the purposes stated in this Privacy Policy or to comply with legal and regulatory obligations. Specific data types are retained according to the following standards:
– Usage Data: 36 months
– Account and Profile Data: Retained during account activity and for up to 5 years after account closure
– Transaction and Communication Data: 7 years for legal compliance and auditing purposes
– Preference Data: As long as actively used or until consent is withdrawn
Upon reaching the end of the applicable period, data is securely deleted or anonymized where feasible.
9. Cookie Policy
smokey-signals.com uses cookies and similar tracking technologies to enhance user experience, analyze traffic, and support personalization. Categories of cookies used include:
– Essential Cookies: Necessary for website functionality, such as login authentication and page navigation.
– Functional Cookies: Enable website enhancements such as remembering user preferences and settings.
– Analytics Cookies: Help us monitor usage patterns and improve performance, typically via services like Google Analytics.
– Performance Cookies: Track website responsiveness and interaction metrics.
10. Cookie Management and Compliance
You can manage your cookie preferences through your browser settings or via cookie consent tools displayed on smokey-signals.com. In compliance with GDPR and CCPA, non-essential cookies are disabled by default and only activated upon user consent. You may withdraw or modify your consent at any time.
California residents may opt out of the sale or sharing of personal information using the mechanisms provided on our site.
11. Children’s Privacy
Our website and services are not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children without verifiable parental consent. If you believe we may have collected data from a child under 13, please contact us at [email protected], and we will take appropriate action to delete such information.
12. Policy Updates and Notifications
We may revise this Privacy Policy from time to time to reflect changes in our operations, legal obligations, or technological practices. Significant changes will be communicated via prominent notices on smokey-signals.com or by direct contact where appropriate. Continued use of our website constitutes your acceptance of any updates.
13. Contact Us
If you have any questions, concerns, or requests relating to this Privacy Policy or our handling of your personal data, please contact us via:
Email: [email protected]
We are committed to upholding the highest standards of privacy and data protection. Should you believe your data rights have been violated, you may lodge a complaint with your local data protection authority or privacy oversight body.
Thank you for trusting smokey-signals.com with your information. We are dedicated to maintaining your privacy and encouraging transparency at every level.