Privacy Policy
At Smokey Signals (“we,” “our,” or “us”), accessible via smokey-signals.com, we are committed to safeguarding your personal data and upholding your privacy rights. We understand the importance of maintaining the confidentiality, integrity, and security of information you entrust to us. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
1. Introduction: Our Commitment to Privacy and Data Protection
Your privacy matters to us. We collect only the data necessary to operate our business effectively, provide you with high-quality services, and comply with our legal obligations. We are committed to maintaining a transparent and privacy-first approach in all aspects of our data handling practices.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to personal data collected through smokey-signals.com and any related services, communications, or transactions connected to this website. Smokey Signals acts as the data controller for the purposes of GDPR, which means we determine the purposes and means of processing your personal information.
For any questions or concerns regarding this policy or our data practices, you may contact us at [email protected].
3. Categories of Data Processed
In the course of interacting with smokey-signals.com, we may collect, process, and store the following categories of personal data:
A. Usage Data
Information concerning how you use our website, including your IP address, browser type, operating system, pages visited, time stamps, interaction data, session duration, and referring URLs.
B. Account Data
Details provided during registration or purchase, such as your full name, residential or billing address, email address, phone number, and login credentials.
C. Profile Data
Data related to your preferences, browsing behavior, order history, saved items, and feedback provided throughout engagement with our services.
D. Communication Data
Correspondence exchanged via email, contact forms, chat systems, or phone calls—including support tickets, inquiry records, and communication metadata.
E. Technical Data
Device identifiers, browser plug-ins, screen resolution, time zone settings, system configurations, and network data collected automatically when accessing the website.
F. Transaction Data
Purchase information including product details, payment methods, transaction IDs, shipping address, and invoicing records.
G. Preference Data
Marketing preferences, newsletter subscriptions, product interests, and expressed consents or opt-out notices regarding promotional communications.
4. Legal Bases for Processing
Our processing of your personal data is based on one or more of the following legal grounds as required under GDPR:
– Performance of a contract: Where processing is necessary for the provision of services or products you have requested.
– Legitimate interests: To protect our business interests, improve our website and services, prevent fraud, and provide relevant recommendations.
– Consent: Where you have expressly agreed to data collection for specific purposes such as receiving marketing emails.
– Legal obligation: To comply with applicable laws, regulations, or court orders.
5. Your Rights
Under data protection regulations, you are entitled to exercise the following rights by contacting us at [email protected]:
– Right of Access: You can request a copy of your personal information held by us.
– Right to Rectification: You may correct or update inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, subject to applicable retention laws.
– Right to Restriction: You may restrict our processing activities under certain conditions.
– Right to Data Portability: You may request a machine-readable copy of your data to transmit elsewhere.
– Right to Object: You may object to processing based on legitimate interest or direct marketing purposes.
6. Security Measures
We implement a wide range of technical and organizational safeguards to protect your personal data, including:
– Data encryption (at rest and in transit)
– Multi-level access controls and authentication systems
– Regular backups and secure storage protocols
– Employee training in data protection and incident response procedures
– Continuous system monitoring and vulnerability assessments
7. International Transfers
From time to time, your data may be transferred to and processed in countries outside the European Economic Area (EEA) or your jurisdiction. In such cases, we ensure appropriate safeguards are in place, including:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Adequacy decisions by the European Commission
– Compliance with the CCPA and other regional data regulations
8. Data Retention
We retain personal data only for as long as it is required for the purposes stated herein or as prescribed by law. Specific timeframes include:
– Usage Data: Up to 12 months
– Account and Profile Data: For the duration of the account and five years thereafter
– Communication and Support Data: Three years from last contact
– Transaction Data: Seven years for legal and tax compliance
– Preference and Marketing Data: Until consent is withdrawn or two years from last interaction
9. Cookie Policy
Our website, smokey-signals.com, utilizes cookies and similar tracking technologies for various purposes:
– Essential Cookies: Required for the operation and core functionality of the site
– Functional Cookies: To remember user preferences and enhance user experience
– Analytical Cookies: For internal analytics to understand how users interact with the site
– Performance Cookies: To evaluate and improve the site’s speed and reliability
10. Cookie Management and Compliance with GDPR & CCPA
Upon your first visit to smokey-signals.com, you will be prompted with a Cookie Consent Manager, enabling you to opt-in or opt-out of specific categories. You may manage your preferences at any time via your browser or our website interface. In accordance with GDPR and CCPA, no non-essential cookies are stored on your device without your prior consent.
Users covered by CCPA may also opt out of the “sale” or “sharing” of personal information by using the Do Not Sell or Share My Personal Information mechanism provided on our site.
11. Special Protections for Children Under 13
Smokey Signals does not knowingly collect or solicit personal data from individuals under the age of 13. If we become aware that a child under 13 has submitted personal information without verified parental consent, such data will be promptly deleted. Parents or guardians may contact us at [email protected] to raise concerns.
12. Policy Updates & Notification
We reserve the right to revise this Privacy Policy from time to time to reflect additions to our services, evolving legal requirements, or changes in data practices. Substantive changes will be communicated prominently on smokey-signals.com and, where appropriate, notified directly to users via email or on-site messaging.
13. Contact
For any inquiries, requests, or concerns relating to this Privacy Policy or your personal data, please contact:
Smokey Signals
Email: [email protected]
We are committed to upholding the highest standards of privacy compliance. If you have questions about your rights under GDPR, CCPA, or other applicable data protection laws, do not hesitate to reach out.