Privacy Policy for Wintersgel
1. Commitment to Privacy and Data Protection
At Wintersgel (“we,” “us,” “our”), accessible via wintersgel.com, we take your privacy seriously. We are committed to maintaining the confidentiality, integrity, and security of the personal data entrusted to us. This Privacy Policy is designed to inform you about how we collect, use, store, protect, and share your personal information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and related international data protection laws.
2. Scope of Policy and Role as Data Controller
This Privacy Policy applies to all visitors, users, and others who access or use wintersgel.com (“Website”) or engage with us through other means such as email, customer support, and marketing channels.
Wintersgel is the data controller responsible for determining the purposes and means of processing your personal data. If you contact us, we may also act as a data processor depending on the services provided.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
– Information about how users interact with wintersgel.com, including browser type, IP address, session duration, pages visited, referring URLs, and geographic location derived from anonymized analytics.
b. Account Data
– Personal identifiers such as name, email address, mailing address, phone number, and password when a user registers for an account or places an order.
c. Profile Data
– Purchase history, user behavior, wishlists, product preferences, feedback, and any other data you submit in relation to your user profile.
d. Communication Data
– Records of your interactions with our support teams or other communications, including email correspondence and webchat transcripts.
e. Technical Data
– Device identifiers, operating system, screen resolution, browser plugins, time zone settings, and system architecture used to access our Website.
f. Transaction Data
– Billing and shipping details, payment method (tokenized information only), order value, transaction ID, and delivery tracking status.
g. Preference Data
– Consent records for marketing, advertising preferences, opt-in/opt-out choices, and details on product categories of interest.
4. Legal Bases for Processing Personal Data
We process your personal data lawfully under one or more of the following legal bases:
– Consent: When you provide clear affirmative consent for specific purposes (e.g., marketing emails).
– Contract: When processing is necessary to fulfill our contractual obligations (e.g., order fulfillment).
– Legitimate Interests: When it is in our legitimate business interests to do so (e.g., to analyze usage to improve user experience), provided that your fundamental rights are not overridden.
– Legal Obligation: Where we are required to comply with applicable legal or regulatory obligations.
5. Your Data Protection Rights
In accordance with GDPR, CCPA, and applicable privacy laws, you have the following rights:
– Right of Access: You may request details of the personal data we hold about you.
– Right to Rectification: You can request correction of inaccurate or incomplete information.
– Right to Erasure: You may request that we delete your personal data under lawful grounds.
– Right to Restriction: You can ask us to suspend processing your data under certain conditions.
– Right to Portability: You may request a structured, commonly used format of your data to transmit to another controller.
– Right to Object: You may object to data processing based on our legitimate interests or direct marketing.
You can exercise these rights by contacting [email protected]. We will respond in accordance with applicable legal requirements.
6. Data Security Measures
We implement rigorous measures to ensure the confidentiality and integrity of your data, including:
– Industry-standard encryption protocols to protect your data during transmission and storage.
– Role-based access controls to restrict data access to authorized personnel only.
– Regular data backups to prevent information loss.
– Security awareness training for staff members handling personal data.
– Regular audits and assessments to identify vulnerabilities and enforce compliance.
7. International Data Transfers
Where your personal data is transferred outside the European Economic Area (EEA) or other jurisdictions with strict data protection requirements, we ensure adequate protection through:
– Standard Contractual Clauses (SCCs) adopted by the European Commission.
– Contracts with third-party service providers that meet GDPR/CCPA compliance standards.
– Mitigation processes to monitor the ongoing security of transferred data.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy. Retention periods include:
– Account and Transaction Data: Up to 7 years for tax, audit, and legal compliance.
– Usage and Technical Data: Up to 26 months in anonymized form for analytical purposes.
– Communication and Profile Data: Up to 5 years for customer service history and reporting.
– Preference Data: Retained until explicit withdrawal of consent for marketing communications.
We securely delete or anonymize data once it is no longer required for the stated purpose.
9. Cookie Policy
The Website employs cookies and similar tracking technologies to enhance user experience and enable essential functionality. Types of cookies include:
– Essential Cookies: Enable core website functionality like user login, cart management, and secure checkout.
– Functional Cookies: Retain preferences such as language, region, and accessibility settings.
– Analytics Cookies: Collect anonymized data to measure site performance and visitor statistics.
– Performance Cookies: Track and optimize website speed and responsiveness.
10. Cookie Management and Compliance
Wintersgel offers a clear cookie consent banner to comply with GDPR and CCPA, enabling users to:
– Provide informed consent before non-essential cookies are set.
– Customize cookie preferences via a user-friendly cookie settings interface.
– Opt-out of the sale of personal information as defined by CCPA.
Browser settings also allow for control over cookie acceptance. For complete guidance, refer to our Cookie Settings page available via the website footer.
11. Children’s Privacy
The Website and our services are not intended for children under the age of 13. We do not knowingly collect or solicit personal information from children. If you believe that a child under 13 has provided us with personal data, please contact us at [email protected], and we will promptly delete the data in question.
12. Policy Updates and User Notification
We may update this Privacy Policy as necessary to reflect changes in law, technology, practices, or Website functionality. While we are not obligated to provide formal notice of updates, we encourage users to periodically review this page for the latest information. Continued use of the Website will constitute your acknowledgment of the updated Privacy Policy.
13. Contact Information
If you have questions or concerns regarding this Privacy Policy, your data, or your rights, please contact us via:
Email: [email protected]
Website: https://wintersgel.com
We are committed to maintaining full compliance with data protection laws and ensuring your rights as a user or customer are fully respected. Please do not hesitate to reach out with any privacy-related enquiries.