Privacy Policy
1. Introduction
At officialgareththomas.com (“we”, “our”, or “us”), we are firmly committed to upholding and protecting your right to privacy. We recognize the importance of protecting personal data and ensuring transparency in the collection, use, and safeguarding of your information. This Privacy Policy outlines the types of personal data we collect through our website and services, how we use it, and the rights you hold in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Scope and Data Controller
This Privacy Policy applies to the officialgareththomas.com website (the “Site”) and governs the processing of all personal data collected through the Site. For the purposes of applicable data protection law, the data controller responsible for your personal data is officialgareththomas.com. If you have any questions or concerns about how your data is being handled, you may contact us at the email address provided in Section 13 below.
3. Categories of Data Processed
We collect and process the following categories of personal data, depending on your use of our services:
A. Usage Data
This includes data about your interaction with our website, such as your IP address, browser type, operating system, referring URLs, pages viewed, timestamps, time spent on pages, and general session information.
B. Account Data
This includes identity and contact information you provide when registering or creating an account, such as your full name, billing and shipping address, email address, and telephone number.
C. Profile Data
This includes information relating to your interests, product preferences, behavioral insights, feedback, and purchase history.
D. Communication Data
This includes communication records such as your support inquiries, email correspondence, contact form submissions, or messaging history with us.
E. Technical Data
This includes information about the systems and devices you use to access our services, such as device identifiers, hardware model, operating system version, and browser configuration.
F. Transaction Data
This includes personal and financial information regarding purchases and orders made on our Site, such as payment details (processed securely by our payment providers), delivery addresses, and order history.
G. Preference Data
This includes data indicating your choices regarding marketing communications, newsletter subscriptions, product categories of interest, and cookie preferences.
4. Legal Bases for Processing
Under GDPR, we rely on the following lawful bases to process your personal data:
– Consent: Where you have given us explicit permission (e.g., to receive marketing materials).
– Contractual Necessity: Where the processing is required to fulfil a contract (e.g., to provide purchased goods or services).
– Legitimate Interest: Where we have a genuine business need that does not override your data protection rights (e.g., improving website functionality or fraud prevention).
– Legal Obligation: Where processing is necessary to comply with applicable legal obligations (e.g., tax or regulatory requirements).
Under the CCPA, we do not “sell” your personal information as defined by the Act and only use it for the purposes disclosed in this policy.
5. Your Rights
A. Right of Access — You may request confirmation of whether your data is being processed and obtain a copy of such data.
B. Right of Rectification — You may request the correction of inaccurate or incomplete personal information.
C. Right to Erasure — You may request that we delete your personal data, subject to legal or contractual retention requirements.
D. Right to Restrict Processing — You may request that we restrict the use of your data under certain circumstances.
E. Right to Data Portability — You may request the transfer of your data to another service provider or directly to you in a structured, commonly used, and machine-readable format.
To exercise any of these rights, please write to us at [email protected] with the subject line “Data Rights Request”.
6. Security Measures
We implement robust security measures to ensure the integrity and confidentiality of your personal data, including:
– Encryption of data in transit and at rest;
– Role-based access controls and strong authentication protocols;
– Regular system audits and vulnerability assessments;
– Secure backups and disaster recovery protocols;
– Staff training and internal data handling policies.
7. International Transfers
Where we or our service providers transfer your data outside of the European Economic Area (EEA), we implement appropriate safeguards including the use of Standard Contractual Clauses approved by the European Commission, as well as ensuring equivalent protection under applicable laws. Transfers to third countries will only occur where adequate levels of data protection are maintained.
8. Data Retention
We retain personal data only as long as required for the purposes it was collected, or as required by applicable law. Examples include:
– Account Data: Retained as long as your account is active and up to 6 years thereafter for legal or contractual obligations.
– Transaction Data: Retained for a minimum of 7 years for tax and accounting compliance.
– Communication Data: Retained for 2 years following the last contact.
– Preference Data: Retained until you update or revoke your preferences.
We securely delete or anonymize data once the retention period has expired.
9. Cookie Policy
We use cookies and similar tracking technologies on officialgareththomas.com to enhance your browsing experience. Categories of cookies include:
– Essential Cookies: Necessary for the site to operate securely and function properly. These cannot be disabled.
– Functional Cookies: Enable site personalization and remember your preferences.
– Analytics Cookies: Allow us to measure site traffic, usage trends, and performance.
– Performance Cookies: Optimize page load times and experience across browsers and devices.
10. Cookie Management and GDPR/CCPA Compliance
Upon your first visit, you will be presented with a clear option to accept or reject non-essential cookies in compliance with GDPR and CCPA. You can change your cookie preferences at any time by adjusting your browser settings or via our Cookie Settings page linked in the site footer.
CCPA-compliant opt-out mechanisms are provided, including the right to direct us not to share your data with certain third parties. We honor Do Not Track signals from supported browsers.
11. Children’s Privacy
Our services are not directed at individuals under the age of 13. We do not knowingly collect personal data from children under 13 years of age. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately at [email protected] so we may take appropriate steps.
12. Changes to This Policy
We reserve the right to update or amend this Privacy Policy from time to time. Substantive changes will be communicated via an in-site notification or other suitable means. We encourage you to periodically review this page to remain informed of your rights and responsibilities under the most recent version of this policy.
13. Contact Us
For any questions or concerns regarding this Privacy Policy, or to exercise your privacy rights, please contact us at:
Email: [email protected]
Website: https://officialgareththomas.com
We are fully committed to ensuring your data is handled in accordance with the highest privacy standards and relevant legal requirements. Please reach out to us with any concerns related to privacy or data protection.