Privacy Policy for waterfall-gardens.com
1. Introduction: Commitment to Privacy and Data Protection
At waterfall-gardens.com (“we”, “us”, or “our”), we are firmly committed to safeguarding the privacy and personal data of our users. We understand that you value your privacy, and we take that responsibility seriously. This Privacy Policy outlines how we collect, process, store, and protect your personal information in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and all applicable data protection laws and standards.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data processed by waterfall-gardens.com through our website, services, communications, and other digital platforms. We act as the Data Controller for the personal data provided by users, customers, or visitors of our website. By using our services or accessing waterfall-gardens.com, you consent to the practices described in this Policy.
You may contact our Data Protection Officer or designated privacy team at [email protected] regarding any questions or concerns.
3. Categories of Data We Process
We collect various types of personal data to improve our services, ensure compliance, and provide you with a secure and tailored experience. The data we collect includes:
a. Usage Data
Information about how you use our website, including browser type, operating system, IP address, geographic location, referral URLs, pages visited, login timestamps, and session duration.
b. Account Data
Information necessary to register and maintain your account, including full name, email address, mailing address, phone number, and login credentials.
c. Profile Data
Personalized data such as purchase history, product preferences, behavior on site, and responses to surveys or promotions.
d. Communication Data
Records of communications with us, including emails, support requests, inquiries submitted through forms, and other contact history.
e. Technical Data
Device-specific information such as device type, model, hardware settings, time zone settings, application versions, and other system configurations used to access our services.
f. Transaction Data
Details relating to purchases, including billing and shipping addresses, transaction identifiers, payment method details (processed securely through PCI-compliant third-party processors), and delivery tracking information.
g. Preference Data
User responses regarding marketing opt-ins, preferred communication channels, interests in specific product lines or services, and other customization settings.
4. Legal Bases for Processing Personal Data
We rely on the following legal bases under Article 6 of the GDPR and analogous CCPA interpretations for the lawful processing of your data:
– Performance of a Contract: For the fulfillment of transactions, orders, and user account management.
– Consent: Where you provide explicit permission, such as for marketing emails or non-essential cookies.
– Legitimate Interest: To improve user experience, prevent fraud, ensure network and information security, and personalize services.
– Legal Obligation: When required to comply with applicable legal or regulatory obligations.
5. Your Rights
In accordance with GDPR and CCPA, you have the following rights concerning your personal data:
– Access: You may request a copy of your personal data held by us.
– Rectification: You may correct inaccurate or incomplete information.
– Erasure: You may request deletion of your data where no longer necessary for legitimate purposes.
– Restriction: You may request that we limit processing in certain circumstances.
– Portability: You may request a machine-readable copy of your personal data for transfer to another service provider.
– Opt-out (CCPA): California residents may request that their data not be sold or disclosed to third parties.
To exercise any of your rights, please contact us at [email protected]. We will verify your identity prior to processing any such requests.
6. Security Measures
We implement industry-standard administrative, technical, and organizational safeguards to ensure the confidentiality, integrity, and availability of your data, including:
– AES 256-bit encryption of sensitive data during transit and at rest;
– Access controls and two-factor authentication for internal systems;
– Regular data backups and secure storage solutions;
– Staff training on data security and breach response protocols.
7. International Data Transfers
Where personal data is transferred beyond the European Economic Area (“EEA”), we ensure adequate protection through:
– The use of Standard Contractual Clauses approved by the European Commission;
– Verification of third-party certifications and regulatory agreements (e.g., Privacy Shield framework where applicable);
– Additional safeguards to comply with regional legislation in countries like the United States.
8. Data Retention
We retain personal data for no longer than necessary for the purposes set out in this Policy:
– Account and Profile Data: retained until your account is terminated, or as required by applicable regulation;
– Communication and Support Data: retained for up to 3 years for quality assurance and legal record-keeping;
– Transaction Data: retained for up to 7 years for tax, accounting, and regulatory purposes;
– Usage and Technical Data: retained for 18 months for performance monitoring and analytics;
– Marketing Preference Data: retained until you withdraw consent.
Upon expiry of retention periods, your data will be securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience and collect analytical data. Cookies may include:
– Essential Cookies: Required for site functionality, such as logging in and completing purchases;
– Functional Cookies: Enable personalization and remember your preferences;
– Analytical Cookies: Help us understand usage patterns via tools like Google Analytics;
– Performance Cookies: Allow us to test and improve site speed and responsiveness.
10. Cookie Management and Compliance with GDPR & CCPA
Before setting non-essential cookies, we obtain your explicit consent through a cookie banner in compliance with GDPR. You may change or withdraw your cookie preferences at any time via our Cookie Settings or through your browser’s privacy controls.
California residents have the right under CCPA to opt out of the “sale” of personal information. We do not sell personal data as defined under the CCPA.
11. Special Protections for Children
Our services are not intended for individuals under the age of 13. We do not knowingly collect, process, or store personal data from children without verifiable parental consent. If you believe your child has submitted personal data to waterfall-gardens.com, please contact us at [email protected] and we will promptly delete such information.
12. Policy Updates and User Notifications
We reserve the right to update or modify this Privacy Policy at any time. Where material changes are made, we will provide notice via email or homepage notification. Continued use of waterfall-gardens.com constitutes acceptance of the revised Policy.
We encourage you to periodically review this Policy to stay informed about how we protect your data.
13. Contact Information
For any questions, concerns, or to exercise your data rights as outlined above, please contact us at:
Email: [email protected]
Website: https://www.waterfall-gardens.com
We are committed to operating in full compliance with GDPR, CCPA, and other applicable data protection frameworks. Please reach out to us at the contact email above should you have any privacy-related inquiries or concerns.