Privacy Policy
1. Introduction
At grahamnapier.com (“the Website,” “we,” “our,” or “us”), we are firmly committed to upholding the highest standards of privacy and data protection. We believe that safeguarding your personal information is fundamental. This Privacy Policy outlines how we collect, use, store, protect, and disclose information that we obtain from users (“you”, “your”) through the Website. Our practices are designed to comply with applicable data privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), ensuring your rights and freedoms are respected.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all visitors, users, and others who access grahamnapier.com. We act as the Data Controller for the personal data you provide or that we collect via your use of the Website. In this role, we determine the purposes and methods by which your personal data is processed in compliance with GDPR and similar global standards.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a) Usage Data
Includes data about how you use the Website, such as IP address, browser type, operating system, access times, pages viewed, and referring URLs.
b) Account Data
If you register or create an account, we collect identifying details such as your full name, address, email address, telephone number, and account credentials.
c) Profile Data
Encompasses your preferences, previous purchases, interaction history, and behavior on the Website, including saved items or wish lists.
d) Communication Data
Includes contents of contact forms, customer support requests, email communications between you and grahamnapier.com, and feedback submissions.
e) Technical Data
Comprises device identifiers, screen resolution, browser plug-ins, system configuration, and internet service provider (ISP) information.
f) Transaction Data
Pertains to payment information (processed via secure third-party systems), order summaries, delivery details, and transaction verification data.
g) Preference Data
Includes consents to receive marketing communications, newsletter subscriptions, and stated interests relating to products or services.
4. Legal Bases for Processing
We process your personal data where there is a lawful basis to do so, including:
– Performance of a Contract: For processing data necessary to fulfill your purchases and provide our services.
– Consent: Where you have provided clear permission for specific data uses, such as newsletter subscriptions or cookies.
– Legitimate Interests: For purposes such as improving the Website, fraud detection, or ensuring network and information security, provided our interests are not overridden by your rights.
– Legal Obligation: When processing is necessary to comply with legal or regulatory requirements.
5. Your Rights
Under the GDPR and CCPA (where applicable), you have the following rights regarding your personal data:
– Right of Access: You may request a copy of personal data we hold about you.
– Right of Rectification: You can request correction of inaccurate or incomplete data.
– Right of Erasure: You may ask us to delete your data under certain conditions.
– Right to Restrict Processing: You can limit how we use your data in certain situations.
– Right to Data Portability: You can request the transfer of your data to another service provider.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We apply stringent technical and organizational measures to protect your personal data, including but not limited to:
– End-to-end encryption during data transmission and in storage.
– Strict access controls and multi-factor authentication.
– Regular data backups.
– Employee training on data protection principles and secure data handling protocols.
7. International Transfers
Where personal data is transferred outside of the European Economic Area or other jurisdictions with established legal protections, we ensure appropriate safeguarding measures are applied. These include the use of Standard Contractual Clauses approved by the European Commission and verification of adequate data protection frameworks.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, unless otherwise required by law. Specific retention periods include:
– Usage and Technical Data: 24 months for analytics and performance tracking.
– Account and Profile Data: Retained until account deletion or closure.
– Communication Data: Retained for a period of 36 months post last contact.
– Transaction Data: Stored for seven years for compliance with financial and tax regulations.
– Preference Data: Retained until you withdraw consent or update preferences.
9. Cookie Policy
Our Website uses cookies and similar tracking technologies to enhance your experience. These may include:
– Essential Cookies: Necessary for enabling basic functionalities such as page navigation and secure access to authenticated areas.
– Functional Cookies: Enhance usability by remembering your username, language, and preferences.
– Performance Cookies: Help us understand Website performance and user interactions.
– Analytics Cookies: Allow us to collect aggregated metrics and behavioral patterns using tools such as Google Analytics.
These cookies may be set by us or by third-party providers whose services we use on our pages.
10. Cookie Management and Compliance
You can manage or withdraw consent for cookies at any time by adjusting browser settings or by using cookie preference tools made available on the Website. For GDPR compliance, cookie banners and consent tracking mechanisms are provided. Californian users may exercise Do Not Sell My Personal Information rights through opt-out links.
11. Protections for Children
Our services are not directed to individuals under the age of 13. We do not knowingly collect personal data from children. If we become aware that we have inadvertently obtained data from a child without verified parental consent, we will delete such information promptly. Parents or guardians who believe their children may have submitted data to grahamnapier.com may contact us at [email protected] for assistance.
12. Policy Updates
We may update this Privacy Policy to reflect changes in legal requirements, our data practices, or Website functionality. Where material changes are made, we will provide clear notice through the Website or via email where available. Your continued use of the Website following any updates shall signify acceptance of the revised terms.
13. Contact Us
If you have any questions about this Privacy Policy, our data handling practices, or wish to exercise your data protection rights, please contact us at:
Email: [email protected]
Website: https://grahamnapier.com
We are dedicated to compliance with all applicable privacy regulations and maintaining the trust of our users. For any privacy-related questions or requests, please reach out—we are here to ensure your data is handled with care and transparency.