PRIVACY POLICY
1. Introduction
At gluteus-maximus.com (“we,” “us,” or “our”), we value privacy and are committed to protecting the personal data of our users in accordance with applicable data protection regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you interact with our website, services, or features. Ensuring the confidentiality, integrity, and lawful handling of your personal data is central to our mission.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all users of gluteus-maximus.com and governs the processing of personal data collected through or in connection with the website. For the purposes of applicable data protection laws, the data controller responsible for your personal information is the operator of gluteus-maximus.com, who can be contacted via the methods described in Section 13.
3. Categories of Personal Data Processed
We process the following categories of personal data based on your interactions with gluteus-maximus.com:
a. Usage Data
Includes information about how you use our site, such as browser type/version, IP address, referring URLs, time zone settings, access times, session duration, and navigation paths across the website.
b. Account Data
Includes identifying information you provide during account creation or registration, such as your full name, billing and delivery address, email address, and telephone number.
c. Profile Data
Includes information associated with your user profile, such as purchase history, saved preferences, wish lists, reviews, opt-in settings, and behavioral metrics.
d. Communication Data
Includes records of interactions with our support or customer service teams, including support requests, email correspondence, and contact form submissions.
e. Technical Data
Includes device identifiers, operating system type/version, browser plug-ins, screen resolution, system configurations, and other diagnostic-related data.
f. Transaction Data
Includes details of payments made to or from you, order numbers, products or services purchased, and shipping or delivery information.
g. Preference Data
Includes your marketing consent preferences, newsletter subscriptions, product interests, and related engagement behaviors.
4. Legal Bases for Processing Personal Data
We process your personal data under the following legal bases, where applicable:
– Consent: When you provide affirmative permission for us to process your data, including for direct marketing or use of non-essential cookies.
– Contractual Necessity: Where processing is required to fulfill a contract with you, such as fulfilling product orders or providing requested services.
– Legitimate Interests: For purposes including marketing (where permitted), website optimization, fraud prevention, and security—balanced against your privacy rights.
– Legal Obligation: Where processing is necessary to comply with applicable legal requirements or respond to lawful government requests.
5. Your Rights
As a data subject, you have the following rights under applicable data protection laws:
– Right to Access: You may request confirmation of whether we process your personal data and receive a copy of that data.
– Right to Rectification: You may request that we correct inaccurate or incomplete personal data.
– Right to Erasure: You may request the deletion of your personal data, subject to lawful limitations.
– Right to Restrict Processing: You may ask us to limit the processing of your personal data under certain circumstances.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to certain processing activities, including direct marketing, where applicable.
– Right to Non-Discrimination (CCPA): California residents are entitled to exercise privacy rights without receiving discriminatory treatment.
To exercise these rights, please contact us as set forth in Section 13 of this Policy.
6. Security Measures
We employ appropriate technical and organizational safeguards to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include, but are not limited to:
– Data encryption using industry-standard protocols.
– Role-based access controls to restrict unauthorized access.
– Regular system audits, penetration tests, and vulnerability scans.
– Secure data backup and recovery mechanisms.
– Staff training on confidentiality and data protection principles.
7. International Data Transfers
Where personal data is transferred outside your jurisdiction (e.g., to service providers located outside the European Economic Area), we ensure that such transfers are safeguarded through the use of appropriate legal mechanisms, including Standard Contractual Clauses approved by the European Commission or equivalent instruments recognized under applicable data protection laws.
8. Data Retention
We retain your personal data only as long as reasonably necessary for the purposes stated in this Policy or as required by law. Specific retention periods include:
– Account and Profile Data: While your account remains active and up to 36 months after final activity.
– Communication Data: For a period of 24 months following the last correspondence.
– Transaction Data: Retained for 7 years to meet accounting and legal requirements.
– Preference Data: As long as your marketing consent is valid.
– Usage and Technical Data: Retained for up to 12 months for analytics and security purposes.
Once retention periods expire, data is securely erased or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience and to collect analytical data. Cookies used on gluteus-maximus.com fall into the following categories:
– Essential Cookies: Vital to the operation of the website and user session management.
– Functional Cookies: Enable customization and remember user preferences for future visits.
– Analytics Cookies: Help us understand site usage and performance through aggregated metrics and trend analysis.
– Performance Cookies: Optimize website performance, load times, and response rates.
10. Cookie Management and Compliance
You may manage your cookie preferences through your browser settings or via our cookie consent banner where available. Under GDPR and CCPA, you have the right to decline non-essential cookies and to withdraw consent at any time. We honor Do Not Track (DNT) signals and maintain audit logs for consent activities, where applicable.
11. Protection of Children’s Privacy
gluteus-maximus.com does not knowingly collect or solicit personal data from individuals under the age of 13. If we discover that we have inadvertently collected such data, we will take immediate steps to delete the information and terminate the associated account. Parents or guardians may contact us to request removal of such data as specified in Section 13.
12. Policy Updates & User Notification
We may update this Privacy Policy from time to time to reflect changes in legal requirements or our data practices. Where material changes are made, we will provide reasonable notice via email and/or prominent notice on the website. Continued use of gluteus-maximus.com following any updates constitutes acceptance of the revised policy.
13. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact:
Data Privacy Manager
Email: [email protected]
We are committed to maintaining full compliance with applicable privacy regulations and ensuring the protection of your personal data. For any concerns or further clarifications, we encourage you to reach out to us directly.