Privacy Policy
1. Introduction
At The Orb Whisperers (theorbwhisperers.com), we are strongly committed to protecting your personal data and your right to privacy. This Privacy Policy sets forth how we collect, use, process, and safeguard your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We recognize the importance of your privacy and employ a privacy-first approach in all operations involving personal data.
2. Scope of This Policy and Role as Data Controller
This Privacy Policy applies to all personal data collected through the theorbwhisperers.com website and associated services. The Orb Whisperers acts as the “Data Controller” under the GDPR with respect to the personal data you provide through the website. We determine the purposes and means of processing that data in accordance with this policy and applicable privacy and data protection legislation.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
– Usage Data: Includes information about how you use theorbwhisperers.com, such as your browser type, IP address, pages viewed, access times, referring website addresses, and session metadata.
– Account Data: Includes your full name, residential or billing address, email address, and contact phone number provided when registering an account or completing a form on our website.
– Profile Data: Includes user preferences, saved items, product interests, purchase behavior, wish lists, and reviews.
– Communication Data: Includes the content and metadata of any messages you send to us via email, contact forms, or live chat, including customer support communications.
– Technical Data: Includes device identifiers, operating system version, browser configuration, screen resolution, and other information about the technology you use to access our website.
– Transaction Data: Includes payment information, order history, delivery addresses, and other financial and logistical details relating to purchases made on the website.
– Preference Data: Includes marketing and communication preferences as well as details about your product interests and consent choices.
4. Legal Bases for Processing
We rely on the following lawful bases under the GDPR for processing personal data:
– Legitimate Interests: Where processing is necessary for our legitimate interests, such as to secure our platform, prevent fraud, and understand customer behavior – provided your rights do not override those interests.
– Contractual Necessity: Where we process data to fulfill our obligations under a contract with you or in preparation to enter into such a contract, such as purchasing products or signing up for an account.
– Consent: Where we rely on your explicit consent for marketing communications, cookies, and data profiling for personalization.
– Legal Obligation: Where we are required to process your data to comply with legal or regulatory obligations.
5. Your Data Protection Rights
As a data subject under applicable law, you have the following rights:
– Right of Access: To receive a copy of your personal data held by us.
– Right of Rectification: To have any inaccurate or incomplete data corrected.
– Right of Erasure: To request deletion of your personal data, subject to legal exceptions.
– Right to Restrict Processing: To limit how we use your personal data.
– Right to Data Portability: To receive your data in a commonly used format and have it transmitted to another controller where feasible.
– Right to Object: To object to the processing of personal data based on legitimate interests or for direct marketing purposes.
You may exercise these rights by contacting us at [email protected]. We may require verification of identity before fulfilling your request.
6. Security Measures
To protect your personal data, we implement appropriate administrative, technical, and organizational safeguards including:
– Encryption of data at rest and in transit.
– Role-based access controls and regular access audits.
– Secure backups and disaster recovery protocols.
– Cybersecurity awareness training for all staff.
– Vulnerability assessments and regular system monitoring.
7. International Data Transfers
Where data may be transferred or processed outside the European Economic Area (EEA) or other jurisdictions with similar data protection requirements, such transfers are safeguarded through the use of Standard Contractual Clauses or equivalent lawful mechanisms as approved by the relevant authorities.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Usage Data: up to 12 months for analytical purposes.
– Account and Transaction Data: 7 years for legal and accounting compliance.
– Profile and Preference Data: for as long as the user maintains an account or until consent is withdrawn.
– Communication Data: 3 years following the last user interaction.
– Technical Data: 12 months from date of collection or as required for security purposes.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience, improve website performance, and deliver relevant content. The types of cookies used include:
– Essential Cookies: Necessary for core website functionality (e.g., language settings, session management).
– Functional Cookies: Enable enhanced features such as remembering user choices.
– Analytical Cookies: Collect anonymized usage data to understand user interaction with the site.
– Performance Cookies: Optimize and monitor the speed and performance of pages and content.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, users are given the ability to manage their cookie preferences on initial visit via a cookie management banner and settings panel. Users may withdraw consent or update cookie settings at any time by adjusting their browser or platform controls.
We honor the “Do Not Sell My Personal Information” right under CCPA and do not sell or share your personal data with third parties for commercial benefit without your explicit consent.
11. Children’s Privacy
theorbwhisperers.com is not intended for or directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at [email protected], and we will take steps to delete the information.
12. Changes to This Privacy Policy
We may periodically update this Privacy Policy in response to changes in law, regulatory guidance, or our privacy practices. Where material changes are made, we will notify users through appropriate communication channels, which may include prominent notices on our website or direct email notifications.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:
Email: [email protected]
Website: https://theorbwhisperers.com
—
We are fully committed to upholding the privacy principles under GDPR and CCPA. For any inquiries or concerns regarding your personal data, please reach out to us at the contact information provided above.