Privacy Policy for Gwylyfflam.com
1. Introduction
At Gwylyfflam.com, we are firmly committed to safeguarding the privacy and personal data of our users. Recognizing the fundamental importance of data protection, we implement rigorous practices to ensure that your personal information is collected, processed, and managed in full compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant statutes. This Privacy Policy reflects our privacy-first approach and outlines the measures we take to ensure your data remains secure, confidential, and under your control.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of the website located at https://gwylyfflam.com and governs the personal data collected through our services and online properties. Gwylyfflam.com operates as the Data Controller for the processing activities detailed in this Policy. As Data Controller, we determine the purposes and means by which personal data is processed. If you have questions or concerns related to the processing of your data, you may contact us at [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data:
a. Usage Data
Information about how you interact with the website, including your IP address, device type, browser details, referring/exit pages, time zone setting, language preferences, session timestamps, and diagnostic logs.
b. Account Data
Data provided upon account creation or profile registration, including your full name, email address, physical address, and telephone number.
c. Profile Data
Information relating to your preferences, purchase history, browsing behavior, saved items, wishlists, and user-generated content.
d. Communication Data
All communication records exchanged between you and Gwylyfflam.com, including customer support inquiries, message history, complaints, and feedback.
e. Technical Data
Data related to the devices and systems used to access our website, such as operating system, hardware specifications, browser plug-in types, network identifiers, and screen resolution.
f. Transaction Data
Details of orders, payment confirmations, shipping information, billing addresses, and any other purchasing activity made through Gwylyfflam.com.
g. Preference Data
Marketing and communication preferences, including your opted-in communications, consent timestamps, and expressed interests in products or services.
4. Legal Bases for Processing
We process personal data lawfully based on the following legal grounds:
– Performance of a Contract: To deliver products and services you have requested or purchased.
– Legitimate Interests: To analyze usage, improve our platform, and ensure network and information security, provided such interests are not outweighed by your fundamental rights and freedoms.
– Consent: For sending marketing communications or setting non-essential cookies, as required by law.
– Legal Obligation: To comply with applicable statutes, regulations, and lawful government requests.
5. Your Rights Regarding Personal Data
Subject to applicable local laws, you possess the following rights in relation to your personal data:
– Right of Access: You may request access to the personal data we hold about you.
– Right of Rectification: You may request that incorrect or incomplete data be corrected or updated.
– Right to Erasure: You have the right to request deletion of your data where it is no longer necessary for the purpose collected, or when processing is based on consent you wish to withdraw.
– Right to Restrict Processing: You may request a restriction on how your data is processed in certain circumstances.
– Right to Data Portability: You may request that your data be transferred to you or another data controller in a structured, commonly used, and machine-readable format.
To exercise any of these rights, please contact [email protected]. We will respond to verified requests within the timeframe prescribed by applicable law.
6. Security Measures
We deploy a comprehensive set of technical and organizational security measures to protect your personal data. These include but are not limited to:
– End-to-end encryption of data transmissions
– Role-based access control and least-privilege principles for internal systems
– Periodic data backups with secure storage
– Staff training on data handling and privacy best practices
We also regularly audit our systems and processes to enhance protection against unauthorized access, disclosure, or alteration.
7. International Data Transfers
Where personal data is transferred outside of the European Economic Area (EEA) or other regions with similarly protective data laws, we implement standard contractual clauses and other lawful safeguards in accordance with GDPR requirements. Transfers to service providers operating outside of your jurisdiction are protected by robust contractual and organizational compliance measures.
8. Data Retention
We retain personal data only for as long as it is necessary for fulfillment of the purposes for which it was collected:
– Usage and Technical Data: Up to 26 months, for analytics and service improvement.
– Account and Profile Data: Retained for the duration of the account, and for 6 years thereafter for legal recordkeeping.
– Communication Data: Retained for up to 5 years for customer service and audit purposes.
– Transaction Data: Held for 7 years to comply with financial and tax obligations.
– Preference and Marketing Data: Until consent is withdrawn or data is manually deleted by the user.
Upon expiration of retention periods, data is securely archived, anonymized, or permanently deleted.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience and functionality. Cookies are categorized as follows:
– Essential Cookies: Needed to enable website core functionality.
– Functional Cookies: Support personalization and remembered preferences.
– Analytics Cookies: Measure usage, traffic sources, and behavioral insights.
– Performance Cookies: Improve website responsiveness and load speed.
10. Cookie Management and Compliance
In accordance with GDPR and CCPA, we provide a cookie consent banner that allows users to opt in or out of non-essential cookies upon first visit. You can manage or withdraw your cookie preferences at any time through the website’s cookie settings. In addition, most browsers offer controls to reject or delete cookies.
Under the CCPA, California residents may opt out of the “sale” of their personal data, where applicable. We do not sell personal data in the traditional sense. However, to exercise additional rights, please contact us at [email protected].
11. Children’s Privacy
We do not knowingly collect or solicit personal data from individuals under the age of 13. If we become aware that personal information from a child under 13 has been collected without parental consent, we will promptly delete such data in compliance with applicable legal requirements.
12. Policy Updates and Notifications
This Privacy Policy may be amended periodically in response to evolving legal, regulatory, or operational needs. Updates will be published on our website, and material changes will be communicated to registered users, where required by law. Continued use of gwylyfflam.com after any amendments constitutes acceptance of the updated terms.
13. Contact Us
If you have questions, requests, or concerns about this Privacy Policy or our data handling practices, please contact us at:
Email: [email protected]
Website: https://gwylyfflam.com
We are committed to compliance with all data protection laws and to providing transparency regarding your personal data. Your privacy is our priority, and we encourage you to reach out with any inquiries about how your data is used and protected.
