PRIVACY POLICY
1. Introduction
At Gwylyfflam (“we,” “our,” or “us”), accessible via gwylyfflam.com, we are committed to safeguarding your privacy and protecting your personal data in accordance with the highest standards of data protection including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We recognize the fundamental importance of transparency, accountability, and user rights in the processing of personal information.
This Privacy Policy outlines how we collect, use, share, and protect your data, and how you, as an individual, can exercise your rights.
2. Scope and Data Controller
This Privacy Policy applies to all users who interact with gwylyfflam.com, including visitors, customers, vendors, and communication partners. For the purposes of applicable data protection laws, Gwylyfflam is the “Data Controller” responsible for determining the purposes and means of processing your personal data.
Should you have questions or inquiries regarding this Privacy Policy or the handling of your personal data, you may contact us at [email protected].
3. Categories of Data Processed
We process the following categories of personal data:
a. Usage Data
Information automatically collected about your interaction with our website, including but not limited to your browser type and version, IP address, pages viewed, session duration, referring website, and other analytics data.
b. Account Data
Personal information provided during account registration or purchase, such as full name, billing and shipping addresses, email address, and phone number.
c. Profile Data
Information regarding your preferences, purchase history, digital behavior, and profiles generated based on your interaction with gwylyfflam.com.
d. Communication Data
Records of correspondence including support inquiries, email interactions, complaints, and general contact history.
e. Technical Data
Details about devices used to access gwylyfflam.com, including operating systems, platform specifications, screen resolution, and language settings.
f. Transaction Data
Details of payment methods, payment history, ordered products or services, delivery information, and billing records.
g. Preference Data
Marketing and communication preferences, product interests, opt-in settings, and responses to surveys or promotions.
4. Legal Bases for Processing
We rely on the following lawful bases for processing your personal data:
– Performance of a Contract: To fulfill obligations arising from any agreements entered with you, including the provision of goods or services.
– Legitimate Interests: To conduct internal analytics, improve website functionality, manage our relationship with users, and protect against fraud.
– Consent: When you have given explicit permission for data processing activities, such as receiving marketing emails.
– Legal Obligation: Where necessary to comply with applicable laws and statutory requirements.
5. Your Rights
Subject to the conditions set forth in applicable laws, you are entitled to exercise the following rights regarding your personal data:
– Right of Access: You may request confirmation and a copy of your personal data we process.
– Right to Rectification: You may request that incorrect or incomplete data be corrected or completed.
– Right to Erasure: You may request your data be deleted where there is no overriding legal basis for retention.
– Right to Restriction: You may request limited processing of your data under specified circumstances.
– Right to Data Portability: You may receive your data in a structured, commonly used format and transmit it to another controller.
To exercise your rights, please contact us at [email protected]. We may need to verify your identity before processing your request.
6. Security Measures
We apply rigorous technical and organizational measures to protect your data, including but not limited to:
– SSL/TLS encryption for all site and data transmission activity
– Role-based access controls to limit internal access to data
– Regular backups of sensitive data
– Security and privacy training for relevant personnel
– Ongoing vulnerability and penetration assessments
While we implement industry-standard protections, no security system is impenetrable. You have a role in maintaining your data security, including keeping passwords confidential and reviewing the security settings of your account.
7. International Data Transfers
Where your personal data is transferred outside the European Economic Area (EEA) or your jurisdiction, we ensure appropriate safeguards are in place including:
– Standard Contractual Clauses approved by the European Commission
– Binding Corporate Rules or certification mechanisms where applicable
– Compliance with region-specific legal requirements such as cross-border transfer agreements under CCPA for California residents
8. Data Retention
We retain personal data only for as long as it is necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, tax, or accounting obligations. The standard retention periods include:
– Account Data: Retained for 7 years post-closure for legal and accounting compliance
– Transaction and Financial Data: Retained for 7 years in line with statutory accounting requirements
– Communication and Support Data: Retained for 2 years following last correspondence
– Preference and Marketing Data: Retained for 3 years from last interaction or until consent is withdrawn
– Cookie and Usage Data: Retained for 13 months from date of collection
9. Cookie Policy
We use cookies and similar tracking technologies for essential site operations and performance enhancements. The categories include:
– Essential Cookies: Required for site functionality such as login authentication and order processing
– Functional Cookies: Enhance user experience by remembering your preferences and settings
– Performance Cookies: Collect anonymous information about site usage to improve functionality
– Analytics Cookies: Enable measurement of marketing effectiveness and user behavior through third-party services such as Google Analytics
10. Cookie Management and Compliance
In accordance with GDPR and CCPA requirements:
– You will be presented with a cookie consent banner upon accessing gwylyfflam.com
– You can modify your preferences at any time via the cookie settings link in the site footer
– You may also set your browser to refuse all or some browser cookies or to alert you when cookies are being sent
Please note that disabling certain cookies may impact the functionality of the website.
11. Children’s Privacy
Gwylyfflam.com is not intended for children under the age of 13. We do not knowingly collect personal data from individuals under 13 years of age. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us immediately at [email protected] so that we may take appropriate action.
12. Policy Updates
We reserve the right to amend this Privacy Policy to reflect changes in regulatory guidance or operational practices. If material changes are made, we will notify users via the website or by direct communication where appropriate. You are encouraged to periodically review this policy to remain informed about how your information is protected.
13. Contact
For any questions, comments, or data subject requests related to this Privacy Policy or our data processing practices, you may contact:
Email: [email protected]
Website: https://gwylyfflam.com
We are fully committed to compliance with all applicable privacy regulations and ensuring the responsible use of your personal data. Should you have concerns regarding how we handle your information, we encourage you to reach out so that we may assist you promptly and respectfully.
