Privacy Policy for john-updike.com
1. Introduction
At john-updike.com (“we,” “us,” or “our”), we are firmly committed to protecting the privacy and personal data of our website visitors, users, and customers. This Privacy Policy describes how we collect, use, process, store, and share your Personal Data in accordance with applicable data protection laws, including the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By accessing or using our website (john-updike.com), you acknowledge that you have read and understood the practices described herein.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal data processed via john-updike.com and through our associated communications. We act as the “data controller” under GDPR and as a “business” under the CCPA, responsible for determining the means and purposes of processing personal information.
This policy applies to all online users, subscribers, purchasers, contacts, and visitors who access our website, interact with our services, or communicate with us.
3. Categories of Data We Process
We process the following categories of personal data:
3.1 Usage Data
Information automatically collected when you access the website, including your browser type, internet protocol (IP) address, device identifiers, pages visited, timestamps, session durations, referring URLs, and interaction data.
3.2 Account Data
If you register for an account or complete forms on john-updike.com, we may collect your name, physical address, email address, phone number, and login credentials.
3.3 Profile Data
Data relating to your interests, browsing behavior, purchase history, preferences, user interactions, and communication choices.
3.4 Communication Data
Records of correspondence with us, including submitted inquiries, customer service tickets, and any other interactions via email or on our contact page.
3.5 Technical Data
Data about your device and technology platform, such as operating system, browser configuration, screen resolution, language preferences, and system diagnostics.
3.6 Transaction Data
Details of purchases and transactions made via our website, including order information, payment provider details (excluding payment card data, which is processed securely by third-party processors), billing addresses, and delivery information.
3.7 Preference Data
Your stated choices with regard to receiving marketing communications, language and location preferences, and areas of interest in our products and services.
4. Legal Bases for Processing Personal Data
We rely on the following legal grounds when collecting and processing your personal data:
– Contractual Necessity: To fulfill our obligations under service agreements, including order fulfillment or account management.
– Legitimate Interests: For cybersecurity, data analytics, direct marketing (where permissible), website performance, and fraud prevention.
– Consent: Where legally required, e.g., for sending marketing emails or setting non-essential cookies.
– Legal Obligation: To comply with statutory and regulatory requirements, including retaining transaction records, tax reporting, or fulfilling consumer protection law obligations.
5. Your Data Protection Rights
As a data subject under applicable privacy laws, you have the following rights:
5.1 Right of Access: Obtain confirmation of whether we hold your personal data and access such data upon request.
5.2 Right to Rectification: Request the correction or update of any inaccurate or incomplete personal data.
5.3 Right to Erasure: Request deletion of your personal data where no legitimate reason for retention exists.
5.4 Right to Restriction: Request a limitation on the way your data is processed under certain circumstances.
5.5 Right to Data Portability: Receive your personal data in a commonly used, machine-readable format and transmit it to another controller where applicable.
5.6 Right to Object: Object to processing for direct marketing or where we rely on legitimate interests without overriding reasons.
5.7 Right to Withdraw Consent: Where consent is our legal basis, you may withdraw your consent at any time without affecting the lawfulness of processing based on prior consent.
To exercise any of your rights, please contact [email protected].
6. Security Measures
We implement comprehensive technical and organizational security measures to safeguard your personal data, including but not limited to:
– Secure Sockets Layer (SSL) encryption of all personal data transmissions.
– Access controls with role-based restrictions and user authentication.
– Regular security updates and threat monitoring.
– Data backups and contingency plans for data loss prevention.
– Employee confidentiality agreements and privacy training protocols.
7. International Data Transfers
Your data may be transferred to and stored in jurisdictions outside your home country, including countries that may not offer the same level of legal protection. Where applicable, we use Standard Contractual Clauses (SCCs), Privacy Shield successors, or other legally valid mechanisms to ensure lawful data transfers and protect personal data in accordance with GDPR and other international privacy standards.
8. Data Retention
We only retain your data for as long as necessary for the purposes outlined in this policy, or as mandated by law. Below are general retention periods by category:
– Usage Data: 24 months
– Account Data: While the account remains active plus 6 years
– Profile and Preference Data: 3 years following last activity
– Communication Data: 3 years following last correspondence
– Transaction Data: 7 years to comply with financial regulations
– Technical Data: Up to 12 months
– Cookies: Retained per type; see section 9
9. Cookie Policy
john-updike.com uses cookies and similar technologies to enhance your experience. Cookies may be essential or optional, and fall into the following categories:
– Essential Cookies: Required for core site functionality.
– Functional Cookies: Enable personalization and improved features.
– Analytics Cookies: Help us understand visitor behavior and improve website performance.
– Performance Cookies: Measure load times, resource use, and error diagnostics.
Third-party services (e.g., Google Analytics) may place cookies as outlined in their own policies. By continuing to use our site, you consent to the use of non-essential cookies unless you opt out.
10. Managing Your Cookie Preferences
Upon your first visit and at regular intervals, you will be prompted to manage your cookie preferences through a consent management platform. You may also modify preferences in your browser settings at any time or withdraw consent by revisiting the cookie banner available on the website.
We honor Do Not Track and Global Privacy Control (GPC) signals as required under CCPA and adhere to GDPR cookie consent rules, requiring affirmative opt-in from users based in the EU prior to placing non-essential cookies.
11. Children’s Privacy
We do not knowingly collect or process personal data from children under the age of 13. If you are a parent or guardian and believe we may have collected information from a minor without appropriate consent, please contact us immediately at [email protected]. We will take appropriate steps to delete such data.
12. Policy Changes
We reserve the right to update this Privacy Policy when necessary to reflect changes in legal requirements or our data practices. All changes will take effect upon posting the revised version on john-updike.com. Where appropriate, we will notify you of material changes through on-site banners or email correspondence.
13. Contact Us
For any questions regarding this Privacy Policy or your personal data, please contact:
Data Privacy Officer
Email: [email protected]
We affirm our intention to comply fully with the GDPR, CCPA, and all applicable privacy laws. If you believe your privacy rights have been infringed upon, or if you have concerns about our data handling practices, we encourage you to reach out using the contact information above.