PRIVACY POLICY
1. Introduction
At tombillips.com, we place the highest priority on the privacy, security, and integrity of your personal data. We are fully committed to protecting the personal information of our users and processing it in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), as amended. This Privacy Policy outlines what data we collect, how we use it lawfully and transparently, and the rights available to you as a data subject.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users who access and interact with the website tombillips.com (the “Site”), including without limitation when browsing content, submitting a form, or making purchases. The data controller of your personal data collected through the Site is Tom Billips, who can be contacted at [email protected]. As the data controller, we are responsible for deciding how and why your personal data is processed and ensuring such processing complies with applicable law.
3. Categories of Data Processed
We collect and process various types of personal data, grouped into the following categories:
a. Usage Data: Includes information about your interaction with the Site such as IP address, browser type and version, pages visited, date and time stamps, referring URLs, and session behavior.
b. Account Data: Includes your name, billing and shipping address, email address, phone number, and account credentials where applicable.
c. Profile Data: Encompasses user preferences, interests, purchase history, browsing activity, and behavioral interactions with the Site.
d. Communication Data: Includes content of emails, contact form submissions, live chat interactions, support requests, and all correspondence with our customer service team.
e. Technical Data: Covers information on your device, operating system, hardware model, browser plug-ins, network configurations, and platform settings.
f. Transaction Data: Includes details of payments made, items purchased, delivery methods, billing records, and invoicing information.
g. Preference Data: Records consent for receiving marketing materials, preferred categories or interests, and user-defined settings.
4. Legal Bases for Processing
Our collection and use of your personal data are based on one or more of the following legal grounds, as permitted under GDPR and CCPA:
– Performance of a Contract: When data processing is necessary to deliver the services or products you requested.
– Legitimate Interests: For improving the Site, ensuring security, and enhancing user experiences, provided such interest is not overridden by your fundamental rights.
– Consent: Where explicit permission has been given, e.g., for marketing communications or non-essential cookies.
– Legal Obligation: For compliance with obligations under applicable laws, such as tax and accounting regulations.
5. Your Rights
We respect your privacy rights and provide mechanisms for you to exercise control over your personal data. Residents of the European Economic Area (EEA), the United Kingdom, and California have the following rights:
– Right of Access: You can request information about the data we hold about you.
– Right to Rectification: You may ask us to correct inaccurate or incomplete information.
– Right to Erasure (“Right to Be Forgotten”): You can request the deletion of your personal data, subject to legal retention requirements.
– Right to Restriction of Processing: You may request limited use of your data under certain conditions.
– Right to Data Portability: You are entitled to receive your data in a structured, commonly used, machine-readable format and to transfer it to another data controller.
– Right to Object: You can object to certain processing, including direct marketing.
– Right to Non-Discrimination: Under the CCPA, you have a right not to receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational security measures to safeguard your personal data. These include:
– Encryption of data in transit and at rest
– Secure access controls and authentication protocols
– Routine backups and disaster recovery planning
– Employee awareness and data protection training
– Periodic security audits and privacy impact assessments
Though we take every reasonable precaution to protect your information, no system can be guaranteed 100% secure, and you share your information at your own risk.
7. International Transfers
Where data is transferred outside of the EEA, United Kingdom, or California, we ensure such transfers are made in accordance with GDPR and CCPA provisions. We use standard contractual clauses, adequacy decisions, and other lawful mechanisms to maintain an adequate level of data protection.
8. Data Retention
We retain personal data in identifiable form only as long as necessary for the purposes for which it was collected, or as required by applicable legal obligations. Typical retention periods include:
– Usage Data: Up to 12 months for analytics purposes
– Account and Profile Data: Retained for active duration plus 2 years after account closure
– Transaction Data: Retained for 7 years for tax and legal compliance
– Communication Data: Retained up to 3 years from last contact
– Marketing Consent: Retained until withdrawn
Once the relevant retention period has expired, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance website functionality, enable analytics, and improve user experiences. Types of cookies include:
– Essential Cookies: Required for site navigation and access to basic features.
– Functional Cookies: Remember user preferences and choices to personalize your experience.
– Performance Cookies: Help us understand how visitors interact with tombillips.com through aggregated metrics.
– Analytics Cookies: Collect information to optimize content delivery and user engagement.
10. Cookie Management and Compliance
Before setting non-essential cookies, we seek your explicit consent as required under GDPR and CCPA. A cookie banner is displayed upon first visit, enabling you to accept, reject, or manage preferences.
You may modify your cookie settings at any time using your browser’s cookie controls or through the cookie management tool available on tombillips.com. For California residents, a “Do Not Sell or Share My Personal Information” link will be made accessible if applicable.
11. Children’s Privacy
tombillips.com is not directed to individuals under the age of 13. We do not knowingly collect or process personal data of children under 13. If you believe that a child has provided us with their personal data, please contact us immediately at [email protected] so we may delete the information from our systems.
12. Policy Updates and Notifications
We may revise this Privacy Policy from time to time to reflect changes in legal requirements, technologies, or our operations. Updates will be posted directly on this page, and material changes will be accompanied by appropriate user notifications through the Site or via email when applicable.
We encourage you to periodically review this Policy to stay informed about how we are safeguarding your information.
13. Contact
If you have any questions, concerns, or complaints about this Privacy Policy or our handling of your personal data, you may contact:
Email: [email protected]
We are committed to ensuring your privacy is respected and will respond to your inquiry in accordance with applicable laws and timeframes.
This Privacy Policy demonstrates our strong commitment to full compliance with the GDPR, CCPA, and other applicable data protection frameworks. For any privacy-related concerns or to submit a rights request, please reach out to us directly at [email protected].