PRIVACY POLICY
The Who Direct is committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines the ways in which we collect, process, store, and use your personal information when you visit and interact with our website at thewhodirect.com. We adhere strictly to applicable data protection legislation, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and we are committed to maintaining transparency and accountability in the handling of personal data.
1. Introduction
At The Who Direct, your privacy is of paramount importance. We recognize that in an increasingly digital world, maintaining the confidentiality and security of your personal information is essential. This Privacy Policy details the nature of the personal data we collect, the reasons for its collection, how we use and protect it, and your rights as a data subject. By accessing thewhodirect.com, you accept the practices described in this policy.
2. Scope of This Policy and Role as Data Controller
This Privacy Policy applies to all visitors, registered users, and customers of thewhodirect.com. The Who Direct acts as the “data controller” for your personal information as defined under the GDPR, meaning we determine the purposes and means of processing that data. For services involving third-party providers or processors, those entities may act as “data processors” on our behalf.
For inquiries regarding data control responsibilities, please contact us at: [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
This includes data such as IP address, browser type and version, operating system, referral sources, pages visited, session timestamps, and length of visits. This is typically collected through cookies, log files, and similar technologies.
b. Account Data
Information provided when you create an account or place an order, such as your full name, mailing address, email address, and telephone number.
c. Profile Data
Information relating to your preferences, wishlists, purchase history, browsing behavior, and other data used to personalize your experience on our platform.
d. Communication Data
Includes the contents of any correspondence you send to us, including support requests, feedback, survey responses, and records of our interactions with you across different channels.
e. Technical Data
Device identifiers, system configurations, screen resolution, language preferences, and other metadata collected from your device during website interactions.
f. Transaction Data
Details related to the purchases you make on thewhodirect.com, including billing and shipping addresses, order history, payment provider details (excluding full payment card data), and order fulfillment information.
g. Preference Data
Marketing preferences, communication consent, product interest categories, and engagement metrics derived from email interactions and surveys.
4. Legal Bases for Processing
We process your data only where we have a lawful basis to do so. These include:
– Consent: Where you have given clear consent for us to process your personal data for a specific purpose (e.g., marketing emails).
– Contract: The processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.
– Legal Obligation: Where we are required to comply with applicable legal or regulatory obligations.
– Legitimate Interests: Where the processing is necessary for our legitimate interests (e.g., improving website performance, preventing fraud), provided those interests are not overridden by your rights and freedoms.
5. Your Rights Under GDPR and CCPA
Depending on your location, you may have the following rights regarding your personal data:
– Right of Access – You can request access to the data we hold about you.
– Right of Rectification – You can request corrections to your personal data if it is inaccurate or incomplete.
– Right to Erasure – You may request deletion of your personal data in certain circumstances, often referred to as the ‘right to be forgotten’.
– Right to Restriction – You can request that we restrict or limit the processing of your data in certain situations.
– Right to Data Portability – You can request to receive your data in a structured, commonly used, and machine-readable format, and to have that data transferred to another controller.
– Right to Object – You may object to the processing of your personal data for direct marketing purposes or in situations where processing is based on legitimate interests.
To exercise any of these rights, please contact us at: [email protected].
Residents of California also have the right to:
– Request disclosure of the categories and/or specific pieces of personal information collected, sold, or disclosed.
– Opt-out of the sale of personal information.
– Not be discriminated against for exercising any of your privacy rights.
6. Security Measures
We employ industry-standard security measures to protect your data from unauthorized access, use, or disclosure. These include but are not limited to:
– Encryption of data in transit using SSL/TLS protocols.
– Role-based access control and user authentication procedures.
– Secure data storage and backup protocols.
– Regular employee training in data privacy and protection best practices.
Despite our best efforts, no electronic transmission or storage system can be guaranteed to be 100% secure. You use the services provided through thewhodirect.com at your own risk.
7. International Data Transfers
The Who Direct is based in a jurisdiction that may not provide the same level of data protection as your country of residence. When transferring personal data internationally, we implement appropriate safeguards in accordance with GDPR, including the use of Standard Contractual Clauses (SCCs), Binding Corporate Rules, and reviewing adequacy decisions issued by the European Commission where applicable.
Users accessing thewhodirect.com from outside the UK or EU/EEA acknowledge such data transfers.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, regulatory, accounting, or reporting requirements. In general:
– Usage Data is retained for up to 12 months.
– Account Data is retained as long as the user maintains an account and for up to 6 years thereafter.
– Transaction Data is retained for 7 years, in line with tax and financial recordkeeping requirements.
– Communication and Support Data are retained for up to 3 years following the last correspondence.
– Marketing Preference Data is retained until consent is withdrawn or the account is deleted.
9. Cookie Policy
Our website uses cookies to optimize site functionality and provide personalized experiences. The categories of cookies we use include:
– Essential Cookies: Necessary for core functionalities such as security, network management, and accessibility.
– Functional Cookies: Enable website features like remembering user preferences.
– Analytics Cookies: Help us understand how users interact with our site (e.g., Google Analytics).
– Performance Cookies: Measure technical performance to help us improve system reliability.
For information about the specific cookies in use, please visit our Cookie Settings or contact us.
10. Cookie Management and GDPR/CCPA Compliance
Under privacy laws, you have the right to opt-in or opt-out of non-essential cookies. When you access thewhodirect.com, a cookie banner will appear allowing you to manage your cookie preferences. You may revise your selections at any time through the “Cookie Settings” link available on our website footer.
For CCPA compliance, California residents may further opt out of the sale or sharing of personal information through our “Do Not Sell or Share My Personal Information” link.
11. Children’s Privacy
We do not knowingly collect, solicit, or process personal data from children under the age of 13. If it is brought to our attention that data from a child under 13 has been collected without verified parental consent, we will take steps to delete the information promptly.
If you are a parent or guardian and believe your child has provided us personal data without your consent, please contact us immediately at: [email protected].
12. Policy Updates
We reserve the right to revise and update this Privacy Policy to reflect changes in legal, technical, or operational requirements. In cases of significant changes, we will provide notice to users, such as by updating this document on thewhodirect.com and sending email notifications where appropriate. Continued use of our website constitutes acceptance of any amendments to the policy.
13. Contact Information
If you have any questions, concerns, complaints, or requests regarding this Privacy Policy, your personal data, or the exercise of your rights, please contact:
Data Protection Team
The Who Direct
Email: [email protected]
We are committed to full compliance with all applicable data protection laws and regulations. For any privacy-related inquiries or issues, we encourage you to reach out.