Privacy Policy
1. Introduction
At The Who Direct (“we”, “us”, or “our”), accessible via thewhodirect.com, we value and respect your privacy and are firmly committed to safeguarding your personal data. This Privacy Policy outlines how we collect, process, store, and protect your personal data in compliance with global data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By using thewhodirect.com, you acknowledge and consent to the practices described in this policy.
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to all users of thewhodirect.com, as well as all personal data collected through our online properties, communications, and services. For the purposes of GDPR and CCPA, The Who Direct is the data controller responsible for the processing of your personal data.
If you have any questions or concerns regarding this policy or our data practices, please contact us at [email protected].
3. Categories of Data Processed
We may collect, use, store, and transfer the following categories of personal data:
a. Usage Data
Includes information about how you use our website, such as browser type, IP address, access times, visited pages, referring URL, and session data. This data is collected automatically when you interact with the site.
b. Account Data
Includes personal data provided when creating an account, such as full name, billing address, shipping address, email address, and phone number.
c. Profile Data
Includes data relating to your activity on our platform, such as saved preferences, browsing behavior, purchase history, and interaction records within your user profile.
d. Communication Data
Includes information exchanged through customer service channels (such as support tickets, chat records, emails), inquiries made through contact forms, and feedback submissions.
e. Technical Data
Includes device-related technical data such as device identifiers, operating system, screen resolution, internet service provider, and browser configuration.
f. Transaction Data
Includes details of your transactions through thewhodirect.com, including payment information (processed securely through approved third-party processors), product details, shipping information, and order history.
g. Preference Data
Includes your marketing preferences, communication consents, newsletter subscriptions, and expressed product or content interests.
4. Legal Bases for Processing Personal Data
We process your personal data only when permitted under applicable law. The legal bases under the GDPR may include:
– Consent: When you have given clear and explicit permission for us to process your data for one or more specific purposes.
– Contract: When processing is necessary to perform a contract with you or to take steps at your request prior to entering into a contract.
– Legal Obligation: When we are required to comply with a legal or regulatory obligation.
– Legitimate Interests: When it is in our legitimate interests (and not overridden by your rights) to do so, such as to improve services, enhance user experiences, prevent fraud, or communicate relevant offerings, except where consent is required under applicable law.
5. Your Rights
Under GDPR and CCPA, users are afforded various rights concerning their personal data. These include:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right of Rectification: You have the right to correct inaccurate or incomplete data.
– Right of Erasure: Under certain conditions, you may request the deletion of your data (“Right to be Forgotten”).
– Right to Restrict Processing: You can request limits on how we use your data.
– Right to Data Portability: You are entitled to request that your data be provided in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to data processing based on legitimate interest or direct marketing.
– Right to Non-Discrimination: Under CCPA, you have the right not to be discriminated against for exercising your data rights.
– Right to Withdraw Consent: Where we rely on your consent, you are free to withdraw it at any time.
Requests concerning these rights may be submitted to us at [email protected].
6. Security Measures
The security of your personal data is of utmost importance to us. We employ a combination of administrative, technical, and physical safeguards to protect your information, including:
– Encryption of sensitive data both in transit and at rest
– Role-based access controls and 2FA authentication for internal systems
– Routine internal audits and threat detection
– Regular backups and disaster recovery procedures
– Staff training in data protection and privacy compliance
7. International Data Transfers
Wherever your data is processed, we safeguard it in accordance with applicable laws. If your data is transferred outside the European Economic Area (EEA) or similar regions with adequate protections, we ensure appropriate contractual assurances (e.g., Standard Contractual Clauses or equivalent legal mechanisms) are in place to ensure that your rights and protections accompany your data.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected or as required by legal or regulatory obligations. We apply the following retention periods:
– Account Data: Retained while the account is active and for a limited period thereafter for audit and compliance purposes.
– Transaction Data: Retained for at least 7 years to meet tax and financial reporting obligations.
– Communication Data: Retained for 2 years after resolution of the inquiry.
– Usage and Technical Data: Retained for up to 12 months for analytics and security purposes.
– Marketing Preferences: Retained until you revoke your consent or update your preferences.
9. Cookie Policy
The Who Direct uses cookies and similar tracking technologies to improve user experience on thewhodirect.com. Cookies may be classified as follows:
– Essential Cookies: Required for basic operation of the website (e.g., login, shopping cart functionality).
– Functional Cookies: Enable site personalization and retention of user preferences.
– Analytical Cookies: Collect aggregated statistical data for site performance, user behavior, and content optimization.
– Performance/Advertising Cookies: Enable tracking for advertising purposes, retargeting, and measuring marketing campaign effectiveness.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we provide users with clear and granular options for managing cookie preferences. On your first visit to thewhodirect.com, you are presented with a cookie consent banner allowing you to accept, reject, or customize your cookie settings.
You may also manage or disable cookies via your browser settings. For further information, consult our Cookie Management page or reach out to [email protected].
11. Special Protections for Children
Protecting the privacy of minors is especially important. We do not knowingly collect or process any personal data from children under the age of 13. If we become aware of such data having been collected inadvertently, we will take immediate steps to delete it from our systems. Parents or guardians who believe that their child’s data may have been collected are invited to contact us at [email protected].
12. Policy Updates and User Notifications
We reserve the right to amend this Privacy Policy at any time to reflect changes in our practices, legal requirements, or platform offerings. Material updates will be prominently posted on thewhodirect.com and, where required, we will notify users via email or other direct communication as appropriate.
Continued use of thewhodirect.com indicates acknowledgment and acceptance of the current version of this Privacy Policy.
13. Contact Information
If you have any questions, requests, or concerns relating to this Privacy Policy or your personal data, please contact our Privacy Team via:
Email: [email protected]
—
We are committed to full compliance with applicable privacy laws and to maintaining the trust of our users. Please reach out with any privacy concerns, and we will address your inquiry with diligence and transparency.