Privacy Policy for Two Buoys Lobster
1. Introduction
Two Buoys Lobster (“we,” “our,” “us”) is committed to protecting your privacy and ensuring the security of your personal data. We prioritize a privacy-first approach and strive to maintain transparency about how your information is collected, used, and protected when you visit our website, twobuoyslobster.com, or interact with our services. Our practices comply with the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other relevant privacy laws.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all data collected through our website, twobuoyslobster.com, and related services. As the data controller under GDPR, we determine the purposes and means of processing your personal data. If you have any questions or concerns regarding your personal information, please contact us at [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
– Usage Data: Includes information about your browser type and version, IP address, time zone settings, operating system, referring URLs, and interaction with pages on twobuoyslobster.com such as session duration and navigation paths.
– Account Data: Includes your full name, mailing address, billing address, email address, and phone number, particularly when you register an account or place an order.
– Profile Data: Includes demographic information, product preferences, purchase history, feedback, and behavioral trends based on interactions with our services.
– Communication Data: Includes email correspondence, customer support messages, live chat transcripts, inquiries, feedback, and any other information voluntarily provided when contacting us.
– Technical Data: Includes device identifiers, hardware type, screen resolution, language settings, connection type, and system configurations.
– Transaction Data: Includes details about your orders, payment method used (processed via secure third-party vendors), fulfillment and delivery status, and any associated transaction records.
– Preference Data: Includes your consent for marketing communications, newsletter subscriptions, product interest selections, and related opt-in preferences.
4. Legal Bases for Processing Personal Data
We process your personal data lawfully under the following legal bases:
– Performance of Contract: Processing necessary to fulfill a contract with you, including order processing and service delivery.
– Legitimate Interests: Processing based on our legitimate interest in providing an optimal user experience, improving services, marketing relevant products, and ensuring website security.
– Consent: Processing based on your explicit and informed consent, which you may withdraw at any time.
– Legal Obligation: Processing necessary to comply with legal obligations such as tax and regulatory requirements.
5. Your Data Protection Rights
Under applicable laws, you have the following rights regarding your personal data:
– Right of Access: Obtain confirmation as to whether personal data is being processed, and access to that data.
– Right to Rectification: Request correction of inaccurate or incomplete personal information.
– Right to Erasure: Request deletion of your data where applicable (the “right to be forgotten”).
– Right to Restriction: Restrict certain forms of processing where you contest the accuracy or lawfulness of our data use.
– Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
To exercise any of your rights, please contact us at [email protected]. We will respond to verifiable requests within applicable statutory timeframes.
6. Security Measures
We implement rigorous technical and organizational measures to protect your personal data. These include but are not limited to:
– End-to-end encryption during data transmission
– Role-based access control for authorized personnel only
– Regular data backups and intrusion detection systems
– Employee training on data handling and cybersecurity best practices
While we take all reasonable efforts to safeguard data, no internet-based service can guarantee absolute security. We encourage you to use complex passwords and remain alert for phishing or fraudulent activity.
7. International Transfers
When transferring personal data outside of the European Economic Area (EEA) or other jurisdictions with similar data protection laws, we ensure such transfers are done lawfully using:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Other appropriate safeguards ensuring the level of protection is equivalent to GDPR
Your data may be processed in countries where service providers, partners, or data centres are located. We ensure these third parties adhere to robust contractual obligations concerning data protection and privacy.
8. Data Retention
We retain personal data only as long as necessary for the purposes stated in this policy or to comply with legal obligations, as outlined below:
– Usage & Technical Data: Up to 12 months, for analytics and security
– Account Data: For the duration of the account and up to 6 years for legal compliance
– Profile & Preference Data: 2 years from last interaction
– Transaction Data: 6 years for tax and audit compliance
– Communication Data: 3 years from last contact, unless required longer for legal reasons
After these periods, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance your browsing experience on twobuoyslobster.com. Types of cookies include:
– Essential Cookies: Necessary for website functionality, logins, and secure transactions.
– Functional Cookies: Remember your preferences and settings for a personalized experience.
– Analytics Cookies: Collect aggregated usage data to evaluate site performance and traffic sources.
– Performance Cookies: Monitor load times, page errors, and site behavior to optimize functionality.
Cookies do not typically contain personal data. However, they may be linked to other data we maintain.
10. Cookie Management & GDPR/CCPA Compliance
When you first visit twobuoyslobster.com, a cookie banner will give you the ability to accept or manage cookie preferences. You can change your preferences at any time via the “Cookie Settings” option available on our site or through your browser settings.
We do not sell your personal data as defined under the CCPA. California residents may opt out of any data-sharing arrangements that could be construed as a “sale” by exercising rights outlined in Section 5.
11. Special Protections for Children
We do not knowingly collect or solicit personal information from children under the age of 13. If you believe a child has provided us with personal data without parental consent, please contact us at [email protected], and we will promptly take steps to delete this information.
12. Policy Updates
We reserve the right to modify this Privacy Policy to reflect changes in legal requirements, data practices, or service enhancements. Updates will be posted on this page. We encourage users to periodically review this policy to remain informed about how we protect your data.
Where required by law, we will notify you of substantive changes via email or an on-site notification prior to the change taking effect.
13. Contact
If you have any questions, concerns, or wish to exercise your data protection rights, please contact us at:
Email: [email protected]
Website: twobuoyslobster.com
We are committed to full compliance with applicable data protection laws and will respond promptly to any privacy-related inquiries or requests.
—
Two Buoys Lobster remains dedicated to upholding your privacy and data protection rights. For any concerns regarding the use or security of your personal information, please do not hesitate to reach out at [email protected].