Privacy Policy for tribalgash.com

1. Introduction

At tribalgash.com (“we,” “our,” or “us”), we are committed to protecting the privacy, security, and rights of our users (“you” or “your”). This Privacy Policy outlines how we collect, use, store, and disclose your personal data, in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. We take a privacy-first approach in all our services and ensure that your information is handled with the utmost care and integrity.

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to all users accessing or interacting with tribalgash.com through any means or devices. For the purposes of data protection law, tribalgash.com is the data controller of your personal data, unless otherwise specified.

We process your data in accordance with applicable regulations and act as a controller for the data we determine the purposes and means of processing. If you have questions regarding this policy or the processing of your data, please contact us at [email protected].

3. Categories of Data Processed

We may collect and process the following categories of personal data:

– Usage Data: Includes information about how you access and use our website, such as your browser type, IP address, time zones, pages visited, clicks, length of visit, and session metrics.

– Account Data: Includes information you provide when creating an account, including your name, mailing address, email address, and contact phone number.

– Profile Data: Includes your preferences, previous purchases, behavior on the site, feedback, wishlist items, and shopping habits.

– Communication Data: Includes your communications with us, such as support inquiries, emails, chat interactions, and related correspondence history.

– Technical Data: Includes device identifiers, operating system information, language settings, and other technical configurations related to your access device.

– Transaction Data: Includes details about payments you make through our site, billing information, shipping address, payment method (processed securely through third-party processors), purchase history, and order fulfillment records.

– Preference Data: Includes marketing preferences, subscription status, product interests, and opt-in/opt-out details provided by you.

4. Legal Bases for Processing

We only process your personal data where the law permits. The lawful bases under the GDPR and CCPA include:

– Consent: Where we have obtained your informed consent to use your data for a specific purpose, such as newsletter subscriptions or marketing.

– Contract: Where processing is necessary to perform a contract with you, such as fulfilling an order you place through tribalgash.com.

– Legal Obligation: Where processing is necessary to comply with legal or regulatory requirements.

– Legitimate Interests: Where processing is necessary for our legitimate business interests—such as improving our website experience or preventing fraud—provided that your rights and interests do not override those interests.

5. Your Rights

As a data subject, and depending upon your jurisdiction, you may have the following rights:

– Right of Access: To request access to the personal data we hold about you.
– Right to Rectification: To request correction of your personal data if it is inaccurate or incomplete.
– Right to Erasure (“Right to be Forgotten”): To ask us to delete your personal data under certain circumstances.
– Right to Restrict Processing: To request the restriction of processing your personal data in certain situations.
– Right to Data Portability: To request your data in a structured, commonly used format for transfer to another controller.
– Right to Object: To object to the processing of your data based on our legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement industry-standard measures to ensure the integrity and confidentiality of your personal data, including:

– Secure encryption and SSL/TLS protocols for data transmission.
– Access control and role-based access restrictions.
– Routine data backups, disaster recovery procedures, and monitoring.
– Staff training and internal privacy governance protocols.

While we adopt these measures diligently, no transmission or storage method is 100% secure and we cannot guarantee absolute security.

7. International Data Transfers

Your personal data may be transferred to and stored in jurisdictions outside your country of residence, including the United States and the European Economic Area. In cases of international transfer, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), to comply with relevant data protection laws.

8. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes for which we collected it, including satisfying any legal, accounting, or reporting requirements. Retention periods vary by data type:

– Usage and Technical Data: Retained for up to 24 months.
– Account and Profile Data: Active until your account is deleted, plus an additional 12 months for security and auditing purposes.
– Transaction Data: Retained for up to 7 years for tax and legal obligations.
– Communication Data: Retained for 3 years for support and service improvement.
– Preference Data: Retained until you update your preferences or withdraw consent.

9. Cookie Policy

Tribalgash.com uses cookies and similar technologies to enhance your browsing experience:

– Essential Cookies: Required for core functionality such as security, navigation, and accessing secure areas.
– Functional Cookies: Allow the website to remember your preferences and customization settings.
– Analytics Cookies: Help us improve the site by tracking usage data, traffic sources, and behavior on the website.
– Performance Cookies: Measure performance indicators such as load times and responsiveness.

10. Cookie Management and Compliance

You have control over your cookie preferences and may manage or withdraw consent at any time through your browser settings or via the cookie consent banner available when visiting the site. We respect both GDPR and CCPA consent requirements, offering opt-in functionality for EU users and opt-out methods for Californian users under “Do Not Sell My Personal Information” provisions.

11. Children’s Privacy

Tribalgash.com is not intended for children under the age of 13, and we do not knowingly collect personal data from anyone under 13 years of age. If we learn that we have collected such information, we will take immediate steps to delete it. Parents or guardians who believe their child has provided us with personal data should contact us at [email protected].

12. Policy Updates and User Notifications

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page, and, where appropriate, we may notify you through the email address associated with your account or via site notifications. We encourage users to review this Policy regularly to stay informed.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: [email protected]

We are committed to compliance with applicable privacy laws and to ensuring that your data is handled responsibly. You may use the contact above for any privacy-related issue or to lodge a complaint. Your trust is important to us.