Privacy Policy for Willow Guild

1. Introduction

At Willow Guild, accessible via willowguild.com, we are steadfast in our commitment to protecting your privacy and maintaining the integrity of your personal data. We are dedicated to ensuring that the information you provide is handled responsibly, securely, and in full accordance with applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of your personal information and affirms our accountability as stewards of your data.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all personal information collected through your interaction with willowguild.com and related services (the “Services”). Willow Guild is the data controller for the processing of personal data described in this policy. Where applicable, we act as the business under the CCPA and the data controller under the GDPR.

3. Categories of Personal Data We Process

Depending on your interactions with our Services, we may collect and process the following categories of personal data:

– Usage Data: Including but not limited to your IP address, browser type and version, time zone setting and location, session details, and browsing activity on our website.
– Account Data: Information provided when creating an account, such as full name, physical address, email address, and phone number.
– Profile Data: Information about your preferences, previous purchases, browsing behavior, and user settings.
– Communication Data: Information submitted through contact forms, support requests, customer service interactions, and email correspondences.
– Technical Data: Details about the devices you use to access our Services, operating system, system settings, and other technical identifiers.
– Transaction Data: Payment and billing details, order history, delivery information, order confirmations, and invoices.
– Preference Data: Record of marketing communication preferences, product interests, and newsletter subscriptions.

4. Legal Bases for Processing Personal Data

We rely on the following legal bases under applicable data protection laws to process your personal data:

– Performance of a Contract: Where processing is necessary to fulfill our contractual obligations to you, including account management and delivery of Services.
– Legitimate Interests: For purposes of fraud prevention, maintaining the security of our website, improving user experience, and marketing related to our Services (subject to your rights and interests).
– Consent: Where you have explicitly consented, particularly concerning cookies, marketing communications, or promotional offers.
– Legal Obligation: Where we are required to comply with legal obligations such as tax, regulatory, or consumer protection laws.

5. Your Data Subject Rights

Subject to applicable laws, you may have the following rights in connection with your personal data:

– Right of Access: You have the right to request information about whether your data is being processed and access to that data.
– Right to Rectification: You may request correction of any inaccuracies in your personal data.
– Right to Erasure: You may request deletion of your personal data in specific circumstances, including when processing is no longer necessary.
– Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain cases.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used format and to transmit that information to another controller.
– Right to Object: Under certain conditions, you may object to our processing of your personal data, particularly for direct marketing purposes.
– Right Not to Be Subject to Automated Decision-Making: We do not engage in processing that results in automated decision-making that produces legal or similarly significant effects.

To exercise any of the above rights, please contact us at [email protected].

6. Security Measures

We implement a range of technical and organizational measures designed to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include, but are not limited to:

– Secure encryption protocols for data transmission and storage.
– Role-based access control and strict authentication procedures.
– Regular data backups and secure disaster recovery processes.
– Internal policies and employee training on data protection best practices and legal compliance.

7. International Transfers

Willow Guild may transfer personal data to service providers and affiliates outside of your jurisdiction, including countries that may not afford the same level of data protection. In such cases, we rely on appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other lawful mechanisms recognized under applicable law, to ensure your data remains protected.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, regulatory, tax, accounting, or reporting requirements. Retention periods for personal data vary depending on the type of data:

– Usage and Technical Data: Retained no longer than 12 months.
– Account and Profile Data: Retained as long as your account remains active, and up to 3 years after inactivity.
– Transaction and Communication Data: Retained for up to 7 years for legal and financial audit purposes.
– Consent and Preference Data: Retained until you withdraw your consent or unsubscribe.

9. Cookie Policy

Willow Guild uses cookies and similar tracking technologies on willowguild.com for a variety of purposes:

– Essential Cookies: Required for the operation of our website and core functionality. These cannot be disabled.
– Functional Cookies: Enable enhanced personalization and remember your preferences across sessions.
– Analytical Cookies: Allow us to analyze site usage and performance to improve user experience.
– Performance Cookies: Track traffic sources and page engagement metrics to optimize our Services.

10. Cookie Management and Compliance

You can manage your cookie preferences directly through our cookie consent tool upon visiting willowguild.com or by adjusting your browser settings. Under both the GDPR and CCPA, you have the right to reject non-essential cookies and withdraw your consent at any time. Our cookie banner reflects these legal requirements and provides easy opt-in and opt-out options.

Residents of California can further exercise their CCPA rights, including Do Not Sell My Personal Information requests, through functionality embedded on our website or by contacting us directly at [email protected].

11. Children’s Privacy

Willow Guild does not knowingly collect or solicit personal information from individuals under the age of 13. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete the information and terminate the associated accounts as required by applicable law. Parents or legal guardians who believe their child has submitted personal information may contact us at [email protected].

12. Updates to This Privacy Policy

We may revise this Privacy Policy from time to time to reflect changes in our business practices, technologies, legal obligations, or for other operational reasons. Any updates will be posted on willowguild.com, and where legally required, we will provide prominent notice or seek your consent. We encourage users to review this policy periodically for the latest information.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the manner in which we process your personal data, please do not hesitate to contact us:

Email: [email protected]

At Willow Guild, we are committed to full compliance with applicable privacy laws and to fostering transparency and trust with our users. We welcome all privacy-related inquiries and will respond promptly in accordance with regulatory expectations.