Privacy Policy for Milk Bar Phoenix
1. Introduction
At Milk Bar Phoenix (“we,” “us,” or “our”), accessible at milkbarphoenix.com, we are committed to protecting and respecting your privacy. We recognize the importance of safeguarding personal data and are dedicated to handling your information in a transparent, secure, and privacy-conscious manner. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information and your rights regarding that information under the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable laws.
2. Scope of this Policy and Data Controller Responsibility
This Privacy Policy applies to all users of this website, milkbarphoenix.com, and any related digital services or communications. For the purposes of the GDPR, Milk Bar Phoenix is the “data controller,” which means we determine the purposes and means of processing personal data.
By engaging with our website or services, you consent to the practices described in this Policy unless otherwise stipulated by applicable law. If you do not agree, please refrain from using the site.
3. Categories of Personal Data We Collect
When you interact with milkbarphoenix.com, we collect the following categories of personal data, either directly from you or automatically through your use of our services:
a. Usage Data
Information about how you use our website, including IP address, browser type and version, time zone setting, access times, referring URLs, and clickstream data.
b. Account Data
Details you provide when registering or creating an account with us, such as your full name, postal address, email address, and phone number.
c. Profile Data
Details related to your preferences and interactions, including purchase history, feedback, wish lists, browsing behavior, and loyalty participation.
d. Communication Data
Records of your interactions with us, including inquiries, complaints, support requests, and communication preferences.
e. Technical Data
Data about the devices you use to access our services, operating system, device type, hardware model, unique device identifiers, and browser configurations.
f. Transaction Data
Information necessary to process orders and payments, including billing information, delivery addresses, order history, and payment authorization tokens. We do not store full payment card details on our systems.
g. Preference Data
Information regarding your marketing preferences, newsletter signups, consent to promotional campaigns, and indicated interests in products or services.
4. Legal Bases for Processing Personal Data
We process your personal information only where legally permitted. Our lawful bases for processing include:
– Consent: Where you have explicitly given your consent (e.g., subscribing to newsletters or marketing communications).
– Contract Performance: Where processing is necessary to fulfill our obligations under a contract with you (e.g., order fulfillment).
– Legal Obligation: Where processing is necessary for compliance with applicable laws or statutory requirements (e.g., tax compliance).
– Legitimate Interests: Where processing is necessary for our legitimate business purposes, provided your interests and fundamental rights do not override those interests (e.g., fraud prevention, website optimization).
5. Your Rights
Subject to applicable legal limitations, you have the following rights under the GDPR and CCPA:
– Right to Access: Obtain confirmation of whether we process your personal data and a copy of the data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your personal data, subject to legal and contractual obligations.
– Right to Restriction: Request suspension or limitation of processing of your data under specific circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing purposes.
– Right Not to Be Subject to Automated Decision-Making: Be free from decisions made solely through automated processing, including profiling, when these decisions have legal or significant effects.
– Right to Opt-Out (CCPA): California residents have the right to opt out of the sale or sharing of personal data. Note that we do not sell personal data to third parties.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational safeguards to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These include, but are not limited to:
– Data encryption (in transit and at rest)
– Role-based access controls and authentication
– Secure server environments and firewalls
– Regular security assessments and vulnerability scans
– Staff training and confidentiality agreements
Despite our efforts, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.
7. International Transfers
Your personal data may be transferred to and processed in countries outside of your jurisdiction, including countries that may not have data protection laws equivalent to those in your jurisdiction. Where such transfers occur, we implement appropriate safeguards, such as standard contractual clauses approved by the European Commission, to ensure a comparable level of protection is applied to your personal data.
8. Data Retention
We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including legal, accounting, and regulatory obligations. The specific retention periods vary depending on the category of data:
– Usage and Technical Data: 12–18 months
– Account and Profile Data: For the duration of the active account and up to 6 years thereafter
– Transaction Data: 7 years (for financial and compliance purposes)
– Communication Data: 3 years from the last interaction
– Preference Data: Until unsubscribed or consent is withdrawn
Upon expiration of the retention period, data is irreversibly anonymized or securely deleted.
9. Cookie Policy
We use cookies and similar technologies to enhance your browsing experience and analyze website traffic. Cookies are small data files stored on your device.
We categorize cookies as follows:
– Essential Cookies: Required for core website functionality (e.g., security, session management).
– Functional Cookies: Support enhanced features (e.g., language selection, saved settings).
– Analytics Cookies: Gather anonymized data to help us understand user behavior and improve functionality through tools like Google Analytics.
– Performance Cookies: Measure performance indicators such as page load times and response rates.
10. Cookie Management and Compliance
Upon accessing our website, you are presented with the option to manage your cookie preferences. You can modify these at any time via your browser or our cookie preference management tool.
In compliance with GDPR, we seek affirmative consent prior to placing non-essential cookies. For CCPA compliance, California residents may opt out of data sharing that may occur through cookies used by third-party services.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have inadvertently received personal data from a child under 13, we will delete that data from our records promptly. Parents or guardians who believe that we may have collected information from a child are encouraged to contact us using the details provided below.
12. Policy Updates
We reserve the right to amend or update this Privacy Policy from time to time to reflect changes in legal requirements, technological advances, or business operations. When changes are made, we will post the revised policy on milkbarphoenix.com and, where appropriate, notify users through prominent notices or email. Continued use of our services constitutes acceptance of the updated terms.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, you are encouraged to contact us using the following email:
Email: [email protected]
We are fully committed to upholding regulatory compliance and respecting the privacy of all visitors and customers. Please reach out to us if you wish to exercise your rights or learn more about our privacy practices.