Privacy Policy
At The Shire Café (“we,” “us,” or “our”), accessible via theshirecafe.com, we are committed to safeguarding your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you interact with our website and related services. We are dedicated to meeting the highest data protection standards, including compliance with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other applicable data privacy laws.
1. Scope and Role of Data Controller
This Privacy Policy applies to the personal data collected through theshirecafe.com and related digital services operated or utilized by The Shire Café. For the purposes of applicable data protection laws, The Shire Café is the “Data Controller” of your personal data, meaning we determine the purposes and means of processing that data. If you have any questions regarding this policy or your data, you may contact us at [email protected].
2. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
a. Usage Data:
Information about your interactions with our Website, including IP addresses, browser type and version, geographic location, operating system, referral source, length of visit, page views, and navigation paths. This data helps us optimize performance and user experience.
b. Account Data:
Data you voluntarily provide when creating an account or initiating a transaction with us, including your first and last name, billing and shipping addresses, email address, and telephone number.
c. Profile Data:
Information gathered through your interactions with our site and services, including your product preferences, purchase and browsing history, and behavioral data related to your use of theshirecafe.com.
d. Communication Data:
Records of correspondence between you and The Shire Café, including inquiries, support conversations, complaints, and service-related communications.
e. Technical Data:
Device-specific data such as hardware model, unique device identifiers, operating system and version, and system configurations used to access our platform.
f. Transaction Data:
Details about purchases and order fulfillment, including payment method (processed via secure third-party vendors), shipping information, and financial transaction logs.
g. Preference Data:
Your choices in receiving marketing communications from us, your contact preferences, and your indicated interests.
3. Legal Bases for Data Processing
We process your personal data on one or more of the following lawful bases:
– Consent: When you give us explicit permission to process your data for a specific purpose (e.g., subscribing to a newsletter).
– Contractual Necessity: To perform our contract with you or to take steps at your request before entering into a contract (e.g., fulfilling an online order).
– Legitimate Interests: For purposes such as fraud prevention, network security, enhancing our services, and direct marketing (where permitted).
– Legal Obligation: Where necessary for compliance with our legal or regulatory obligations.
4. Your Rights Under Data Protection Laws
In accordance with GDPR and CCPA, you are entitled to exercise the following rights regarding your personal data:
– Right of Access: Obtain a copy of your personal data held by us.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data where legally permissible.
– Right to Restrict Processing: Request the temporary suspension of processing certain data.
– Right to Data Portability: Receive your personal data in a commonly used, machine-readable format and transmit it to another controller.
– Right to Object: Object to processing where we rely on legitimate interests or conduct profiling in direct marketing.
To exercise any of these rights, please contact our Data Privacy Officer at [email protected].
5. Security Measures
We implement appropriate technical and organizational security measures to ensure the integrity, confidentiality, and availability of your personal data. These include:
– End-to-end encryption of sensitive data in transit and at rest.
– Multi-tiered access controls restricting unauthorized data access.
– Secure, regular backups to preserve data in the event of loss or breach.
– Employee training on secure data handling and incident response.
6. International Data Transfers
Where we transfer personal data outside of the European Economic Area (EEA) or other jurisdictions with data protection laws, such transfers are governed by the European Commission’s Standard Contractual Clauses or other recognized legal mechanisms. We take all reasonable steps to ensure your data remains protected and secure during any international transfers.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes we collected it for, including to satisfy legal, accounting, or reporting obligations. The typical retention periods are as follows:
– Usage Data: 12 months
– Account & Profile Data: Retained during the lifetime of the user account and up to 3 years after inactivity
– Transaction Data: 7 years for legal and audit requirements
– Communication & Preference Data: 2 years following the last communication unless further retention is required for legal compliance
8. Cookie Policy
Our website, theshirecafe.com, uses cookies to enhance user experience and ensure optimal performance. The categories of cookies we use include:
– Essential Cookies: Required for website functionality and core operations.
– Functional Cookies: Remember your settings and preferences for a customized experience.
– Analytics Cookies: Help us understand how visitors use our site, allowing us to improve functionality and content.
– Performance Cookies: Assist in measuring website performance metrics such as load speed and error tracking.
9. Cookie Management and User Controls
You control your cookie preferences via our Cookie Consent Manager, which prompts upon your first site visit and can be adjusted at any time. Under GDPR and CCPA, you have the right to opt-in or opt-out of all non-essential cookies. Browser-level controls are also available to clear or block cookies as needed.
10. Children’s Privacy
Our services are not directed toward children under the age of 13. We do not knowingly collect or solicit personal data from minors. If you are under 13, do not submit personal information through the site. If you believe a child under 13 has provided us with personal data, please contact us at [email protected], and we will take appropriate action to delete the data.
11. Changes to This Policy
We reserve the right to update or amend this Privacy Policy as business practices or legal requirements evolve. When changes are made, we will notify users through our website or via direct communication methods if necessary. Continued use of theshirecafe.com following such updates indicates your acceptance of the revised policy.
12. Contact Information
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please reach out to us at:
Email: [email protected]
Website: https://theshirecafe.com
We are committed to upholding your rights and ensuring that your personal data is collected, processed, and stored with the utmost care and responsibility.
Thank you for trusting The Shire Café with your information.