Privacy Policy
1. Introduction
At Lowland Hundred, accessible at lowlandhundred.com, we are committed to safeguarding your personal data and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and protect your information in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy laws. We adopt a privacy-first approach to data handling, ensuring your personal information is processed transparently, lawfully, and with the utmost care.
2. Scope and Role of the Data Controller
This Privacy Policy applies to all users of our website, services, and interactions within the lowlandhundred.com digital environment. Lowland Hundred operates as the Data Controller of your personal data, and we are responsible for determining the purposes and methods of any personal data processing. If you have questions about this policy or our data processing practices, you may contact us at [email protected].
3. Categories of Data We Process
We collect and process several categories of personal data, depending on how you interact with our website:
– Usage Data: Information about how you interact with the site, including browser type, IP address, device ID, operating system, time zone setting, and location data. We also gather data on page views, session duration, and navigation paths to improve user experience.
– Account Data: Information provided during account registration or checkout, such as your name, email, postal address, and contact number.
– Profile Data: Preferences, purchase history, engagement behavior, saved items, and interests related to our products or services.
– Communication Data: Records of customer service communications, support queries, emails, contact form submissions, and messaging history.
– Technical Data: Device type, system configuration, browser plugins, application versions, and network information automatically collected to ensure functionality.
– Transaction Data: Payment and billing information, delivery addresses, order details, purchase confirmations, and refund records. Note: Payment data may be handled by third-party processors.
– Preference Data: Details related to marketing and communication preferences, participation in surveys, and expressed interests in specific categories or offerings.
4. Legal Bases for Processing Personal Data
Our processing of personal data is based on one or more of the following legal grounds:
– Consent: Where you voluntarily provide information or opt-in for specific services or marketing communications.
– Contractual Necessity: Where processing is required for the performance of a contract to which you are a party.
– Legal Obligation: Where necessary to comply with a legal requirement.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, such as site improvement, fraud prevention, marketing (where legally permitted), and analytics, provided these interests do not override your rights and freedoms.
5. Your Rights Under GDPR and CCPA
You have the following rights regarding your personal data:
– Right of Access: Request information about the data we hold relating to you.
– Right to Rectification: Correct inaccuracies in your personal information.
– Right to Erasure: Request deletion of your data, subject to legal and contractual limitations.
– Right to Restrict Processing: Limit the way your data is processed under certain conditions.
– Right to Data Portability: Receive your data in a structured, commonly used format for transmission to another controller.
– Right to Object: Object to processing based on legitimate interest and to direct marketing.
– Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time.
– Right to Non-Discrimination (CCPA): Exercise your privacy rights without receiving discriminatory treatment.
You can exercise these rights by contacting us at [email protected].
6. Security Measures
We employ a range of organizational and technical security measures to protect your data against loss, unauthorized access, alteration, or destruction. These include:
– Industry-standard SSL/TLS encryption for web traffic and data transmission.
– Storages systems protected through physical, administrative, and digital safeguards.
– Role-based access control to limit access to data based on job responsibilities.
– Regular security audits and risk assessments.
– Training and awareness programs to educate staff on data protection best practices.
7. International Data Transfers
We may transfer your personal data to locations outside of your country, including countries that may not have equivalent data protection laws. In such cases, we ensure appropriate safeguards are implemented, including:
– Use of Standard Contractual Clauses approved by the European Commission.
– Ensuring recipient entities maintain adequate levels of data protection.
– Adhering to regional legal requirements for such transfers.
8. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, or as required by law:
– Account Data and Profile Data are retained for as long as your account is active, and for a reasonable subsequent period to address legal or transactional follow-up.
– Transaction and Communication Data are typically retained for seven (7) years in alignment with statutory requirements.
– Technical and Usage Data may be retained for shorter periods (e.g., 12–24 months) for performance and analytics purposes.
– Where processing is based on consent (e.g., direct marketing), data is retained until the user withdraws consent.
9. Cookie Policy
lowlandhundred.com uses cookies and similar technologies to enhance the user experience. Categories of cookies include:
– Essential Cookies: Necessary for the website to function (e.g., maintaining session state and managing shopping carts).
– Functional Cookies: Enable personalized features and site preferences.
– Analytics Cookies: Help us understand how users interact with the site, such as Google Analytics.
– Performance Cookies: Monitor and improve site speed, responsiveness, and performance consistency.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we offer visitors the ability to manage cookie settings via a prominent cookie banner upon first visit. You can:
– Accept or deny different types of cookies.
– Withdraw or modify your consent at any time from cookie preference centers.
– Disable cookies through browser settings, though some site features may become unavailable.
We also honor Do Not Track (DNT) browser settings and provide equivalent opt-out opportunities for California residents under CCPA.
11. Children’s Data Protection
Our website is not intended for children under the age of 13. We do not knowingly collect or solicit personal information from anyone under this age. If you believe that a child under 13 has provided personal data to us, please contact us at [email protected] so that we can take appropriate steps to delete that information.
12. Policy Updates and Notification
We may update this Privacy Policy periodically to reflect changes in legal obligations, technology, or our operations. Where significant changes occur, we will notify users through appropriate channels, such as on-site notices, email communications, or through account dashboards where applicable. Continued use of our services after changes become effective indicates your acceptance of the updated policy.
13. Contact Information
If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights under applicable privacy laws, please contact us at:
Email: [email protected]
We are committed to full compliance with the GDPR, CCPA, and other applicable privacy frameworks. If you have concerns about how your personal data is used, please do not hesitate to reach out.