PRIVACY POLICY
This Privacy Policy describes how personal data is collected, used, and protected by The Last of the Great Apes (“we,” “us,” or “our”) through our website located at thelastofthegreatapes.com (“the Website”). We are committed to safeguarding your privacy and maintaining the highest level of data protection in compliance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Introduction: Our Commitment to Data Protection
We are dedicated to protecting the personal data of our users and respecting their rights regarding privacy and information security. By accessing our Website or providing your personal information to us, you acknowledge and consent to the practices described in this Privacy Policy. We process personal data lawfully, transparently, and for specific, legitimate purposes, minimizing data collection to what is necessary and ensuring its security at all times.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all individuals who visit or use thelastofthegreatapes.com, regardless of location, and to all personal data collected through the Website. As the data controller for purposes of GDPR and the business under CCPA, we determine the purposes and means of processing your personal data.
Users located in the European Economic Area (EEA), the United Kingdom, and California should be aware that additional rights may apply under the respective jurisdictions.
3. Categories of Data We Process
We may collect and process the following categories of personal data through thelastofthegreatapes.com:
– Usage Data: Includes IP address, browser type and version, time zone setting, browser plug-in types, location data, operating system and platform, session timestamps, and pages visited.
– Account Data: Includes your full name, mailing address, email address, phone number, and login credentials for registered users.
– Profile Data: Includes purchase history, user behavior, preferences, and activity on the Website.
– Communication Data: Includes records of your communications with us, including contact forms, emails, support requests, and any other communications submitted via the Website.
– Technical Data: Includes device information, configurations, error logs, and other diagnostics collected through cookies or similar tracking technologies.
– Transaction Data: Includes payment details (processed via secure third-party services), billing and shipping addresses, product or service details, and invoice history.
– Preference Data: Includes marketing preferences, newsletter subscriptions, product interest indicators, and consent status for marketing communications.
We do not collect or process special categories of personal data unless explicitly provided by you and where permitted under applicable law.
4. Legal Bases for Processing
We process your personal data using one or more of the following legal bases under the GDPR:
– Consent: Where you have given clear consent for us to process your data for a specific purpose (e.g., subscribing to a newsletter).
– Contractual Necessity: When processing is necessary for the performance of a contract with you or to take pre-contractual steps at your request.
– Legal Obligation: Where processing is required to comply with a legal or regulatory obligation.
– Legitimate Interests: When we process personal data to pursue our legitimate interests (e.g., to improve services, prevent fraud, or ensure IT security), provided that such interests are not overridden by your rights and interests.
5. Your Rights Under Data Protection Laws
Depending on your location, you may have the following rights regarding your personal data:
– Right of Access: Request a copy of the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to Be Forgotten”): Request deletion of your personal data under certain conditions.
– Right to Restrict Processing: Request suspension or limitation of processing in specific circumstances.
– Right to Data Portability: Request a copy of your data in a structured, commonly used, and machine-readable format.
– Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent: Withdraw your consent at any time, without affecting the lawfulness of processing before such withdrawal.
To exercise your rights, please contact us at [email protected]. We may require you to verify your identity before fulfilling your request.
6. Data Security Measures
We implement industry-standard technical and organizational measures to safeguard your personal data. Security practices include:
– Encryption of data in transit and at rest
– Multi-factor authentication for system access
– Regular security audits and vulnerability assessments
– Secure coding practices
– Regular backups and disaster recovery protocols
– Employee training and confidentiality agreements for those with access to personal data
Despite these measures, no method of transmission over the Internet is entirely secure. We encourage you to take appropriate steps to protect your personal data and use secure passwords and updated software.
7. International Data Transfers
If you are located in a country outside the United States, please note that your data may be transferred to servers located in the United States or other jurisdictions where data protection laws may be different. In such cases, we ensure appropriate safeguards are in place, including:
– Standard Contractual Clauses approved by the European Commission
– Compliance with applicable regional requirements
– Data transfer agreements with processors and partners
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or as required by applicable law. Specific retention periods include:
– Usage and Technical Data: Retained for up to 12 months for analytics and performance monitoring.
– Account Data: Retained as long as the account is active and up to 6 years afterward for legal and audit purposes.
– Transaction Data: Retained for 7 years to comply with tax and financial regulations.
– Communication Data: Retained for up to 3 years after last user interaction.
– Profile and Preference Data: Retained for up to 2 years from last activity, unless consent is withdrawn earlier.
When data is no longer needed, it is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies on thelastofthegreatapes.com to enhance user experience, analyze website usage, and deliver personalized content and advertisements. Categories of cookies include:
– Essential Cookies: Necessary for the operation of the Website (e.g., login, cart, navigation).
– Functional Cookies: Enable enhanced functionality and user preferences.
– Analytics Cookies: Used to understand and improve performance by collecting aggregated usage data (e.g., via Google Analytics).
– Performance Cookies: Help us improve Website responsiveness and error management.
10. Cookie Management and Compliance
In compliance with the GDPR and CCPA, we provide a cookie banner upon first access where users may accept or reject non-essential cookies. You may manage your cookie preferences at any time through browser settings or our Cookie Consent Tool available on the Website.
Under the CCPA, California residents may exercise the right to opt out of the “sale” or “sharing” of personal data (as defined under CCPA) by using the “Do Not Sell or Share My Personal Information” link, where applicable.
11. Children’s Privacy
Our Website is not intended for use by children under the age of 13. We do not knowingly collect or solicit personal information from anyone under 13. If we learn that we have inadvertently received personal data of a child under 13 without verifiable parental consent, we will delete such information promptly. Parents or guardians who believe their child has provided personal data should contact us at [email protected].
12. Policy Updates
We reserve the right to modify this Privacy Policy from time to time to reflect changes in technology, applicable laws, or our practices. Any changes will be posted on this page. Where appropriate, we will notify users by email or prominently display a notice on the Website to inform them of significant updates.
13. Contact Us
For any questions, requests, or concerns relating to this Privacy Policy or the handling of your personal data, please contact us at:
Email: [email protected]
We are committed to complying with all applicable data protection laws, including GDPR and CCPA. If you have privacy concerns or feel your rights have been violated, please reach out using the contact information provided above.