Privacy Policy

haroldshipman.com (“we,” “our,” or “us”) is fully committed to safeguarding the privacy and personal data of every visitor, user, and customer who interacts with our website. This Privacy Policy outlines how we collect, process, use, and protect your personal information in strict compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

By accessing or using haroldshipman.com, you acknowledge and consent to the practices described herein.

1. Introduction: Our Commitment to Data Privacy
At haroldshipman.com, your trust is paramount. We recognize the sensitivity of personal data and are committed to maintaining the highest standards of privacy and data protection. This Privacy Policy explains our commitments, your rights, and how we manage your information transparently and responsibly.

2. Scope and Data Controller
This Privacy Policy applies to all personal data collected through haroldshipman.com and any related services. We act as the “data controller” for the purposes of GDPR and as a “business” under the CCPA with respect to the personal data we collect and process. We make all reasonable efforts to ensure your data is handled in accordance with the legal requirements of your jurisdiction.

3. Categories of Data Processed
We only collect and process personal data to the extent necessary to provide our services effectively and lawfully. The categories of data we process include:

– Usage Data:
– Browser type and version
– IP address
– Interaction timestamps
– Page views and navigation paths
– Source of visit (referral data)
– Session analytics

– Account Data:
– Full name
– Contact address
– Email address
– Phone number
– Account credentials (username, encrypted passwords)

– Profile Data:
– Purchase history
– Behavioral and preference profiles
– Feedback and reviews

– Communication Data:
– Customer service inquiries
– Email correspondence
– Communication logs and follow-ups

– Technical Data:
– Device identifiers
– Operating system and configuration
– Browser settings and plug-in details
– Security tokens

– Transaction Data:
– Payment method (tokenized data only)
– Billing and shipping information
– Invoicing records
– Transaction timestamps

– Preference Data:
– Consent to marketing and communications
– Product or content preferences
– Opt-in and opt-out history

4. Legal Basis for Processing
We process personal data under the following lawful bases:

– Consent: where users have explicitly provided their consent for specific types of data processing.
– Contract: where processing is necessary to fulfill our contractual obligations, such as delivering products or services.
– Legal Obligation: where required to comply with legal or regulatory duties.
– Legitimate Interest: to enable, maintain, and improve our services and ensure website security, fraud prevention, and communication relevance, provided such interests do not override user rights and freedoms.

5. Your Rights
In accordance with the GDPR and CCPA, you are entitled to exercise the following rights:

– Right of Access – obtain confirmation as to whether or not personal data concerning you is being processed and access to such data.
– Right to Rectification – request correction of any inaccurate or incomplete data.
– Right to Erasure – request deletion of personal data, subject to applicable legal constraints.
– Right to Restriction – limit data processing under certain circumstances.
– Right to Data Portability – request transfer of your data to another service provider.
– Right to Object – object to processing based on legitimate interests or direct marketing.
– Right to Non-Discrimination – under the CCPA, we will not deny goods or services or offer different pricing based on the exercise of your rights.

Requests can be made by contacting us at [email protected].

6. Security Measures
To ensure the confidentiality and integrity of personal data, haroldshipman.com implements robust security measures including:

– AES-256 encryption for data in transit and at rest
– Role-based access control and multi-factor authentication
– Regular security audits, penetration testing, and system monitoring
– Encrypted offsite backups and disaster recovery protocols
– Data protection training for authorized personnel

7. International Data Transfers
Where data is transferred outside the European Economic Area (EEA), we implement safeguard mechanisms, including:

– Standard Contractual Clauses approved by the European Commission
– Data transfers to countries providing an adequate level of protection per regulatory assessments
– Privacy Shield framework (for transfers to certified U.S. entities, if applicable)

8. Data Retention
We retain personal data only for as long as necessary for the purposes set out below:

– Account and Transaction Data: 6 years (for tax and legal compliance)
– Usage and Technical Data: 12 months (for analytics and performance optimization)
– Communication Data: 24 months (for service and dispute resolution)
– Marketing Preferences: until the user withdraws consent or unsubscribes
– Backup Archives: up to 90 days in secured encrypted storage

Upon the fulfillment of the data processing purpose, data will be securely deleted or anonymized.

9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience and analyze site performance. The types of cookies include:

– Essential Cookies – required for functionality and navigation
– Functional Cookies – used to remember user preferences
– Analytics Cookies – collect aggregated data to improve site performance (e.g., Google Analytics)
– Performance Cookies – monitor errors and behavior to optimize efficiency

Cookies collect information such as browser type, pages visited, session duration, and interaction data.

10. Cookie Management and Compliance
In compliance with GDPR and CCPA:

– European visitors are presented with a cookie consent banner upon first visit, providing an opt-in mechanism.
– California residents can request to opt-out of the sale or sharing of personal information by managing cookie preferences.
– You may manage or disable cookies via your browser settings or by visiting our Cookie Settings page, accessible from the site footer.

11. Protection for Children
haroldshipman.com is not intended for use by individuals under the age of 13. We do not knowingly collect personal data from children. If we become aware of such data collection, we will take prompt steps to delete it. Parents or legal guardians concerned with their child’s data should contact us directly.

12. Updates to this Privacy Policy
We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices or applicable laws. Material changes will be communicated via website notice or direct communication where appropriate. Continued use of haroldshipman.com after such changes signifies your acceptance of the revised terms.

13. Contact Us
If you have any questions, requests, or concerns regarding this Privacy Policy or your personal data, please contact our Data Protection Officer at:

Email: [email protected]

We are committed to ensuring your personal data is handled transparently, securely, and in full compliance with data protection laws. If you are dissatisfied with our response, you have the right to contact your data protection authority.

This Policy affirms our compliance with the GDPR, the CCPA, and other applicable data privacy regulations. Please contact us at [email protected] with any privacy inquiries or to exercise your rights under this Policy.