Privacy Policy for gilnorton.com
1. Introduction
At gilnorton.com, we are firmly committed to safeguarding the privacy and personal data of our website visitors, customers, and users. We uphold the highest standards of data protection and privacy compliance as required by applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information, ensuring that your rights and freedoms are appropriately respected.
2. Scope of this Policy & Data Controller Role
This Privacy Policy applies to the personal data collected through the website located at gilnorton.com and any related online services operated by us. The data controller responsible for your personal information is GIL NORTON, who determines the purposes and means of processing your personal data. If you have any questions about how your data is handled, you may contact us at [email protected].
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data, depending on your interaction with the website and related services:
– Usage Data: includes information such as your IP address, browser type and version, time zone setting and location, operating system and platform, and other technology on the devices you use to access gilnorton.com, as well as usage metrics like session duration, page interactions, and navigation paths.
– Account Data: includes your name, physical address, email address, phone number, and any other identifiers you provide upon creating an account or making an enquiry.
– Profile Data: includes details about your preferences, historical transactions, behavioral interactions with our content or services, and engagement patterns.
– Communication Data: includes records of correspondence with us, including inquiries submitted via forms or email, messages exchanged with customer support, and any related communications history.
– Technical Data: includes device identifiers, connection information, configuration settings, server logs, and diagnostic data used to maintain performance and stability.
– Transaction Data: includes records of products or services purchased or accessed, payment details (processed securely and not stored by us), billing and shipping addresses, and order fulfillment data.
– Preference Data: includes records of your marketing preferences, opt-in or opt-out requests, consent information, interests in specific products or services, or promotional communications settings.
4. Legal Bases for Processing Personal Data
We rely on one or more of the following lawful bases under the GDPR to process your personal data:
– Consent: where you have explicitly given us permission to process your data for specific purposes, such as receiving newsletters or participating in promotional campaigns.
– Contractual Necessity: where processing is required to meet contractual obligations or take steps at your request prior to entering into a contract (e.g., responding to inquiries, fulfilling purchases).
– Legal Obligation: where we are legally required to process your data to comply with applicable laws and regulations.
– Legitimate Interests: where we use your data in ways that are necessary for our business operations or website functionality, provided that such interests are not overridden by your fundamental rights and freedoms.
5. Your Rights Under Data Protection Laws
Depending on your location and applicable data protection laws, you may have the following rights with respect to the personal data we hold about you:
– Right of Access: to obtain confirmation as to whether your data is being processed, and to request a copy of the personal data we hold about you.
– Right of Rectification: to request correction of inaccurate or incomplete data.
– Right of Erasure: to request deletion of your data, subject to legal and contractual obligations.
– Right to Restrict Processing: to limit the processing of your personal data in certain situations.
– Right to Data Portability: to receive your personal data in a structured, commonly used format for transmission to another controller.
– Right to Object: to object to processing based on legitimate interests or direct marketing purposes.
– Right to Withdraw Consent: where processing is based on consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request in accordance with applicable laws.
6. Security Measures
We implement appropriate technical and organizational security measures to protect your personal data, including:
– Data encryption in transit and at rest;
– Access control protocols and authentication systems;
– Regular security assessments and infrastructure audits;
– Secure data storage and firewall protections;
– Staff training in data protection principles and incident response procedures;
– Disaster recovery and backup protocols.
While no method of electronic transmission or storage guarantees absolute security, we take all reasonable steps to safeguard your data against unauthorized access, disclosure, alteration, or destruction.
7. International Data Transfers
We may transfer personal data to third-party service providers and partners located outside the European Economic Area (EEA) or the United Kingdom, including jurisdictions that may not offer the same level of data protection. Where such transfers occur, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs), data processing agreements, or compliance with regional adequacy decisions to guarantee lawful data transfer and security.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
– Usage Data: retained for up to 12 months for analytics and performance monitoring;
– Account and Profile Data: retained for the duration of your account and up to 6 years thereafter for legal compliance;
– Transaction Data: retained for up to 7 years for tax and accounting obligations;
– Communication Data: retained for 3 years following the resolution of the query;
– Technical Data and logs: retained for up to 12 months;
– Preference Data: retained until revoked or updated by the user.
Upon expiration of the relevant retention period, data is securely deleted or anonymized in accordance with industry standards.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience on gilnorton.com. Cookies serve several functions:
– Essential Cookies: necessary for the proper functioning of the site, including session management, security, and navigation.
– Functional Cookies: enable customization and improved user interface options (e.g., save preferences, language settings).
– Analytics Cookies: help us understand how visitors interact with our site and allow us to measure and improve website performance.
– Performance Cookies: improve loading speeds and responsiveness under varied usage conditions.
We do not use cookies to collect personally identifiable information without your explicit consent.
10. Cookie Management and Compliance
Users have full control over cookie preferences and may adjust them at any time. You can:
– Use the cookie consent banner on our website to accept or decline different categories of cookies;
– Adjust your browser settings to block or delete cookies;
– Revoke cookie consent at any time using the cookie management link available on gilnorton.com.
We honor Do Not Track (DNT) signals and comply with applicable cookie consent frameworks, including those required under the GDPR and CCPA.
11. Protection of Children’s Privacy
We do not knowingly collect or process personal data from children under the age of 13. If we learn that personal information has been collected from a child under 13 without verified parental consent, we will take immediate steps to delete such data. Parents or guardians who believe we may have collected information from a minor may contact us at [email protected].
12. Policy Updates and Notification
We reserve the right to amend this Privacy Policy from time to time to reflect legal, technological, or operational changes. The most current version will be available on gilnorton.com. Material changes will be prominently posted or communicated to you through appropriate channels, and your continued use of the website constitutes agreement to the updated policy.
13. Contact Us
For any questions, concerns, or requests regarding your personal data or this Privacy Policy, please contact us at:
Email: [email protected]
We are fully committed to observing your data protection rights and maintaining compliance with all relevant privacy laws. Please reach out if you have any concerns regarding your privacy or how your information is handled.