Privacy Policy for The Narwhals Music

1. Introduction

At The Narwhals Music, accessible via thenarwhalsmusic.com, we are fully committed to safeguarding your personal data and upholding your privacy rights. We recognize the fundamental importance of privacy and maintain a rigorous approach to ensure data protection in accordance with applicable data privacy regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy has been designed to provide transparency about how we collect, use, disclose, store, and protect your personal information.

2. Scope of the Policy and Data Controller

This Privacy Policy applies to personal data collected or processed through our website, thenarwhalsmusic.com, and related services. The Narwhals Music acts as the data controller for the purposes of the GDPR and as a “business” as defined under the CCPA in relation to the personal information we collect. This policy governs visitors, users, customers, and any individuals who interact with our services.

If you have any questions regarding your data or this policy, please direct your inquiries to: [email protected].

3. Categories of Data Processed

We may collect and process the following categories of personal data:

a. Usage Data
Includes information about how you use our website, such as IP address, browser type and version, pages visited, browsing time, time zone setting, and other diagnostic data related to user interactions and device activity.

b. Account Data
Information provided when creating an account or purchasing from us, including your name, email address, billing address, telephone number, and user credentials.

c. Profile Data
Preferences, interests, user-generated content, feedback, order history, behavior on the site, and engagement with our communications.

d. Communication Data
Records of correspondence between you and The Narwhals Music, including customer support interactions, contact form submissions, and any other communications initiated via thenarwhalsmusic.com.

e. Technical Data
Details about the device you use to access our services, such as your operating system, mobile device identifiers, browser plugins, language preferences, screen resolution, and system configurations.

f. Transaction Data
Payment details (processed through secure third-party providers), purchase records, shipping information, and invoice data.

g. Preference Data
Information related to your choices on marketing communications, newsletter subscriptions, event invitations, and product interests.

4. Legal Bases for Data Processing

We process personal data under the following lawful bases as established under the GDPR:

– Contractual Necessity: To fulfill a contract with you, such as completing transactions or providing services.
– Legitimate Interests: To improve and secure our services, prevent fraud, and interact effectively with users.
– Consent: Where explicit consent is required for marketing communications, newsletters, or non-essential cookies.
– Legal Obligation: Where processing is necessary to comply with a legal requirement.
– Public Interest: Where applicable, for reasons of substantial public interest as defined in law.

Under the CCPA, we ensure that personal data collection is directly related to the purpose for which it is collected and used solely within the parameters disclosed herein.

5. Your Data Subject Rights

If you are a resident of the European Economic Area (EEA) or California, you are entitled to the following rights under applicable data protection laws:

– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, subject to lawful retention requirements.
– Right to Restriction: You may restrict the processing of your data under certain circumstances.
– Right to Data Portability: You have the right to request a machine-readable copy of your data for transfer to another service provider.
– Right to Object: You may object to processing carried out on the basis of legitimate interests.
– Right to Opt-Out (CCPA): You have the right to request that we do not sell your personal information.
– Right Against Discrimination: We do not discriminate against users for exercising their rights.

To exercise your rights, please email us at [email protected]. We will respond in accordance with applicable law.

6. Security Measures

We employ comprehensive security protocols to protect your personal data from unauthorized access, disclosure, and misuse, including but not limited to:

– SSL/TLS encryption for data transmission
– Role-based access control systems
– Secure servers with firewall protection
– Regular vulnerability assessments and penetration testing
– Employee training on data protection and confidentiality
– Routine data backups and secure data storage protocols

Although we implement standard security precautions, no method of online transmission or storage is guaranteed to be 100% secure.

7. International Data Transfers

We may process data on servers located outside your country, including transfers to the United States and other countries with differing data protection laws. In such cases, we use appropriate legal safeguards, including:

– Standard Contractual Clauses approved by the European Commission
– Binding Corporate Rules or other mechanisms ensuring adequate protection
– Compliance with regional data residency laws where applicable

By using our services, you consent to the transfer and processing of your information in accordance with this policy.

8. Data Retention

We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected, including:

– Account Data: For the life of the account and 2 years post-deletion
– Transaction Data: Retained for 7 years for accounting compliance
– Communication Data: Retained for 3 years for service inquiry history
– Usage, Technical, and Profile Data: Retained for 2 years for analytics and security
– Preference and Consent Records: Retained indefinitely or until consent is withdrawn

Upon expiration of retention periods, data will be securely deleted or anonymized.

9. Cookie Policy

We use cookies and similar tracking technologies for various purposes:

a. Essential Cookies
Required for site functionality, authentication, and secure user sessions.

b. Functional Cookies
Used to remember your settings and enhance usability (e.g., language selection, persistent login).

c. Performance and Analytics Cookies
Provide statistical data to help us improve site performance and understand user interactions using services such as Google Analytics.

d. Marketing Cookies
Used to deliver personalized advertisements and to track ad campaign effectiveness.

10. Cookie Management and Compliance

Upon first visit to thenarwhalsmusic.com, you will be presented with a cookie banner allowing you to accept or customize your preferences in accordance with GDPR and CCPA guidelines.

– Users may withdraw consent or manage settings via the “Cookie Settings” link available on our website footer.
– You may also manage or block cookies directly in your browser settings, although doing so may impact the availability and functionality of the website.

11. Special Protection for Children

The Narwhals Music does not knowingly collect or process personal data from children under the age of 13. If you believe a child under 13 has provided personal information through thenarwhalsmusic.com, please contact us immediately at [email protected], and we will take prompt action to delete such information.

12. Policy Updates and Notification

We reserve the right to amend this Privacy Policy as necessary to remain compliant with legal, technological, and operational developments. When substantive changes are made, we will notify users on our website or through direct communication where appropriate. Continued use of thenarwhalsmusic.com following such updates constitutes your acceptance of the revised policy.

13. Contact Information

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact us:

Email: [email protected]

Your privacy and trust are our priority. We welcome your inquiries and will endeavor to address your privacy concerns promptly and respectfully.

We are committed to full compliance with applicable privacy laws, including GDPR and CCPA. For all matters related to your data, please reach out to us at [email protected].