Privacy Policy for chagaisland.com
1. Introduction
At Chaga Island (accessible via chagaisland.com), we are firmly committed to upholding your privacy and protecting the personal data you entrust to us. We operate our website and online services with a privacy-first approach, in adherence to global data protection standards, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, store, disclose, and protect your information as part of our operations.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users who access and use chagaisland.com and its associated services, including when you browse our site, interact with features, or make purchases. For the purpose of applicable data protection legislation, Chaga Island assumes the role of “Data Controller,” which means we determine the purposes and manner in which your personal data are processed.
If you have any inquiries regarding your data, rights, or this Policy, you may contact us at: [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal information, depending on your interaction with our website:
a. Usage Data
Includes data about your activity on chagaisland.com such as your IP address, browser type, time zone settings, language preferences, pages viewed, session duration, and referring URLs.
b. Account Data
When you create an account or make a purchase, we collect personal identifiers including your full name, billing and shipping addresses, email address, and phone number.
c. Profile Data
We compile data related to your preferences, order history, wishlists, and behavioral trends on chagaisland.com for a more customized experience.
d. Communication Data
Records of correspondence, support queries, emails, chat logs, and any other interactions between you and our customer experience team.
e. Technical Data
Information about the devices you use to interact with our website, including operating system, device model, hardware identifiers, browser type, and system configurations.
f. Transaction Data
Includes payment details (processed through secure third-party gateways), transaction amounts, order confirmations, invoice records, shipping details, and delivery status.
g. Preference Data
Marketing and communication preferences, product and service interests, and opt-in or opt-out choices regarding promotional content.
4. Legal Bases for Processing Your Data
We process your personal data under the following lawful bases, as applicable:
– Consent: Where you have expressly granted permission for specific data uses (e.g., subscribing to newsletters).
– Contractual Necessity: Where data processing is required to fulfill a contract with you—for example, completing a product purchase.
– Legal Obligation: Where processing is required to meet legal and regulatory requirements.
– Legitimate Interests: Where processing furthers our legitimate interests in providing high-quality, secure services, except where such interests are overridden by your data protection rights.
5. Your Data Protection Rights
Under GDPR and CCPA, you have the following rights in relation to your personal data:
– Right of Access: Obtain confirmation of whether we process your data and, if so, access a copy of that data.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, subject to certain conditions.
– Right to Restriction: Request temporary suspension of data processing activities under certain jurisdictions.
– Right to Data Portability: Receive a structured, commonly used, and machine-readable copy of your data and transmit it to another controller where technically feasible.
– Additional Rights under CCPA: Including rights to know what categories of information are collected and disclosed, to prevent sale of personal data, and non-discrimination when exercising privacy rights.
To exercise any of these rights, contact us at [email protected]. We will respond in a timely and lawful manner.
6. Security Measures
We implement robust security measures to safeguard your data, including:
– TLS encryption of communications and sensitive data
– Access controls and authentication procedures to limit internal data access
– Regular system and vulnerability assessments
– Redundant and encrypted data backups
– Training programs for staff handling personal data
These measures are subject to continuous review as part of our commitment to secure data processing standards.
7. International Transfers
Given the global nature of digital services, your personal data may be processed outside your country of residence. Where such transfers occur, we ensure adequate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or compliance frameworks applicable under the CCPA. We also verify that recipient jurisdictions provide equivalent levels of data protection.
8. Data Retention
Your data will be stored only as long as necessary to fulfill the purposes outlined in this Policy and comply with applicable laws. Retention periods may vary depending on the category of data:
– Account and Transaction Data: Kept for up to 7 years for tax and contractual purposes
– Communication Data: Retained for up to 2 years, unless legal obligations require longer
– Technical and Usage Data: Retained for up to 12 months for analytics and system integrity checks
– Marketing Preference Data: Maintained until consent is withdrawn or data is deemed obsolete
Once retention periods expire, data is securely deleted or anonymized.
9. Cookie Policy
chagaisland.com uses cookies and similar technologies to enhance your digital experience. Cookies are small text files placed on your device, which serve important functions such as recognizing returning visitors and supporting essential site functionality.
We use the following types of cookies:
– Essential Cookies: Required for operating chagaisland.com (e.g., cart and login functionality).
– Functional Cookies: Improve user experience by remembering selected preferences.
– Analytics Cookies: Help us understand how users engage with the website and inform design choices.
– Performance Cookies: Track performance metrics such as page load times and responsiveness.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we offer transparent cookie choice management. Upon your first visit to chagaisland.com, you will be presented with a cookie consent banner allowing you to:
– Accept all cookies
– Reject non-essential cookies
– Customize cookie settings
You can modify your preferences at any time via our Cookie Settings link, usually located at the bottom of our website. Most browsers also allow you to disable cookies through their settings interfaces.
11. Children’s Privacy
We do not knowingly collect, solicit, or process personal data from individuals under the age of 13. If we learn that we have inadvertently gathered data from a child without verifiable parental consent, we will act promptly to delete such data. If you believe that a child under 13 has provided us personal information, please contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to revise this Privacy Policy as necessary to reflect changes in law, technology, or our business practices. Any material changes will be clearly communicated to users through the website or by direct communication when appropriate. Continued use of our services following updates constitutes acceptance of the revised terms.
13. Contacting Us
If you have questions, concerns, or would like to exercise your privacy rights, please contact our Data Protection Team at:
We take every privacy inquiry seriously and commit to resolving your concerns respectfully and lawfully.
—
This Privacy Policy reflects our compliance with GDPR, CCPA, and applicable privacy laws. Your trust is core to our mission, and we invite you to contact us at any time at [email protected] with any questions or feedback regarding this Policy or our data practices.