Privacy Policy for Hess Field Wiffle Ball

Hessfieldwiffleball.com (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you visit our website and interact with our services. We adhere to the principles set forth by the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), emphasizing transparency, accountability, and individual rights with a privacy-first approach.

1. Commitment to Data Protection and User Privacy

Your privacy is critically important to us. At Hessfieldwiffleball.com, we recognize that personal information belongs to you, and we are custodians entrusted to keep it secure and process it responsibly. We maintain strict safeguards to ensure your data is protected, and we honor your rights concerning personal information.

2. Scope of Policy and Role as Data Controller

This policy applies to all users of the website hessfieldwiffleball.com and any services accessed through it. For the purposes of GDPR and other applicable data protection laws, we operate as the “Data Controller,” determining the means and purposes of processing personal data collected from website users, customers, and subscribers.

3. Categories of Personal Data Processed

We may collect and process the following categories of personal information:

a) Usage Data:
– IP address, browser type and version
– Operating system, referral sources
– Duration of visit, page views, navigation paths
– Logs and session activity on our website

b) Account Data:
– Full name
– Email address
– Phone number
– Billing/shipping address
– Login credentials (where registration is available)

c) Profile Data:
– User preferences and settings
– Purchase or event history
– Behavioral data related to site engagement

d) Communication Data:
– Correspondence with our support team
– Records of inquiries and responses
– Submissions via contact forms or email

e) Technical Data:
– Device types (mobile, desktop, tablet)
– Browser settings, plug-ins, and screen resolution
– IP-based geographic location

f) Transaction Data:
– Payment details (excluding full credit card numbers)
– Purchase history
– Delivery and fulfillment records

g) Preference Data:
– Marketing and communications preferences
– Interests based on browsing or order history

4. Legal Bases for Processing Personal Data

We rely on the following legal bases under GDPR to justify our collection and usage of your personal data:

– Consent: Where you have provided explicit consent (e.g., newsletter sign-up).
– Contractual Obligation: Where processing is necessary to fulfill an agreement (e.g., purchasing event merchandise).
– Legitimate Interests: Including improving website functionality and content relevance, provided such interests are not overridden by your rights.
– Legal Obligation: Where processing is necessary to comply with statutory duties or regulatory requirements.

5. Your Data Rights

You have the following rights in relation to your personal data under GDPR and CCPA, subject to applicable conditions and exceptions:

– Right of Access: Request a copy of personal data we hold about you.
– Right to Rectification: Correct any inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request data deletion where no longer necessary or lawfully processed.
– Right to Restrict Processing: Request limitations on how your data is processed.
– Right to Data Portability: Obtain your data in a structured, commonly used format for transfer to another provider.
– Right to Object: Oppose processing carried out on grounds of legitimate interest or for marketing purposes.
– Right to Non-Discrimination (under CCPA): Exercise privacy rights without being denied service or incurring different pricing.

6. Security Measures

We have implemented comprehensive organizational and technical security procedures to protect your personal data, including but not limited to:

– SSL encryption for data in transit
– Role-based access controls to limit internal data access
– Regular data backups and integrity checks
– Endpoint security and server hardening
– Staff training on data protection best practices

Despite our robust efforts, no method of data transmission over the internet or electronic storage is entirely secure. You acknowledge that you provide data at your own risk.

7. International Transfers

Your data may be stored or processed outside your jurisdiction, including in non-EEA countries. Where such transfers occur, we ensure that lawful mechanisms are in place, including:

– Standard Contractual Clauses (SCCs)
– Binding Corporate Rules (BCRs)
– Valid adequacy decisions endorsed by the European Commission or relevant authority

8. Data Retention Policy

We retain personal data only for as long as necessary to fulfill the purpose it was collected for, including to meet legal, regulatory, tax, accounting, or reporting requirements. The following retention periods apply unless a longer statutory period is required:

– Usage and Technical Data: 12 months
– Account and Transaction Data: 7 years from date of last user interaction
– Communication Records: 36 months
– Preference and Profile Data: Retained until the user withdraws consent or deletes the account

Following the expiration of the retention period, data is securely deleted or anonymized.

9. Cookie Policy

We use cookies and similar tracking technologies to enhance the user experience, analyze performance, and support site functionality. The cookies we employ fall into these categories:

– Essential Cookies: Required for basic website operation (e.g., login sessions, cart functionality).
– Functional Cookies: Remember your choices and enhance personal experience.
– Analytics Cookies: Help us understand how users interact with our site and improve performance.
– Performance Cookies: Monitor and optimize the speed, responsiveness, and design of the site.

Cookies do not typically contain information that personally identifies you, but some data may be linked to a unique profile or IP address.

10. Cookie Management and Compliance with GDPR & CCPA

Visitors to hessfieldwiffleball.com are presented with a choice to accept or reject non-essential cookies. We honor Do Not Track (DNT) signals and provide a cookie consent management tool to allow users to modify or withdraw consent at any time. You may also configure your browser settings to block cookies or alert you when cookies are being set.

11. Children’s Privacy

Our site and services are not directed to, nor do we knowingly collect information from, individuals under the age of 13. If we learn that a child under 13 has submitted personal data without verifiable parental consent, we will take appropriate steps to delete the information promptly. If you believe we may have collected data from a child, please contact us immediately at [email protected].

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as requirements evolve or legal obligations change. Any revisions will be posted on hessfieldwiffleball.com and, if the changes are material, we will notify you via website notice or direct communication where appropriate. Continued use of the website after such changes constitutes acceptance of the revised policy.

13. Contact Information

If you have any questions, privacy-related concerns, or would like to exercise your rights under this policy, please contact us:

Email: [email protected]

We are committed to maintaining your trust by protecting your personal data and ensuring transparency in how we process it. For any data protection inquiries or formal requests related to your rights, feel free to reach out to us using the contact information above.