Privacy Policy
1. Introduction
Centro Collective (“we,” “us,” or “our”) is fully committed to protecting the privacy and personal data of our users, customers, and visitors. We recognize the importance of safeguarding personal information and adhere to the highest standards of privacy and data protection, in accordance with the European General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. This Privacy Policy explains how we collect, use, disclose, and protect your information when you visit centrocollective.com (the “Website”).
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all users of centrocollective.com and outlines how we, as the data controller, manage and process personal information obtained through your use of the Website, our services, any online interactions, or communications with us. By accessing or using our Website, you agree to the practices described herein. If you do not agree with the content of this Privacy Policy, please refrain from using the Website.
3. Categories of Data Processed
We collect and process the following categories of personal information:
a) Usage Data: Information about how you use the Website, including browser type, IP address, pages visited, session duration, referring URLs, and other diagnostic data.
b) Account Data: Personal identifiers you provide when creating an account or placing an order, such as your full name, email address, phone number, and billing or shipping address.
c) Profile Data: Information relating to user behavior, preferences, wish lists, purchase history, interests, and account activity that help us understand your interaction with our products and services.
d) Communication Data: Records and content of communications with us, including contact form submissions, customer support interactions, queries, and service-related correspondence.
e) Technical Data: Device information such as operating system, browser settings, screen resolution, time zone, language preferences, and other system configurations.
f) Transaction Data: Details about payments, transaction history, delivery information, order confirmations, and refunds.
g) Preference Data: Marketing preferences, opt-in or opt-out status for communications, product or service interests expressed through the Website, and cookie consent choices.
4. Legal Bases for Processing Personal Data
We rely on the following lawful bases to process your personal data:
– Consent: Where mandated, such as for direct marketing communications or tracking cookies.
– Performance of a Contract: To provide goods or services you purchase or request.
– Legal Obligation: To comply with applicable laws and regulatory requirements.
– Legitimate Interest: To improve our services, strengthen cybersecurity, prevent fraud, and communicate with you regarding our offerings, where our interests are not overridden by your data protection rights.
5. Your Rights
Under GDPR and CCPA, you have the following rights in relation to your personal data:
– Right of Access: You may request information about the personal data we hold about you and obtain a copy.
– Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your personal data, subject to certain legal or contractual exceptions.
– Right to Restriction: You have the right to limit the way we process your data under certain circumstances.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, and machine-readable format.
– Right to Object: In specific contexts, such as direct marketing, you may object to our data processing.
– Right to Withdraw Consent: Where we rely on your consent, you may withdraw this at any time.
– Right Not to Be Discriminated Against: For California residents, exercising your privacy rights will not result in discriminatory treatment.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement strict technical and organizational security measures to protect your personal data, including:
– Industry-standard encryption for data transmission and storage
– Controlled access to systems and data, with role-based authority
– Regular system monitoring and intrusion detection
– Secure backups to prevent data loss
– Employee training on data protection responsibilities and privacy awareness
Despite our best efforts, no method of transmission over the internet or electronic storage is completely secure. We continuously evaluate and revise our security practices to adapt to emerging risks.
7. International Data Transfers
We may transfer personal data to our partners, service providers, or data processors located outside of your country of residence, including to countries that may not provide the same level of data protection. In such cases, we implement appropriate safeguards including Standard Contractual Clauses approved by the European Commission or similar mechanisms recognized under applicable law to ensure adequate data protection during international transfers.
8. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this Privacy Policy, including satisfying legal, accounting, or reporting obligations. Retention periods include:
– Account Data: Retained for the duration of the user relationship and up to five years after closure unless otherwise legally required.
– Transaction Data: Stored for a minimum of seven years for accounting and compliance purposes.
– Communication Data: Retained for up to three years following your last interaction with us.
– Marketing Preferences: Stored until you opt out or withdraw consent.
– Analytics and Usage Data: Kept for no longer than two years from collection.
We periodically review our records to ensure data is not held longer than necessary.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experiences and analyze Website usage. The categories of cookies we use include:
– Essential Cookies: Necessary for the operation and basic functionalities of centrocollective.com, such as shopping cart management and secure login.
– Functional Cookies: Enable personalization, such as saved preferences and language settings.
– Analytical Cookies: Help us understand how visitors interact with our Website, including Google Analytics.
– Performance Cookies: Improve site performance and loading times, ensuring a smoother browsing experience.
10. Cookie Management and Compliance
Upon first visit to centrocollective.com, you will be presented with a cookie banner to manage your preferences and consent in accordance with GDPR and CCPA.
You may adjust your cookie preferences at any time using the cookie settings link in the Website footer or by configuring your browser settings. Note that disabling certain cookies may affect functionality and experience.
We honor Do Not Track signals and provide opt-out mechanisms for California residents, including a “Do Not Sell My Personal Information” link where applicable.
11. Protection of Children’s Privacy
Centro Collective does not knowingly collect, solicit, or process personal data from children under the age of 13. If we become aware that data has been collected from a child under 13 without verified parental consent, we will immediately delete it. If you believe that we may have collected personal data from a child under 13, please contact us at [email protected].
12. Policy Updates and Notifications
We may modify this Privacy Policy to reflect changes in applicable law, technology, or our data practices. Changes will be effective once posted on the Website. Substantial updates will be communicated through appropriate channels, which may include a prominent notice on centrocollective.com or direct communication by email where feasible.
We encourage you to periodically review this Privacy Policy to remain informed about how we protect your personal information.
13. Contact Us
If you have any questions, concerns, or requests about this Privacy Policy or how your personal data is processed, you may contact us at:
Email: [email protected]
We are committed to privacy, accountability, and transparency in our data practices. Your personal data will always be handled responsibly and in compliance with applicable regulations. Please contact us with any privacy concerns or requests regarding your personal information.