Privacy Policy
Protecting your personal data and respecting your privacy is fundamental to us at ghrasik.com (“we”, “us”, or “our”). This Privacy Policy explains how we collect, use, store, disclose, and protect your personal information, as well as your rights in accordance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
At ghrasik.com, we are committed to protecting your personal data, handling it with transparency and integrity, and ensuring that your rights are upheld. Whether you are browsing our website, creating an account, or interacting with our services, we strive to maintain the confidentiality, security, and accuracy of your personal information.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through your interaction with the website ghrasik.com, whether as a visitor, customer, or user of our services. We act as the “data controller” under the GDPR, meaning we determine the purposes and means of processing your personal data.
If you have any questions regarding the processing of your data, or wish to exercise your rights, please contact us at [email protected].
3. Categories of Data We Process
We collect and process various types of personal data depending on your interaction with ghrasik.com.
a) Usage Data:
Includes technical data automatically collected from your device: browser type, IP address, session duration, pages visited, referring URLs, date/time stamps, and interactions with the website. This data helps us improve the functionality and user experience of ghrasik.com.
b) Account Data:
Information you provide when registering for an account, making inquiries, or shopping with us, including your name, email address, phone number, and billing/shipping address.
c) Profile Data:
Includes information related to your preferences, past purchases, saved items, shopping behavior, and feedback.
d) Communication Data:
Covers all interactions with our support and customer service teams, including messages, requests, complaints, and any correspondence submitted through email or the website.
e) Technical Data:
Details such as operating system, browser configuration, mobile device identifiers, screen resolution, language settings, and other system specifications for compatibility and optimization purposes.
f) Transaction Data:
Records of payments, order history, invoice details, product fulfillment, and other data essential to completing purchases and providing customer service.
g) Preference Data:
Includes your stated consents and preferences regarding marketing communications, newsletter subscriptions, and areas of product interest.
4. Legal Bases for Processing
Under the GDPR, we rely on several legal bases to process personal data:
– Performance of a contract: To fulfill orders and provide services you request.
– Legitimate interest: To manage our business, improve services, and communicate with users in ways that do not override your privacy rights.
– Compliance with legal obligations: As required by applicable laws or responding to lawful requests.
– Consent: Where we ask your permission for non-essential data processing (e.g., newsletter delivery, non-essential cookies). You may withdraw consent at any time.
Under the CCPA, you have the right to opt out of the sale or sharing of personal information, although we do not sell your personal data to third parties within the meaning of CCPA.
5. Your Rights
Subject to applicable laws, you have the following rights in relation to your personal data:
– Right of Access: Obtain confirmation and a copy of the personal data we hold about you.
– Right to Rectification: Request the correction of incomplete or inaccurate data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data, subject to legal obligations.
– Right to Restriction: Request a temporary or permanent halt to processing of your data.
– Right to Data Portability: Receive a structured, commonly used, and machine-readable version of your personal data or transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right to Lodge a Complaint: File a complaint with a supervisory authority if you believe your rights are breached.
California residents may also have the right to request information about personal data collected and disclosed over the past 12 months, and to request deletion of this data.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement a variety of organizational, technical, and administrative measures designed to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include, but are not limited to:
– End-to-end encryption of sensitive data
– Role-based access controls and user authentication
– Regular system backups and secure hosting infrastructure
– Internal policies and staff training on data protection and privacy compliance
While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet is 100% secure.
7. International Transfers
Your personal data may be processed or stored in jurisdictions outside of your country of residence, including regions not recognized by the European Commission or other regulators as providing adequate data protection. In such cases, we use appropriate safeguards such as Standard Contractual Clauses or rely on other legally recognized mechanisms to ensure the security of your data.
8. Data Retention
We retain your personal data only as long as required for the purposes for which it was collected or as necessary to comply with applicable legal obligations.
Data retention examples include:
– Account and Transaction Data: Up to 7 years for tax and business recordkeeping
– Communication Data: Up to 3 years to track and improve support
– Profile and Preference Data: Until you delete your account or withdraw consent
– Usage and Technical Data: Pseudonymized or anonymized and retained for analytics up to 2 years
9. Cookie Policy
We use cookies and similar technologies on ghrasik.com to enhance the website’s performance, personalize content, and analyze user behavior.
Cookies types include:
– Essential Cookies: Necessary for website functionality (e.g., login, shopping cart)
– Functional Cookies: Remember your preferences and enhance usability
– Analytics Cookies: Collect statistical usage information to improve the site
– Performance Cookies: Monitor website performance and detect errors
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we provide mechanisms to manage your cookie preferences, including:
– Consent banners and cookie settings when you first visit the site
– The ability to opt out of non-essential cookies
– Honoring browser signals (e.g., “Do Not Track” and Global Privacy Control settings)
– Providing an accessible Cookie Preferences tool at the footer of ghrasik.com
You may also modify your browser settings to control cookies manually.
11. Special Protections for Children
ghrasik.com is not intended for children under the age of 13, and we do not knowingly collect personal data from minors without verifiable parental consent. If we become aware of such collection, we will take steps to delete the data promptly and comply with all relevant legal obligations under the Children’s Online Privacy Protection Act (COPPA) and similar laws.
12. Updates to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time, in accordance with legal, operational, or organizational changes. You will be informed of material changes through clear notifications on ghrasik.com or via other appropriate communication channels. We encourage you to review this policy periodically.
13. Contact Us
If you have questions about this Privacy Policy or our data handling practices, or if you would like to exercise your rights, please contact our Privacy Team at:
Email: [email protected]
We are fully committed to GDPR, CCPA, and global best practices in data protection. Thank you for trusting ghrasik.com with your information.