Privacy Policy for Togepathetic.com
1. Introduction
At Togepathetic (“we,” “us,” “our”), accessible via togepathetic.com, we are firmly committed to safeguarding your personal data and upholding your rights to privacy and data protection. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in accordance with applicable data protection laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
We believe in transparency, security, and accountability. As such, we only process your data for legitimate purposes and in compliance with all legal standards. This policy is designed to inform you about your rights and our responsibilities in collecting and processing personal data via our website, togepathetic.com.
2. Scope and Data Controller Responsibility
This Privacy Policy applies to all users and visitors of togepathetic.com and any related services offered through the site. It encompasses data collected via your interactions with the website, account registrations, support communications, and any transactions made.
Togepathetic acts as the “Data Controller” as defined under the GDPR and as a “Business” under the CCPA with respect to the personal data collected and processed through our website and services. If you have any questions about this policy or our data practices, please contact us at [email protected].
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
a. Usage Data: Information automatically collected when you visit our site, including IP address, browser type and version, time zone, time and date of visit, pages viewed, session identifiers, referral URLs, and site interaction metrics (such as clicks, scrolls, or search queries).
b. Account Data: Information you provide during registration or when updating your profile or preferences, such as your full name, address, email address, and phone number.
c. Profile Data: Data associated with your behavior and preferences on our website, including purchase history, product interests, service usage, and engagement patterns.
d. Communication Data: Information contained in any inquiries, support requests, emails, or other communications sent to us, including your email address and communication history.
e. Technical Data: Information regarding your device and system, such as device model, operating system, application versions, screen resolution, and network type.
f. Transaction Data: Data related to purchase activities, including transaction details, billing and shipping addresses, and payment confirmation data.
g. Preference Data: Information regarding your chosen marketing preferences, consents provided for promotional communications, and declarations relating to interest in certain products or services.
4. Legal Bases for Processing
In compliance with the GDPR, all personal data we collect is processed under one or more of the following legal bases:
– Contractual Necessity: Where the data is necessary to fulfill a contract with you or to take steps at your request before entering into a contract.
– Legitimate Interest: For purposes that are necessary for our legitimate business interests, provided they do not override your interests or fundamental rights.
– Legal Obligation: Where processing is required by applicable laws or regulatory requirements.
– Consent: Where you have provided clear permission for us to process your personal data for specific purposes, such as receiving marketing emails.
Under the CCPA, we do not sell personal data and only use it for disclosed business purposes.
5. Your Rights
Subject to applicable law, you have the following rights concerning your personal data:
– The right to Access: You may request confirmation of what personal data we hold and obtain a copy.
– The right to Rectification: You may request correction of inaccurate or incomplete personal data.
– The right to Erasure (“right to be forgotten”): You may request deletion of your personal data in certain circumstances.
– The right to Restrict Processing: You may request that we limit processing of your personal data.
– The right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
– The right to Object: Where data is processed based on legitimate interest or consent, you may object to such processing.
To exercise any of these rights, please contact us at [email protected].
California residents have additional rights under the CCPA, including:
– The right to know what categories and specific pieces of data we collect, use, and disclose.
– The right to request deletion of your personal data.
– The right to non-discrimination for exercising CCPA rights.
6. Security Measures
We employ a range of appropriate technical and organizational measures to secure your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Our safeguards include:
– Industry-standard encryption protocols for data transmission and storage.
– Access controls with role-based privileges limiting internal access.
– Regular data backups and secure storage solutions.
– Internal policies on data access and staff training on privacy and security best practices.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your jurisdiction. Where such transfers occur, particularly to countries outside the European Economic Area (EEA), we ensure appropriate safeguards are implemented, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission, to uphold your data protection rights.
For users in the United States and other regions, we ensure that data recipients operate according to equivalent levels of data protection as required by your local laws.
8. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specific retention periods include:
– Account Data: retained while your account is active and for 6 years after closure for legal and auditing purposes.
– Transaction Data: retained for 7 years to comply with taxation and legal obligations.
– Communication Data: retained for 2 years unless required longer for support reference or legal reasons.
– Usage and Technical Data: retained for up to 14 months for analytics and service improvement.
After expiration of these periods, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies on our website for various purposes:
– Essential Cookies: Necessary for website functionality (e.g., navigation, login, checkout).
– Functional Cookies: Remember user preferences and settings.
– Analytics Cookies: Collect usage metrics to improve website performance and user experience.
– Performance Cookies: Enable optimization of website performance by tracking load times, responsiveness, and user interactions.
These cookies do not store personally identifiable information, unless you have provided such details through forms on our site.
10. Cookie Management and GDPR/CCPA Compliance
Upon your first visit to togepathetic.com, you are presented with a cookie consent banner. You may configure your cookie preferences at any time via our cookie settings tool accessible on the website.
Under the GDPR, you have the right to withdraw consent at any time. Under the CCPA, you have the right to opt-out of the sharing of certain tracking technologies. We honor user preferences and implement consent mechanisms accordingly.
11. Children’s Privacy
Our services are not directed to children under 13 years of age, and we do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 13, we will promptly take steps to delete such information. Parents or guardians who believe their child’s data has been collected may contact us at [email protected].
12. Policy Updates
We may periodically update this Privacy Policy to reflect changes in laws, regulations, or changes in our services and practices. Updates will be posted on togepathetic.com with a clear indication of the updated policy. Users are encouraged to review the policy regularly. When required by applicable law, we will notify you or obtain your consent for material changes to this policy.
13. Contact
For questions, concerns, or requests related to this Privacy Policy, including exercising any of your legal rights, please contact us at:
Email: [email protected]
We are committed to upholding the highest standards of data protection and privacy. Your trust is important to us, and we welcome your feedback and questions regarding how we handle your personal data.