Privacy Policy for callaomontreal.com
At Callao Montreal (“we”, “us”, or “our”), accessible via callaomontreal.com (the “Website”), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and reflects our dedication to privacy-first data practices.
1. Our Commitment to Your Privacy
We value your trust and are dedicated to ensuring that your personal information is handled with the highest level of care and transparency. We recognize the fundamental rights of individuals with regard to their personal data and implement robust safeguards to protect it whether you are visiting our Website or interacting with us in other ways.
2. Scope and Data Controller
This Privacy Policy applies to all visitors, users, and others accessing callaomontreal.com and its subdomains or services (collectively, the “Services”). Callao Montreal is the data controller responsible for the processing of your personal data as described herein. For any queries related to privacy, you can contact us at [email protected].
3. Categories of Data We Process
We collect and process a range of personal data to operate our services effectively and to comply with legal obligations. These categories include:
a) Usage Data
Information collected automatically through your interaction with the Website, such as IP address, browser type and version, time zone setting, browser plug-in types, operating system and platform, as well as details about your visit including URL clickstreams, page views, page response times, and session durations.
b) Account Data
When you create an account or place an order, we may collect your full name, email address, billing and shipping addresses, and phone number.
c) Profile Data
Details on your preferences, past purchases, browsing behavior, favorite products, loyalty status, and other settings associated with your user profile.
d) Communication Data
Records of correspondence with us via support requests, contact forms, customer service chats, or promotional campaigns, including the content, method, and timing of communications.
e) Technical Data
Device identification data such as device type, system configuration, operating system, web beacons, JavaScript, and system diagnostics, including error reports.
f) Transaction Data
Data related to your transactions with us including payment information, transaction order history, invoice and delivery details, and purchase verification.
g) Preference Data
Information about your preferences for receiving marketing from us, your communication choices, interest categories, and your interactions with our promotional content.
4. Legal Bases for Processing Personal Data
We process your personal data under the following legal foundations, as required by the GDPR:
– Consent: Where you have expressly consented to data processing (e.g. for marketing emails).
– Contractual Necessity: When processing is necessary to enter into or perform a contract (e.g. fulfilling product orders).
– Legal Obligation: Where processing is required for compliance with applicable laws such as tax or accounting obligations.
– Legitimate Interest: Where it is necessary for our legitimate business interests and not overridden by your rights and interests (e.g. fraud prevention, Website analytics, service improvements).
5. Your Rights Under GDPR and CCPA
As a data subject, you are entitled to exercise the following rights at any time:
– Right to Access: Obtain a copy of your personal data that we hold.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data under certain conditions.
– Right to Restrict Processing: Request limits on the processing of your data.
– Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests or to direct marketing.
– Right to Non-Discrimination (under CCPA): You will not be discriminated against for exercising your data rights.
To exercise any of your rights, contact us at [email protected].
6. Security Measures
We have implemented stringent technical and organizational measures to secure your data against unauthorized access, loss, alteration, or destruction. These include:
– End-to-end encryption for sensitive transmissions.
– Multi-layered firewalls and intrusion detection software.
– Role-based access controls and internal data governance policies.
– Routine security audits and penetration tests.
– Staff training on privacy awareness and data protection standards.
– Regular data backups maintained in secure environments.
7. International Transfers
Where your personal data is transferred outside the European Economic Area (EEA) or other jurisdictions with data protection requirements, we take all necessary steps to ensure it is adequately protected. These include:
– Standard Contractual Clauses approved by the European Commission.
– Adequacy decisions for countries deemed to provide a suitable level of protection.
– Additional contractual and organizational safeguards to ensure compliance with regional data laws.
8. Data Retention
We retain different categories of data for varying periods according to lawful business needs, legal obligations, and compliance with record-keeping policies. Typical periods include:
– Account Data: Retained as long as you maintain a user account with us and for up to 6 years thereafter for legal or administrative purposes.
– Transaction and Communication Data: Typically kept for 7 years for taxation and accounting purposes.
– Technical and Usage Data: May be stored for up to 2 years to support performance optimization and analytics initiatives.
– Preference and Marketing Data: Retained until you withdraw consent or for a maximum of 24 months of inactivity.
9. Cookie Policy
We use cookies and similar tracking technologies to deliver and enhance our Services. Categories of cookies include:
– Essential Cookies: Required for the operation of the Website (e.g., user authentication, shopping cart).
– Functional Cookies: Enhance user experience (e.g., language preferences, saved settings).
– Analytics Cookies: Collect anonymous data on user behavior to evaluate Website performance.
– Performance Cookies: Help us identify errors and optimize content delivery speeds.
10. Cookie Management and Rights
Where required, we request explicit consent before setting non-essential cookies. You may manage your cookie preferences via our cookie banner or your browser settings. Cookie preferences may be changed at any time, and you may also opt out of third-party analytics tools. We honor “Do Not Track” and other global privacy control signals to the extent required by law.
11. Children’s Privacy
Our services are not directed toward children under 13 years of age. We do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected such data, we will delete it promptly. Parents or legal guardians who believe that a child under 13 may have provided us with personal data may contact us at [email protected].
12. Policy Updates
In keeping with evolving privacy regulations and best practices, we reserve the right to update this Privacy Policy periodically. Updates will be made without retroactive effect and, where required, we will notify you through appropriate channels, such as prominent notices on the Website or direct communication if applicable.
13. Contact Us
If you have any concerns, questions, or wish to exercise your privacy rights, please contact us via:
Email: [email protected]
We are committed to full compliance with applicable data protection laws and are here to assist you with protecting your personal information.