Privacy Policy for thenoiralbum.com

1. Introduction

At thenoiralbum.com, we are committed to safeguarding your personal data and protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and protect information through your use of our website. We adhere strictly to principles outlined in the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other applicable data protection laws. Our goal is to ensure transparency and grant users meaningful control over their personal information.

2. Scope of Policy and Role of Data Controller

This Privacy Policy applies to all users who access or interact with thenoiralbum.com (hereafter referred to as “the Website”). The data controller responsible for the processing of your personal information under this policy is The Noir Album, accessible at [email protected]. This includes overseeing compliance with relevant laws, managing user data, and responding to data subject requests.

3. Categories of Data Processed

Depending on your interaction with the Website, we may process the following categories of personal data:

a. Usage Data
Information automatically collected about your interactions with the Website such as IP address, browser type, language preferences, referring URLs, pages visited, and the date and time of each session.

b. Account Data
Information you provide when creating an account or making a purchase, including your full name, billing and shipping address, email address, and telephone number.

c. Profile Data
Data associated with your user profile, including preferences, purchase history, browsing behavior, product interests, and feedback.

d. Communication Data
Contents of correspondence sent to us through customer support forms, email inquiries, or social media, as well as related metadata such as timestamps and message history.

e. Technical Data
Information about the device you use to access the Website, including hardware model, operating system, device identifiers (such as UUIDs), screen resolution, and browser configurations.

f. Transaction Data
Data related to purchases and payments made through the Website, such as payment card details (processed through secure third-party providers), purchase history, shipping data, and order confirmations.

g. Preference Data
Marketing and communication preferences you provide, including opt-ins for newsletters, event invites, or promotional content and data inferred from your site interactions.

4. Legal Bases for Processing

We process your personal data on the following legal grounds:

– Consent: For data processing requiring your explicit permission, such as marketing email subscriptions or use of analytics cookies.
– Contractual Necessity: When processing is required to fulfill an order, provide our services, or respond to a user-initiated request.
– Legitimate Interests: For internal analytics, website improvement, fraud prevention, and customer support, provided such interests are not overridden by your fundamental rights and freedoms.
– Legal Obligation: Where applicable, to comply with legal or regulatory requirements, such as maintaining accurate financial records.

5. Your Rights

Under GDPR, CCPA, and other applicable data protection laws, you may exercise the following rights in relation to your personal information:

– Right of Access: Obtain confirmation as to whether your data is being processed and request a copy.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your data when it is no longer necessary or if you withdraw consent.
– Right to Restriction of Processing: Request a temporary halt on processing of your data under specific circumstances.
– Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller, where technically feasible.

To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement robust technical and organizational measures to ensure the security of your personal data. This includes the use of encryption (for data in transit and at rest), strict access control protocols, secure data storage, regular system audits, multi-factor authentication, firewalls, and secure backups. Our staff receives regular privacy and security training, and any third-party vendors are contractually obligated to follow equivalent security practices.

7. International Transfers

When transferring your data outside of the European Economic Area (EEA) or other jurisdictions with specific data transfer regulations, we rely on legitimate transfer mechanisms such as Standard Contractual Clauses (SCCs) approved by the European Commission. This ensures an adequate level of protection for the transferred data in line with data protection regulations.

8. Data Retention

We retain personal data only as long as necessary for the purposes set out in this Privacy Policy or as required by applicable laws:

– Usage Data: Retained for up to 12 months for analytics and system optimization.
– Account Data: Retained until the account is deleted, or required by law (e.g., for tax or audit purposes, typically 7 years).
– Profile and Preference Data: Retained for 24 months after last user interaction.
– Transaction and Communication Data: Retained for 7 years for contract fulfillment and legal compliance.
– Technical Data: Retained for 12 months for system diagnostics and fraud prevention.

Upon expiration of these periods, data is securely deleted or anonymized.

9. Cookie Policy

We use cookies and similar technologies to enhance user experience and obtain analytical insights. Cookies fall into the following categories:

– Essential Cookies: Required for core functions such as navigation and user authentication.
– Functional Cookies: Enable enhanced functionality, such as remembering preferences or saved settings.
– Analytics Cookies: Collect aggregate data on Website usage and performance metrics (e.g., Google Analytics).
– Performance Cookies: Optimize load times, responsiveness, and error management.

Cookies may be placed by us or third-party service providers.

10. Cookie Management and Compliance

Upon first visit, you are presented with a cookie consent banner offering options to accept, reject, or customize preferences. You may update your cookie preferences at any time through our Cookie Settings panel. In accordance with GDPR and CCPA, we only activate non-essential cookies after obtaining clear and affirmative consent.

Additionally, California residents have the right to request details on cookies used, opt-out mechanisms, and whether their personal information is sold or shared. We do not sell personal data.

11. Special Protections for Children

thenoiralbum.com is not intended for, nor do we knowingly collect personal data from, children under the age of 13. If we become aware that a child under 13 has provided us with personal data, we will promptly delete such information. Parents or guardians who become aware that their child has submitted personal data should contact us at [email protected].

12. Policy Updates

We reserve the right to modify this Privacy Policy from time to time in response to legal, technical, or business developments. Where such changes materially affect your rights or obligations, we will notify you via appropriate means, such as posting an update prominently on the Website or contacting you via email if required.

13. Contact

If you have any questions, concerns, or complaints regarding this Privacy Policy, or if you wish to exercise your rights under data protection laws, please contact us at:

Email: [email protected]

We are committed to handling your inquiry promptly and resolving any concerns regarding your personal data.

thenoiralbum.com operates in full compliance with applicable privacy and data protection laws. We welcome your questions and feedback as part of our ongoing commitment to your digital privacy.