Privacy Policy for lews-castle.com
1. Introduction
At lews-castle.com (“we”, “us”, “our”), we are firmly committed to safeguarding your privacy and the protection of your personal data. As a values-led organization, we recognize and uphold the right to privacy as a fundamental human right. This Privacy Policy outlines how we collect, use, store, share, and protect your information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of This Policy and the Role of Data Controller
This Privacy Policy applies to all personal data processed through your use of the website located at lews-castle.com, including any associated mobile or desktop versions, platforms, services, or products offered. In accordance with applicable data protection laws, Lews Castle acts as the data controller in relation to the personal data collected and processed through this website. As the data controller, we determine the purposes and means of the processing of your personal data.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a) Usage Data
Information automatically collected during your interaction with our website, including browser type, IP address, referring URLs, pages visited, date and time of access, session duration, and other diagnostic data helpful for analytics and service improvement.
b) Account Data
Information you provide by creating an account on our website, such as your full name, mailing address, email address, telephone number, and any other identifying information.
c) Profile Data
Information related to your preferences, past purchases, browsing behavior on our site, and online activity tailored to help us understand your interests and customize services accordingly.
d) Communication Data
Records of your communications with us, including support inquiries, emails, feedback submissions, chat interactions, or contact form messages. This may include your email address, name, IP address, and any messages exchanged.
e) Technical Data
Technical information regarding the device and system configuration you use to access our website, including device ID, operating system, browser type and version, screen resolution, language settings, and internet service provider.
f) Transaction Data
Information relating to purchases or reservations made via our website, including billing details, contact information, payment methods (such as masked card numbers), and shipping or delivery addresses.
g) Preference Data
Marketing preferences, newsletter opt-in status, product or service interests, response to campaign invitations, and consent records related to communication preferences.
4. Legal Bases for Processing
Our processing of personal data is conducted only when there is a lawful basis to do so under applicable data protection law. These legal bases include:
– Consent: When you have given us clear, explicit permission to process your data for a specific purpose (e.g., subscribing to our newsletter).
– Contractual Necessity: Where processing is required to fulfill a contract with you or to take steps at your request prior to entering into a contract.
– Legal Obligation: Where we are legally required to collect, process, or disclose information (such as for tax compliance or accounting obligations).
– Legitimate Interests: Processing is undertaken on the basis of our legitimate interests, provided that your interests and fundamental rights do not override these (e.g., to improve our services or prevent fraud).
5. Your Rights
You are entitled to exercise a range of rights under GDPR and CCPA. These include:
– Right of Access: You may request details of the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to Be Forgotten”): You have the right to request deletion of your personal data when there is no compelling reason for its continued processing.
– Right to Restrict Processing: You can request that we limit the way we use your data under specific circumstances.
– Right to Data Portability: You may request the transfer of your data to you or another controller in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to data processing based on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.
To exercise any of your rights, please contact us at [email protected].
6. Security Measures
We implement technical and organizational measures designed to ensure the security and confidentiality of your data. These include:
– Encryption of data in transit and at rest
– Secure server infrastructure
– Multifactor access controls and authentication
– Role-based access restrictions
– Regular security audits and vulnerability assessment
– Staff training on data protection procedures and privacy principles
– Automated backups and data resilience measures
While no system is entirely immune from risk, we take all reasonable steps to protect your information.
7. International Data Transfers
Due to the global nature of our services, your personal data may be transferred to and stored in countries outside of your locale, including jurisdictions that may not provide the same level of data protection. When such transfers occur, we employ appropriate safeguards under applicable law, including:
– Standard Contractual Clauses approved by the European Commission
– Binding Corporate Rules
– Additional technical and contractual measures to ensure safety and legality of data flows
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, including satisfying any legal, regulatory, accounting, or reporting requirements. Specific retention periods include:
– Usage & Technical Data: 12 months
– Account & Profile Data: Duration of account + 3 years
– Communication Records: Up to 36 months from last correspondence
– Transaction Records: 7 years for financial compliance
– Cookie Data: Up to 13 months or based on user configuration
– Marketing Preferences: Until withdrawal of consent or 24 months of inactivity
Data may be anonymized and retained for analytical and research purposes beyond these retention periods.
9. Cookie Policy
We use cookies and similar technologies on lews-castle.com to enhance user experience, analyze site performance, and deliver tailored content. Cookies we use include:
– Essential Cookies: Necessary for site functionality, such as login capabilities or payment processing.
– Functional Cookies: Enhance usability by remembering user-selected preferences.
– Analytics Cookies: Collect aggregated information used to monitor and improve website performance.
– Performance Cookies: Provide insights into site traffic patterns and time spent on pages.
10. Cookie Management and Legal Compliance
We comply with GDPR and CCPA requirements for informed consent and transparent cookie practices. When you visit lews-castle.com, you are presented with a cookie banner giving choices to accept, reject, or configure cookie settings.
You may also manage cookies through your browser settings. Instructions for disabling cookies differ depending on the browser used. Please note, rejection of certain cookies may impact site functionality.
Under CCPA, California residents may opt out of the “sale” of personal data by contacting us or using provided opt-out mechanisms.
11. Children’s Privacy
Our website is not intended for children under the age of 13, and we do not knowingly collect or solicit personal information from anyone under this age. If we become aware that we have inadvertently gathered personal data from a child under 13, we will take steps to delete such information promptly.
Parents or legal guardians who believe that we may have collected information from a child under 13 may contact us at [email protected].
12. Policy Updates
We reserve the right to update or revise this Privacy Policy at any time to reflect technological developments, legal changes, or our evolving practices. Significant changes affecting your rights will be communicated via the website or, where applicable, through direct notification. Your continued use of lews-castle.com following such changes constitutes your acceptance of the revised policy.
13. Contact
If you have any questions, concerns, or requests in connection with this Privacy Policy or the way we handle your personal data, you can reach us at:
Email: [email protected]
Website: https://lews-castle.com
We are committed to full compliance with all applicable data protection laws and welcome your feedback on how we can better safeguard your privacy.