Privacy Policy
1. Introduction
At Twin Palm SRL, accessible via twinpalmsrl.com, your privacy and the protection of your personal data are of utmost importance to us. This Privacy Policy outlines our approach to collecting, processing, and securing your information in strict compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). We are committed to maintaining a transparent, accountable, and privacy-first environment that respects and safeguards your fundamental rights and freedoms concerning your personal data.
2. Scope of Policy and Data Controller
This Privacy Policy governs the processing of personal data collected through your interactions with the twinpalmsrl.com website and related services. For the purposes of applicable data protection laws, Twin Palm SRL acts as the “Data Controller,” determining the means and purposes of the processing of personal data.
If you have any questions regarding this Policy or your data, you can contact us at [email protected].
3. Categories of Personal Data Processed
We may collect, use, store, and transfer the following categories of personal information:
a. Usage Data
Information about how you use our website, including your IP address, browser type and version, operating system, referring URLs, page interactions, and other analytical data associated with each session.
b. Account Data
Information you provide when creating an account or making a purchase, such as your name, billing and shipping address, email address, and telephone number.
c. Profile Data
Information related to your preferences, past purchases, product interests, and browsing behavior within twinpalmsrl.com.
d. Communication Data
Records of interactions with us, including email correspondence, support requests, chat histories, and any contact forms submitted through our website.
e. Technical Data
Device-specific data including device type, Internet service provider, configuration settings, time zone, language preferences, and crash logs.
f. Transaction Data
Details of goods and services you have purchased through our website, including payment method, transaction ID, billing details, and delivery or fulfillment status.
g. Preference Data
Marketing and communication preferences, including opt-ins for newsletters, product suggestions, and targeted advertising consents.
4. Legal Bases for Processing
We process your personal data under one or more of the following lawful bases:
– Consent: Where you have provided your explicit permission (e.g., for marketing communications or cookies).
– Contractual Necessity: To fulfill a contract or to take steps at your request prior to entering into a contract (e.g., order processing).
– Legal Obligation: To comply with legal requirements (e.g., tax regulations).
– Legitimate Interest: To pursue our legitimate business interests, such as improving our website, personalizing content, detecting fraud, and ensuring security—provided those interests are not overridden by your rights and interests.
5. Your Rights Under GDPR and CCPA
As a data subject, you are entitled to exercise the following rights regarding your personal data:
– Right of Access: Obtain confirmation that we process your personal data and, if so, access to a copy.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, subject to certain legal exceptions.
– Right to Restrict Processing: Request that we limit the processing of your personal data in certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used format and transmit it to another controller.
– Right to Object: Object to the processing of your data based on legitimate interests or direct marketing.
– Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.
– Non-Discrimination (CCPA): You have the right not to receive discriminatory treatment for exercising your privacy rights.
To exercise any of these rights, contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your personal information, including:
– End-to-end encryption of data during transmission and storage.
– Role-based access controls and multi-factor authentication for data access.
– Secure servers and backup systems with failover capabilities.
– Employee training in data protection and privacy best practices.
– Continuous monitoring to detect and prevent unauthorized access or disclosure.
7. International Data Transfers
Where your personal data is transferred outside of the European Economic Area (EEA) or similar jurisdictions, we ensure that appropriate safeguards are in place, including Standard Contractual Clauses, adequacy decisions, or lawful derogations, to uphold the same level of protection required by the GDPR and other applicable laws.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting obligations. Data retention practices include:
– Usage and Technical Data: up to 14 months for analytics and performance monitoring.
– Account, Profile, and Transaction Data: retained for up to 7 years post account closure for tax, audit, and compliance purposes.
– Communication Data: retained for up to 3 years after the last user contact.
– Marketing and Consent Data: retained while active consent exists or until withdrawal.
After these periods, your data will be securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance the functionality of twinpalmsrl.com, personalize content, and analyze user behavior. Cookies used include:
– Essential Cookies: Required for website functionality (e.g., login, cart, checkout).
– Functional Cookies: Remember choices (e.g., language preferences).
– Performance Cookies: Collect aggregated usage data for load balancing and uptime monitoring.
– Analytics Cookies: Provide metrics on site usage and performance.
– Marketing Cookies: Track user behavior for targeted advertising and remarketing.
10. Cookie Management and Compliance
You can manage cookie preferences through cookie consent banners or settings in your browser. We obtain user consent before placing any non-essential cookies, consistent with GDPR and CCPA requirements. You may withdraw consent for cookies at any time using website settings or by contacting [email protected].
Users in California may also opt out of the “sale” of personal information, as defined by the CCPA, by using available mechanisms on our website.
11. Children’s Privacy
Twin Palm SRL does not knowingly collect personal data from children under the age of 13. If we become aware that such data has been collected inadvertently, we will take prompt steps to delete it. Parents or guardians who are concerned that their child may have submitted data can contact us directly at [email protected].
12. Policy Updates
This Privacy Policy may be updated periodically to reflect changes in legal requirements, technologies, or our practices. When changes occur, we will revise the policy and communicate updates through twinpalmsrl.com or directly to users when required by law. Continued use of our website or services after changes are implemented constitutes your acceptance of the revised policy.
13. Contact
If you have any questions, concerns, or requests related to this Privacy Policy or wish to exercise your data rights, please contact:
Twin Palm SRL
Email: [email protected]
Compliance Statement
We are firmly committed to compliance with all applicable data protection regulations, including GDPR and CCPA. For questions regarding your privacy or how your personal data is handled, please reach out to us at [email protected].