Privacy Policy
1. Introduction
At Slow Food GDL, we are deeply committed to preserving your privacy and safeguarding your personal data. This Privacy Policy outlines the manner in which we collect, use, maintain, and disclose personal information obtained through our website, slowfoodgdl.com (the “Website”). We adhere strictly to applicable data protection laws, including the General Data Protection Regulation (“GDPR”) of the European Union and the California Consumer Privacy Act (“CCPA”), ensuring a privacy-first approach in all aspects of our operations.
By using our Website or providing us with your personal data, you acknowledge and accept the practices described in this policy.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of the Website, including individuals who submit personal data through forms, initiate transactions, contact us for support, or otherwise interact with slowfoodgdl.com.
For the purposes of the GDPR and other applicable privacy laws, Slow Food GDL acts as the “Data Controller” in relation to the processing of your personal information. If you have any inquiries concerning data handling practices, please contact us directly at [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data: This includes information about your browser type, operating system, Internet Protocol (IP) address, referral URLs, access times, duration of visits, and session metadata obtained through server logs and analytical tools.
b. Account Data: If you create an account or register on our Website, we may collect your full name, postal and billing address, email address, and phone number.
c. Profile Data: We may gather data about your preferences, purchase history, behavior on the Website, and user settings.
d. Communication Data: Information included in your messages to us, customer support ticket submissions, feedback, inquiries, and correspondence.
e. Technical Data: This includes device identifiers, browser configurations, time zone, geographic location (on city-level granularity), and other technical specifications obtained via diagnostic data.
f. Transaction Data: Includes records of purchases, payment gateway details (note: we do not store full credit card numbers), order history, and delivery or invoice information.
g. Preference Data: Data related to your preferences for receiving communications and marketing, subscription settings, interest in specific products or services, and opt-in/opt-out selections.
4. Legal Bases for Processing
We rely on one or more of the following lawful bases to process your personal data:
– Consent: Where you have provided clear affirmative consent for specific processing.
– Contractual Necessity: To perform a contract with you or to take pre-contractual steps at your request.
– Legitimate Interests: To pursue our legitimate business interests, such as improving user experience and ensuring Website security, provided such interests are not overridden by your fundamental rights and freedoms.
– Legal Obligation: Where processing is necessary to comply with a legal requirement or obligation.
5. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
– Right of Access: Obtain confirmation as to whether we process your personal data and access to that data.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to certain limitations.
– Right to Restriction: Limit the way we process your data under specific circumstances.
– Right to Data Portability: Request to receive your personal data in a structured, commonly used, and machine-readable format.
– Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
To exercise these rights or for further assistance, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational safeguards to protect your personal data, including but not limited to:
– SSL encryption protocols for data transmission;
– Role-based access control and multi-factor authentication;
– Periodic data integrity testing and vulnerability scanning;
– Secure data storage, including encrypted backups and redundant systems;
– Mandatory staff training on confidentiality and data protection standards.
7. International Transfers
Where personal data is transferred outside your country or the European Economic Area (EEA), including transfers to servers or third-party providers in other jurisdictions, we ensure such transfers are subject to appropriate safeguards, including but not limited to Standard Contractual Clauses, adequacy decisions, or binding corporate rules, as required under applicable privacy laws.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Retention periods differ depending on the nature of the data:
– Usage and Technical Data: Retained for up to 24 months for analytics and troubleshooting;
– Account and Transaction Data: Retained for up to 7 years for legal and tax compliance;
– Communication and Preference Data: Retained for as long as you remain active or until deletion is requested;
– Marketing consents: Maintained until consent is withdrawn.
We securely delete or anonymize your personal data at the end of the applicable retention periods.
9. Cookie Policy
Our Website uses cookies and similar tracking technologies to enhance user experience. We categorize cookies used as follows:
– Essential Cookies: Necessary for the operation of slowfoodgdl.com (e.g., login sessions, load balancing).
– Functional Cookies: Enable enhanced functionality, such as remembering preferences or user-selected settings.
– Analytics Cookies: Collect aggregated data for website optimization (e.g., page performance, visitor flow).
– Performance Cookies: Help us evaluate the effectiveness of marketing campaigns or track Website usage patterns.
10. Cookie Management and Compliance
Upon first visit, users are presented with a cookie consent banner allowing them to accept or reject certain categories of cookies, consistent with GDPR and CCPA requirements. You can update your consent preferences at any time through the Website’s cookie management interface or by adjusting browser settings.
For California residents, we honor “Do Not Sell My Personal Information” signals via recognized opt-out mechanisms.
11. Children’s Privacy
We do not knowingly collect or process personal data from children under the age of 13. If you are a parent or guardian and believe your child has provided personal data to us without consent, please contact us at [email protected], and we will promptly take steps to delete such data.
12. Policy Updates and User Notifications
We reserve the right to amend or update this Privacy Policy from time to time. Any significant changes will be communicated via the Website or directly to users when necessary. We encourage all users to routinely review this page to stay informed about how their information is protected.
13. Contact Information
For any inquiries concerning this Privacy Policy, data protection practices, or to exercise your rights under applicable privacy laws, please contact us at:
Email: [email protected]
Website: https://slowfoodgdl.com
We are committed to maintaining full compliance with international and local privacy regulations. Please do not hesitate to reach out with any comments or concerns regarding your personal data or this Privacy Policy.