Privacy Policy

Privacy Policy for ctowncycle.com

1. Introduction

At ctowncycle.com (“we,” “us,” “our”), your privacy and the protection of your personal data are of paramount importance. We are committed to safeguarding the personal information of users and visitors and ensuring transparency regarding how we collect, use, store, share, and secure your data. This Privacy Policy outlines our approach to data privacy and affirms our compliance with applicable data protection regulations, including, but not limited to, the General Data Protection Regulation (Regulation (EU) 2016/679 – “GDPR”) and the California Consumer Privacy Act of 2018 (Cal. Civ. Code § 1798.100 et seq. – “CCPA”).

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all personal data collected through your use of ctowncycle.com, including when you access our website, interact with us, or purchase products or services. Where GDPR applies, we act as the “data controller,” determining the purposes and means of processing your personal data.

3. Categories of Data Processed

We may collect and process the following categories of personal data:

a) Usage Data
Includes information about how you use our website. This may include your IP address, browser type and version, time zone setting, pages viewed, referring sites, click paths, access times, and any other usage-related diagnostics.

b) Account Data
Collected when you register or create an account. This includes your name, email address, mailing address, phone number, and any other information you provide during account creation or profile updates.

c) Profile Data
Includes your preferences, website behavior, purchase history, product selections, saved settings, and feedback or survey responses.

d) Communication Data
Includes records of your communications with us, including inquiries, support requests, and responses through email, forms, or chat interactions.

e) Technical Data
Comprises system configuration and device data such as your hardware model, operating system, unique device identifiers, mobile network information, and device settings.

f) Transaction Data
Includes payment and purchase information, such as products ordered, delivery and billing addresses, transaction timestamps, and partial payment details. We do not store full credit card numbers; payment processing is handled via secure third-party providers.

g) Preference Data
Covers your choices regarding marketing communications, newsletter subscriptions, product interests, and consent settings.

4. Legal Bases for Processing

Our processing of your personal data is grounded on one or more of the following legal bases:

– Performance of a contract: Processing is necessary to fulfill a contract with you or to take steps at your request prior to entering into a contract (e.g., purchase fulfillment).
– Legitimate interests: Processing is necessary for our interests, such as administering the website, improving services, marketing, and fraud prevention, provided those interests do not override your rights.
– Consent: Where required by law, we rely on your explicit consent to process certain kinds of data (e.g., subscribing to newsletters).
– Legal obligations: Processing is required to comply with legal obligations or respond to lawful government requests or applicable law enforcement.

5. Your Rights

Under applicable law, you have the following rights regarding your personal data:

– Right of Access – You may request access to the personal data we hold about you.
– Right to Rectification – You are entitled to have incomplete or inaccurate data corrected.
– Right to Erasure – You may request deletion of your data when it is no longer necessary, subject to lawful retention requirements.
– Right to Restriction – You may request the restriction of processing where you object to processing or contest the accuracy of your data.
– Right to Data Portability – You may request to receive a copy of your personal data in a commonly used, machine-readable format.
– Right to Object – You may object to processing based on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent – Where you have provided consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise these rights, please contact us at [email protected].

6. Security Measures

We implement a range of security, technical, and organizational safeguards to protect your data against unauthorized access, disclosure, alteration, or destruction. These measures include but are not limited to:

– Encryption of sensitive data in transit and at rest.
– Role-based access controls to restrict access internally.
– Regular security audits and penetration testing.
– Secure coding standards and vulnerability management.
– Routine data backups and reliable business continuity procedures.
– Staff training in data protection principles and confidentiality procedures.

7. International Data Transfers

We operate primarily in the United States and may transfer and store your information in other countries with differing data protection standards. Where personal data is transferred from the European Economic Area (EEA) or United Kingdom to countries outside these regions, we ensure appropriate safeguards are in place, including standard contractual clauses approved by the European Commission or UK Information Commissioner’s Office, as applicable.

8. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including for legal, regulatory, accounting, or reporting requirements. For example:

– Usage and Technical Data: Retained for 12 months for analytics and system improvements.
– Account and Profile Data: Retained for the duration of your account and up to 6 years after termination for record-keeping and tax purposes.
– Transaction Data: Retained for 7 years for financial compliance and auditing.
– Communication Data: Retained for 3 years for customer support history.
– Preference Data: Retained until opt-out or withdrawal of consent.

In cases where we anonymize personal data, we may retain such information indefinitely for research or statistical purposes.

9. Cookie Policy

ctowncycle.com uses cookies and similar tracking technologies to enhance your experience. Cookies are small text files stored on your device.

We utilize the following categories of cookies:
– Essential Cookies: Necessary for website functionality, such as login sessions and security.
– Functional Cookies: Enable personalization, such as remembering preferences and language settings.
– Performance Cookies: Collect aggregate analytics data to understand user behavior and improve site functionality.
– Analytical Cookies: Help us measure site traffic, usage patterns, and marketing campaign effectiveness.

10. Cookie Management and Compliance with GDPR & CCPA

You may manage your cookie preferences at any time through your browser settings or our cookie management tool provided at the footer of our website. Under GDPR and CCPA, you may decline non-essential cookies and withdraw previously provided consent without penalty.

To exercise your CCPA rights, including the right to opt-out of the sale or sharing of personal information (if applicable), please use the “Do Not Sell or Share My Personal Information” link at the bottom of ctowncycle.com or contact us at [email protected].

11. Special Protections for Children Under 13

Our website is not directed toward children under the age of 13, and we do not knowingly collect or process personal data from minors without verifiable parental consent. If we become aware that a child under 13 has provided us with personal information without proper consent, we will take steps to delete such information promptly.

12. Policy Updates and User Notifications

We may revise this Privacy Policy periodically to reflect changes in legal requirements, business operations, or technological advancements. Any material changes will be communicated via the website or, where appropriate, by direct communication. Continued use of ctowncycle.com after such updates signifies consent to the revised terms.

13. Contact

If you have any questions about this Privacy Policy or wish to exercise your rights under data protection laws, please contact us:

Email: [email protected]

We remain fully committed to data protection compliance and your right to privacy. For any concerns or inquiries regarding personal data, feel free to contact our team.