Privacy Policy
The Creaking Chair (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, maintain, and disclose your personal data when you interact with our website, thecreakingchair.com (the “Website”), in accordance with applicable data protection regulations, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
At The Creaking Chair, safeguarding your personal data is a top priority. We are dedicated to ensuring the confidentiality, integrity, and security of your information. This Policy is designed to inform you, as a user or customer, how we gather, process, and protect your personal information, while giving you control over your data and how it is used.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all data collected through your use of the Website, communication with our customer service, or engagement with our online services. For the purposes of the GDPR, The Creaking Chair is the data controller responsible for the collection and use of your personal information.
If you have any questions regarding this Policy or how your personal data is handled, contact us at: [email protected].
3. Categories of Data Processed
We may process the following categories of personal data:
a) Usage Data
We automatically collect data relating to your interaction with our Website. This includes internet protocol (IP) addresses, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, referral sources, and information on how you use our site (including pages visited, time on site, clickstream data, and other analytical identifiers).
b) Account Data
When you register an account or place an order, we collect identity and contact data such as your full name, billing/shipping address, email address, and telephone number.
c) Profile Data
This includes details about your preferences, purchase history, Wishlist items, and behavioral patterns on thecreakingchair.com, which help us tailor your user experience.
d) Communication Data
Your communication with our customer service team, such as support inquiries, chat records, and contact history, are collected and retained for service improvement and dispute resolution.
e) Technical Data
We collect data from the device or system used to access our services such as device model, screen resolution, operating system, system configuration, and diagnostic information to improve platform compatibility and performance.
f) Transaction Data
We process payment-related information, including transaction ID, payment method details (processed securely via third-party payment processors), delivery address, and order history.
g) Preference Data
We collect and retain records of your marketing consent preferences, newsletters subscriptions, areas of interest, and product preferences to customize communications and offerings.
4. Legal Bases for Processing
Under the GDPR, we rely on the following legal bases to process your personal data:
– Consent: Where you have granted explicit permission for us to process your data for purposes such as marketing or cookies beyond strictly necessary functionality.
– Contractual Necessity: To perform our obligations under a contract with you, such as order fulfillment and account management.
– Legitimate Interests: To enhance your user experience, detect fraud, maintain our business operations, develop products, and conduct analytics—provided that these interests are not overridden by your rights and interests.
– Legal Obligations: Where processing is required to comply with applicable laws and regulations.
5. Your Rights
You have the following rights under applicable data protection laws:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right of Rectification: You can correct inaccurate or incomplete data.
– Right to Erasure: You may request removal of your data where there is no lawful reason to retain it.
– Right to Restrict Processing: You may request that we limit the processing of your data.
– Right to Data Portability: You may request to receive your data in a structured, machine-readable format or have it transferred directly to another data controller.
– Right to Object: You may object to the processing of your data on grounds relating to your particular situation, including direct marketing activities.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate organizational and technical safeguards to ensure the confidentiality, integrity, and availability of your personal data. These measures include:
– Data encryption at transit and at rest
– Role-based access control and minimum data access permissions
– Regular system monitoring and backups
– Use of secure third-party payment processors
– Staff training on data protection and security best practices
While we strive to protect your personal data, no transmission or storage system can be guaranteed as 100% secure.
7. International Transfers
When transferring your personal data outside of the European Economic Area (EEA) or other jurisdictions with differing data protection laws, we implement appropriate safeguards, such as standard contractual clauses approved by the European Commission or other valid legal mechanisms to ensure the lawful and secure cross-border transfer of personal data.
8. Data Retention
We retain your personal data only for as long as is necessary for the purposes set out in this Policy. Retention periods vary depending on the category and purpose, including but not limited to:
– Account and Profile Data: Retained for as long as your account is active and up to 6 years thereafter for legal compliance.
– Transaction Data: Retained for 7 years for financial and tax reporting.
– Communication and Support Records: Retained for 3 years after the last interaction.
– Technical and Usage Data: Retained for 12–24 months for analytics and performance optimization.
We securely delete or anonymize personal data when it is no longer needed.
9. Cookie Policy
Our Website uses cookies and other tracking technologies for various purposes:
– Essential Cookies: Required for core site features such as shopping cart functionality and secure authentication.
– Functional Cookies: Enable enhanced functionality and personalization based on your interactions and choices.
– Analytics Cookies: Collect aggregated data for understanding user behavior and improving site experience (e.g., Google Analytics).
– Performance Cookies: Help monitor system performance and detect usage patterns or errors.
10. Cookie Management and GDPR/CCPA Compliance
Visitors to thecreakingchair.com are provided with the option to manage their cookie preferences upon initial visit, in compliance with GDPR and CCPA. You may withdraw consent or adjust preferences at any time through our Cookie Settings interface. Browser-level controls are also available to manage cookie usage.
Under CCPA, residents of California have the right to:
– Know what categories of personal data we collect and disclose
– Request deletion of personal information
– Opt-out of the “sale” of personal data, if applicable (we do not sell your data in the traditional sense)
Requests can be made by contacting: [email protected].
11. Children’s Privacy
The Creaking Chair does not knowingly collect personal information from children under the age of 13. If we become aware that we have inadvertently collected data from a child under 13, we will promptly delete such information. Parents or guardians who believe that their child has provided us with personal data may contact us at [email protected].
12. Policy Updates and User Notifications
We may update this Privacy Policy to reflect changes to our practices or for operational, legal, or regulatory reasons. Any such updates will be posted on the Website and, where appropriate, notified to users via email or account alerts.
You are encouraged to review this Privacy Policy periodically to remain informed of how we process your data.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Privacy Team
[email protected]
Compliance
The Creaking Chair is firmly committed to lawful and transparent data processing and adheres to all obligations under GDPR and CCPA. If you believe your privacy rights have been violated or wish to raise a concern, please do not hesitate to contact us using the details above.