Privacy Policy for HoleIn1Bagels.com
1. Introduction – Our Commitment to Privacy and Data Protection
Hole In 1 Bagels (“we,” “us,” or “our”) values your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, store, and safeguard your personal information when you visit or interact with our website, holein1bagels.com. We undertake all data processing activities in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
By using holein1bagels.com, you consent to the practices described in this Privacy Policy.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users who access or interact with holein1bagels.com, including customers, prospective customers, and website visitors. For the purposes of the GDPR, the data controller for the processing of your personal data is Hole In 1 Bagels, reachable at [email protected].
We may process your data directly, or through third-party service providers acting on our behalf and subject to confidentiality and data protection obligations.
3. Categories of Data We Process
We collect and process the following categories of personal data, as permitted or required under applicable law:
a. Usage Data:
Includes information such as IP address, browser type, operating system, referring URLs, access times, pages viewed, and session activity.
b. Account Data:
Includes your name, billing and shipping addresses, email address, phone number, and account credentials if you register an account on holein1bagels.com.
c. Profile Data:
Includes preferences, interests, feedback, order history, and behavioral website activity such as items placed in your cart or saved to a wishlist.
d. Communication Data:
Includes inquiries, emails, customer support interactions, feedback submissions, and any other information provided through direct communications with us.
e. Technical Data:
Includes device identifiers, connection type, operating system configuration, screen resolution, and browser settings.
f. Transaction Data:
Includes order information, payment method, transaction status, purchase history, delivery addresses, and billing records.
g. Preference Data:
Includes your preferences in receiving marketing from us and our third parties, as well as your product or services interests indicated through surveys or on-site activity.
4. Legal Bases for Processing
We rely on the following lawful bases under GDPR and equivalent principles under CCPA when processing your personal data:
– Performance of Contract: Where data processing is necessary to enter into or perform a contract with you (e.g., to fulfill an order).
– Consent: Where you have given explicit consent (e.g., for subscribing to newsletters).
– Legal Obligations: Where processing is required to comply with a legal obligation (e.g., for tax or regulatory purposes).
– Legitimate Interests: For purposes such as fraud prevention, service improvement, marketing to existing customers, and ensuring cybersecurity—provided our interests do not override your fundamental rights.
5. Your Rights
Under GDPR and CCPA, you have several rights regarding your personal data:
– Right to Access: You can request access to the personal information we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure (“Right to be Forgotten”): You may ask us to delete your data, subject to exemptions under applicable laws.
– Right to Restriction of Processing: You can limit how we use your data in certain circumstances.
– Right to Data Portability: You are entitled to a copy of your data in a structured, commonly-used, machine-readable format.
– Right to Object: You may object to processing based on our legitimate interests or for direct marketing purposes.
To exercise your rights, please contact us at [email protected].
6. Security Measures
We employ state-of-the-art technical and organizational measures to ensure a high level of data protection, including:
– Data encryption at rest and in transit
– Role-based access controls and authentication protocols
– Secure server environments and firewalls
– Frequent data backups and recovery processes
– Staff training in data privacy principles and incident response procedures
While no system can be entirely secure, we take reasonable steps to prevent loss, misuse, and unauthorized access, disclosure, alteration, or destruction of information.
7. International Transfers
If personal data is transferred outside the European Economic Area (EEA) or to countries without adequate data protection laws, we apply appropriate safeguards such as:
– Standard Contractual Clauses approved by the European Commission
– Binding Corporate Rules or other legally recognized mechanisms
Such transfers occur only when necessary and in compliance with applicable data protection regulations.
8. Data Retention
We retain personal data only for as long as it is necessary for the purposes outlined in this Privacy Policy. Retention periods may differ depending on the data category:
– Account and Transaction Data: Retained for up to 7 years to comply with tax and contractual obligations
– Communication Data: Retained for 3 years
– Usage and Technical Data: Retained for up to 2 years for analytics and improvement
– Marketing Consents: Retained until consent is withdrawn or after 2 years of inactivity
Upon expiry of retention periods, data is securely deleted or anonymized.
9. Cookie Policy
holein1bagels.com uses cookies and similar technologies to enhance user experience. The following categories of cookies may be in use:
– Essential Cookies: Required for website functionality, such as shopping cart operation and navigation.
– Functional Cookies: Enable enhanced personalization, such as remembering login details or location preferences.
– Analytics Cookies: Collect information about user behavior for statistical purposes (e.g., Google Analytics).
– Performance Cookies: Monitor system performance and improve site speed, responsiveness, and uptime.
Cookies do not access or store sensitive information and are used in compliance with applicable laws.
10. Cookie Management and Compliance
We honor privacy laws such as GDPR and CCPA by offering cookie management tools. Users can reject non-essential cookies via the cookie banner or settings interface on holein1bagels.com. Additionally, most browsers allow control over cookie permissions via built-in preference settings.
Under CCPA, California residents may opt-out of “selling” Personal Information through cookie identifiers used for ad targeting.
11. Children’s Privacy
holein1bagels.com is not intended for children under the age of 13, and we do not knowingly collect personal data from minors. If we become aware that a child under 13 has provided us with Personal Information, we will delete such data in compliance with applicable laws. Parents or guardians should contact us if they believe their child has provided personal data without consent.
12. Policy Updates and User Notifications
We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations. Updates will be posted on holein1bagels.com and, where appropriate, may be communicated directly to registered users via email or notifications. We encourage users to periodically review this policy.
13. Contact Information
If you have any questions about this Privacy Policy or wish to exercise any of your rights, you may contact us at:
Email: [email protected]
We are committed to safeguarding your privacy and complying fully with global data protection frameworks including the GDPR and CCPA. Please feel free to reach out to us with any privacy-related concerns.
