Privacy Policy for The Guild of Misrule

1. Introduction: Our Commitment to Privacy

At The Guild of Misrule, accessible at theguildofmisrule.com, your privacy is of paramount importance to us. We are fully committed to safeguarding the personal data entrusted to us and to maintaining transparency in how we collect, use, disclose, and protect your information. This Privacy Policy outlines our data practices in full compliance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Scope of This Policy and Our Role as Data Controller

This policy applies to all visitors, users, and others who access or interact with theguildofmisrule.com. For the purposes of data protection legislation, The Guild of Misrule acts as the “data controller” for the personal data processed under this policy, determining the means and purposes of processing relevant to services provided via our website.

If you have any questions regarding this policy or your personal data, please contact us at [email protected].

3. Categories of Data We Process

We may collect and process the following categories of personal data based on your interactions with our website and services:

– Usage Data: Information about how you use our website, including browser type, IP address, pages viewed, access times, and session duration.
– Account Data: Information you provide when creating or managing an account such as your full name, postal address, email address, and telephone number.
– Profile Data: Preferences, purchases, browsing and interaction behavior, and saved items.
– Communication Data: Information contained in your communications with us, including support queries and your contact history when you reach out through email or web forms.
– Technical Data: Device type, operating system, browser version, screen resolution, language settings, and other related system configurations.
– Transaction Data: Details related to purchases or bookings made on our platform, such as billing details, delivery information, order history, and payment confirmations.
– Preference Data: Marketing preferences, product interest indicators, and related digital signals you share through interaction with our content or consents you provide.

4. Legal Bases for Processing Your Personal Data

We rely on the following legal bases to process your personal data:

– Contractual Necessity: To fulfill and manage your orders, respond to your requests, or provide support under a contractual agreement.
– Legitimate Interests: To enhance website functionality, conduct analytics, improve services, and prevent fraud, where such interests are not overridden by your data protection rights.
– Consent: Where required, we will obtain your clear, informed consent before collecting or using your data for marketing communications, non-essential cookies, or profiling.
– Legal Obligation: In some cases, we are required to process your information to comply with legal or regulatory obligations.

5. Your Rights

As a data subject under GDPR or CCPA (as applicable), you have the following rights:

– Right of Access: Obtain confirmation and access to your personal data.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure: Ask us to delete your personal data under permitted circumstances.
– Right to Restriction: Request limited processing where permitted by law.
– Right to Data Portability: Receive your personal data in a structured, commonly used format or request its transfer to another controller.
– Right to Object: Object to direct marketing or processing based on legitimate interests.
– Right to Withdraw Consent: Revoke previously granted consent at any time.
– Right to Non-Discrimination: Under CCPA, you will not be discriminated against for exercising these rights.

To exercise any of these rights, contact us at [email protected] with your request.

6. Security Measures

We implement rigorous security measures to protect personal data:

– Encryption of data in transit and at rest,
– Access controls and authentication protocols,
– Regular data backups and secure data storage,
– Staff training in data protection responsibilities.

Any third-party service providers engaged by us are contractually bound to uphold equivalent data protection standards.

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA) or California, such transfers are performed:

– In accordance with EU Standard Contractual Clauses or other legally approved mechanisms, or
– To countries that offer an adequate level of data protection as determined by the relevant authorities.

We take all appropriate safeguards to ensure your data is protected regardless of its location.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes for which it was collected, including to comply with legal, accounting, or reporting requirements:

– Usage and Technical Data: 12-18 months
– Account and Profile Data: Retained until account closure or 24 months of inactivity
– Communication Data: Up to 36 months for customer service and historical reference
– Transaction Data: 7 years (to comply with tax and financial laws)
– Preference and Marketing Data: Until the withdrawal of consent or 24 months, whichever comes first

Pending deletion, certain data may continue to exist in secure back-ups for a limited time.

9. Cookie Policy

We use cookies and similar tracking technologies to provide and enhance our website:

– Essential Cookies: Required for site functionality (e.g., session management, form submissions).
– Functional Cookies: Enhance user experience (e.g., remembering preferences).
– Analytics Cookies: Track website usage and performance using tools such as Google Analytics.
– Performance Cookies: Evaluate system performance, detect problems, and improve services.

You can find more detail in our full Cookie Notice available on theguildofmisrule.com.

10. Cookie Management and User Controls

Our website includes a cookie banner and preference center to allow users to:

– Accept or decline non-essential cookies;
– Update cookie preferences at any time;
– Exercise data rights under GDPR/CCPA regarding the use of cookies;
– Use browser settings to manage or delete cookies at your discretion.

Some functionality may be impacted if essential cookies are disabled.

11. Children’s Privacy

We do not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it.

If you believe we have collected information from a child under 13, please contact us at [email protected].

12. Changes to This Policy

We reserve the right to update or amend this Privacy Policy from time to time to reflect changes in data processing practices, relevant regulations, or improvements in our services. Where appropriate, we will notify you via our website or through direct communication.

We encourage users to review this policy periodically for the latest information on our privacy practices.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your rights, or need further information, please contact:

Email: [email protected]

Compliance Note

The Guild of Misrule is committed to full compliance with applicable data protection laws, including the GDPR and CCPA. If you have concerns regarding our privacy practices, please contact us using the details provided above.