Privacy Policy for SpinMarvel.com

1. Introduction

At SpinMarvel.com, we are committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines the ways in which we collect, use, store, and safeguard information obtained from users of our website, in line with the General Data Protection Regulation (EU 2016/679) (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable data protection laws. We operate under a privacy-first mindset, and the control and security of your data are of paramount importance to us.

2. Scope of This Policy and Our Role as Data Controller

This Privacy Policy applies to all personal data collected through your interaction with the SpinMarvel.com website and related services. SpinMarvel acts as the data controller for the purposes of applicable data protection laws. This means we determine the purposes and means of processing your personal data.

If you have any concerns or questions regarding your data, you can contact us at [email protected].

3. Categories of Personal Data Processed

We may collect and process the following categories of personal data:

a. Usage Data: Includes browser type, IP address, operating system, time zone setting, login data, website activity, page interactions, and session analytics collected via cookies and similar technologies.

b. Account Data: Includes your name, postal address, email address, phone number, and other contact details provided when creating an account or placing an order.

c. Profile Data: Includes preferences, interests, purchase history, behavioral data, and other insights derived from your interaction with our services.

d. Communication Data: Includes messages sent via our website, emails to our contact addresses, support requests, and any records of correspondence with our customer support team.

e. Technical Data: Includes information about your device or browser, IP address, operating system, platform, screen resolution, and referral source.

f. Transaction Data: Includes payment details (processed via secure third-party gateways), billing addresses, shipping addresses, and product orders.

g. Preference Data: Includes information about your consents for receiving marketing, your product or category interests, and your communication preferences.

4. Legal Bases for Processing Personal Data

We rely on the following legal bases when processing your data under the GDPR:

– Performance of Contract: When processing is necessary to fulfill a contractual obligation, such as fulfilling your product orders or managing your account.
– Consent: Where you provide explicit consent, such as subscribing to newsletters, marketing communications, or certain cookie usage.
– Legal Obligation: When processing is required for compliance with legal or regulatory requirements.
– Legitimate Interest: When processing is necessary for our legitimate business interests, provided that such interests are not overridden by your rights and freedoms. For example, analyzing user behavior to improve our services or detect fraud.

5. Your Rights

In accordance with GDPR and CCPA, you have the following rights regarding your personal data:

– Right of Access: To request access to the data we hold about you.
– Right of Rectification: To correct inaccurate or incomplete data.
– Right of Erasure: To request deletion of your personal data in certain circumstances.
– Right to Restrict Processing: To request that we limit how we use your data.
– Right to Data Portability: To receive your data in a structured, commonly used, and machine-readable format and to transfer it to another controller.
– Right to Withdraw Consent: You may withdraw previously granted consent at any time.
– Right to Object: To object to processing based on legitimate interests or direct marketing.
– Right to Non-Discrimination: Under the CCPA, you will not receive discriminatory treatment for exercising your privacy rights.

To exercise any of these rights, please contact us at [email protected]. We may require verification of your identity before processing your request.

6. Data Security Measures

We implement and maintain appropriate technical and organizational measures to protect your personal data, including:

– SSL encryption across the website to secure data in transit.
– Secure data storage and access controls to prevent unauthorized access.
– Role-based access and training for staff with access to personal data.
– Regular system audits and vulnerability assessments.
– Frequent data backups and redundancy protocols to ensure continuity.

7. International Data Transfers

Your data may be transferred to, and processed outside of, your country of residence, including to jurisdictions that may not offer the same level of data protection. In such cases, we apply appropriate safeguards, such as:

– The use of Standard Contractual Clauses approved by the European Commission.
– Ensuring that any data recipient is certified under relevant data transfer frameworks or privacy codes of conduct.

8. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods include:

– Account Data: Retained until you deactivate your account or request deletion.
– Transaction Data: Retained for 7 years to comply with legal obligations.
– Usage and Technical Data: Retained for up to 24 months for analytics and security purposes.
– Communication Data: Retained for up to 3 years after the most recent correspondence.

After the expiration of the relevant retention periods, data will be securely deleted or anonymized.

9. Cookie Policy

SpinMarvel.com uses cookies and similar technologies to enhance your browsing experience, analyze traffic, and customize content and advertisements. We categorize our cookies as follows:

– Essential Cookies: Necessary for the basic functionality of the website (e.g., page navigation, secure account login).
– Functional Cookies: Support enhanced functions such as user preferences and saved settings.
– Analytics Cookies: Collect aggregated data for statistical purposes, helping us understand how users interact with our site.
– Performance Cookies: Optimize the website experience by facilitating load balancing and responsiveness.

For more information, please review your cookie settings using the prompts provided on our website.

10. Cookie Management and Legal Compliance

To comply with GDPR and CCPA:

– We request your affirmative consent (opt-in) before setting any non-essential cookies.
– You can manage or withdraw consent at any time through our Cookie Settings interface.
– Most browsers allow users to reject or delete cookies through their browser settings. Please note that disabling certain types of cookies may impact your experience on the site.

11. Protection of Children’s Data

SpinMarvel.com is not intended for use by children under the age of 13. We do not knowingly collect, use, or disclose personal data from children without verifiable parental consent. If you believe a child has submitted data without appropriate authorization, please contact us immediately at [email protected], and we will promptly delete such data.

12. Policy Updates

We may update this Privacy Policy from time to time in accordance with changes in legal obligations or operational requirements. Any changes will be posted on this page, and where appropriate, you may be notified by other means. Continued use of SpinMarvel.com after policy updates constitutes your acceptance of the revised terms.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact us via:

Email: [email protected]

SpinMarvel.com is fully committed to upholding your privacy rights and complying with all applicable data protection regulations, including GDPR and CCPA. For any privacy-related inquiries or to exercise your data rights, please contact us using the details provided above.