Privacy Policy
1. Introduction
At The Ethnic Grocer, accessible at theethnicgrocer.com, we are deeply committed to safeguarding your privacy and ensuring the protection of your personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you engage with our website and services. We operate with a privacy-first mindset and adhere to the principles and requirements of the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of our website, services, and any associated platforms or communications. The Ethnic Grocer is the data controller responsible for determining the purposes and means of processing personal data as defined under the GDPR and other relevant legislation.
If you have questions about this policy or how we handle your data, please contact us at [email protected].
3. Categories of Data Processed
We collect and process various categories of personal data, either when you voluntarily provide it or automatically when you access or use theethnicgrocer.com:
a. Usage Data
Includes information about your interactions with our website such as browser type, IP address, session duration, referring URLs, and pages viewed.
b. Account Data
Includes full name, email address, phone number, and billing/shipping address you provide during registration or account management.
c. Profile Data
Includes your purchase history, saved preferences, and behavioral interactions with our services.
d. Communication Data
Includes information shared with us during support interactions, contact form submissions, and customer service requests.
e. Technical Data
Includes your device type, internet connection, operating system, browser configuration, time zone settings, and other system identifiers.
f. Transaction Data
Includes payment method details (excluding full payment card numbers, which are processed by secure third-party providers), order history, delivery tracking, and purchase invoices.
g. Preference Data
Includes your consent to receive marketing communications, preferred product categories, and user interactions with newsletters/promotions.
4. Legal Bases for Processing
We process personal data under the following lawful bases:
– Performance of a Contract: For processing necessary to fulfill a purchase or service agreement.
– Legitimate Interests: For improving services, preventing fraud, and ensuring network and information security.
– Legal Obligation: To comply with applicable laws, regulations, or lawful government requests.
– Consent: For optional communications, personalized marketing, and non-essential cookies. Consent may be withdrawn at any time.
5. Your Rights
In accordance with GDPR, CCPA, and other privacy laws, you may exercise the following rights regarding your personal data:
– Right of Access: Obtain confirmation on whether we hold personal data about you and request a copy.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to legal or contractual obligations.
– Right to Restriction: Request a limitation on the processing of your data under certain circumstances.
– Right to Data Portability: Request your data in a structured, commonly used, and machine-readable format.
– Right to Withdraw Consent: Withdraw previously granted consents without affecting the lawfulness of earlier processing.
– Right to Object: Object to certain forms of processing, such as direct marketing or where processing is based on our legitimate interests.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement rigorous technical and organizational safeguards to maintain the confidentiality, integrity, and availability of your personal data, including:
– End-to-end encryption for data in transit and at rest.
– Access controls including two-factor authentication and role-based permissions.
– Regular data backups and integrity checks.
– Ongoing staff training in privacy, security, and data protection principles.
– Secure data centers managed by industry-compliant hosting providers.
7. International Transfers
Data collected by The Ethnic Grocer may be processed outside your jurisdiction. Where international transfers occur, particularly outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as the European Commission’s Standard Contractual Clauses or equivalently recognized mechanisms under applicable law. All such transfers are made in full compliance with regional data protection requirements.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, subject to applicable legal, contractual, or regulatory obligations. Retention periods include:
– Account and Transaction Data: Retained for up to 7 years for audit, legal, and tax compliance.
– Usage and Technical Data: Retained for 24 months post collection for analytics and security purposes.
– Communication Data: Retained up to 36 months for service quality and internal audit tracking.
– Marketing/Preference Data: Retained until you opt out or withdraw consent.
We periodically review and securely delete or anonymize data that is no longer necessary.
9. Cookie Policy
The Ethnic Grocer uses cookies to enhance user experience, gather analytics, and provide relevant marketing. Cookies are small text files stored on your device which allow us to recognize your browser and preferences.
We categorize cookies as follows:
– Essential Cookies: Required for site functionality and accessibility (e.g., shopping cart and login).
– Functional Cookies: Enhance site personalization (e.g., remembering preferences or saved carts).
– Analytics Cookies: Collect anonymized data on website usage patterns to improve performance.
– Performance & Marketing Cookies: Help us tailor content and ads relevant to your interests.
10. Cookie Management and Compliance
We adhere to cookie regulations under GDPR and CCPA. You will be prompted to manage your cookie preferences when you first access the website. At any time, you may:
– Manage or disable cookies via your browser settings.
– Use our on-site Cookie Consent Manager to update your permissions.
– Withdraw consent for non-essential cookies without impacting core site functionality.
Do Not Track signals from your browser will be recognized and respected, in accordance with CCPA guidelines.
11. Special Protections for Children
theethnicgrocer.com is not directed at or intended for children under the age of 13. We do not knowingly collect, use, or disclose personal data from children under 13 without verified parental consent. If we become aware that data from a child has been collected without appropriate authorization, we will promptly delete such data from our systems.
12. Policy Updates & User Notifications
We reserve the right to amend this Privacy Policy to reflect changing legal, regulatory, or business requirements. Any significant changes will be posted prominently on our website, and where practical, communicated directly to registered users. Continued use of our services after any such changes constitutes your acceptance of the updated policy.
13. Contact Information
For questions, concerns, or to exercise your privacy rights, please contact:
The Ethnic Grocer
Email: [email protected]
Website: theethnicgrocer.com
We are committed to complying with all applicable data protection laws and best practices. If you have privacy concerns, we encourage you to reach out using the contact details above.