Privacy Policy for Merrickholm.com

1. Introduction

At Merrick Holm, accessible at merrickholm.com, we are firmly committed to respecting your privacy and safeguarding your personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information and your rights under the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable data protection laws. We adhere to principles of transparency, accountability, and user empowerment in all our data processing activities.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all visitors, users, and others who access or use merrickholm.com. Merrick Holm is the sole data controller for the purposes of GDPR, meaning we determine the purposes and means by which your personal data is processed. If you have any questions, you may contact us at [email protected].

3. Categories of Data Processed

We collect and process the following categories of personal data depending on your interaction with the site:

A. Usage Data
Information automatically collected when you use merrickholm.com, including your IP address, browser type and version, time zone setting and location, operating system and platform, session time and duration, clickstream data, and pages accessed.

B. Account Data
Information provided during account registration or purchase processes such as your full name, email address, telephone number, billing and shipping addresses, and login credentials.

C. Profile Data
Preferences, wishlists, purchase history, browsing history, personalized content, and behavioral data tied to your interaction with the site.

D. Communication Data
Records of correspondence with our support and sales teams, contact forms you submit, and associated metadata including your contact history and method of communication.

E. Technical Data
Device data such as hardware model, device identifiers, system configuration, network settings, and diagnostic logs.

F. Transaction Data
Details of transactions, including payment method, purchase history, order fulfillment information, shipping details, and billing records.

G. Preference Data
Information relating to your marketing preferences, consent to email subscriptions, product interest categories, and customer segmentation indicators.

4. Legal Bases for Processing

We process personal data strictly in accordance with lawful bases as defined under GDPR and the CCPA:

– Consent: Where you have explicitly consented to the processing for specific purposes (e.g., email marketing).
– Contractual Necessity: Where processing is required for the performance of a contract to which you are a party (e.g., product delivery).
– Legitimate Interests: For security, fraud detection, analytics, product improvement, and customer service.
– Legal Obligation: Where it is necessary to comply with applicable laws or lawful requests from public authorities.

5. Your Rights

You have the following rights with respect to your personal data:

– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You are entitled to request correction of any inaccurate or incomplete information.
– Right to Erasure: You may request deletion of your personal data in certain circumstances.
– Right to Restrict Processing: You can limit how we process your data under certain conditions.
– Right to Data Portability: You may request your personal information in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller.

To exercise any of your rights, contact us at: [email protected].

6. Security Measures

We implement industry-standard technical and organizational security measures designed to protect your personal information from unauthorized access, disclosure, alteration, and destruction. These include full encryption of sensitive data, role-based access controls, secure socket layer (SSL) protocols, server-side firewalls, perimeter monitoring, scheduled backups, and periodic staff data protection training.

7. International Transfers

In circumstances where your personal data is transferred outside the European Economic Area (EEA), we ensure such transfers are compliant with data protection law and safeguarded by EU Standard Contractual Clauses or similar recognized lawful mechanisms. Our systems and subprocessors in the United States and other countries meet regional adequacy standards when applicable.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Retention periods vary by category:

– Account and Profile Data: Retained while your account remains active, and up to 5 years thereafter for reconciliation or legal records.
– Transaction and Financial Data: Retained for up to 7 years for tax and audit compliance.
– Communication and Support Data: Retained for 3 years from last interaction.
– Technical and Usage Data: Aggregated and anonymized when no longer in use, typically retained for 12 months for analytics.

9. Cookie Policy

Merrickholm.com uses cookies and similar technologies to enhance site functionality, analyze site usage, and tailor marketing content. Types of cookies used include:

– Essential Cookies: Required for operating the website and cannot be turned off.
– Functional Cookies: Help remember preferences and perform functions like customer support.
– Analytics Cookies: Provide insight into traffic data, behavior flow, and conversion metrics.
– Performance Cookies: Monitor system stability, detect crashes or bugs, and improve performance.

10. Cookie Management and Compliance

Users can manage their cookie preferences via the cookie banner upon initial visit or through browser settings. Under GDPR and CCPA, you may reject non-essential cookies at any time without affecting site usage. We respect “Do Not Track” signals and offer opt-out mechanisms for data sharing to third-party analytics partners.

11. Children’s Privacy

We do not knowingly collect or solicit personal data from individuals under the age of 13. If we learn that we have collected such information without appropriate parental consent, we will take immediate measures to delete such data. Parents or guardians who believe their child has provided personal information may contact us at [email protected] for assistance.

12. Policy Updates

We reserve the right to update this Privacy Policy from time to time to reflect changes in technology, legal obligations, or our data handling practices. Material changes will be communicated via this website or through direct communication where appropriate. Continued use of merrickholm.com signifies acceptance of the revised policy.

13. Contact

For any questions regarding this Privacy Policy or to exercise your data protection rights, you may contact Merrick Holm at:

Email: [email protected]

We are committed to full compliance with all applicable privacy regulations and strive to handle all user data in a transparent, ethical, and secure manner. Please do not hesitate to reach out should you have any questions or concerns.