Privacy Policy for elmcamp.com
1. Introduction
At elmcamp.com (“we”, “our”, or “us”), your privacy is our priority. We are fully committed to protecting your personal data and ensuring that your information is handled in a lawful, transparent, and respectful manner. This Privacy Policy describes how we collect, use, disclose, and store your personal data, and the rights you have in relation to your information. We process data in accordance with applicable privacy laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all users of elmcamp.com and related services. For the purposes of data protection law, elmcamp.com is the Data Controller of your personal data. This means we are responsible for determining how and why we collect and use your information.
3. Categories of Data We Process
We collect and process various categories of personal data to provide our services efficiently and securely. These may include:
a. Usage Data: Information about how you interact with elmcamp.com, including your IP address, browser type, operating system, referral URLs, pages visited, time spent on pages, and other diagnostic data.
b. Account Data: Information you provide when you register with our website, such as your name, username, mailing address, email address, and phone number.
c. Profile Data: Data associated with your personal preferences, account activity, previous purchases, and behavioral patterns on our site for the purpose of customizing your experience.
d. Communication Data: Records of your correspondence with us, including support request content, inquiry details, and communication history.
e. Technical Data: Information about the device(s) you use to access our services, including device identifiers, browser type, system configuration, time zone settings, and mobile network information.
f. Transaction Data: Details related to purchases, including payment methods, billing addresses, delivery information, order history, and transaction IDs.
g. Preference Data: Data related to your marketing preferences, communication consents, and expressed product or service interests.
4. Legal Bases for Processing
We only process your personal data on the following lawful grounds:
– Consent: Where you have given clear permission for us to process your data for a specific purpose (e.g. receiving newsletters).
– Contractual Necessity: When data processing is required to fulfill our contractual obligations (e.g. facilitating orders and service delivery).
– Legal Obligation: Where we are legally required to process your personal information.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, provided such interests are not overridden by your fundamental rights and freedoms.
5. Your Rights
Subject to limitations under applicable law, you have the following rights regarding your personal data:
– Right to Access: You can request confirmation and access to the personal data we hold about you.
– Right to Rectification: You can request corrections or updates to inaccurate or incomplete data.
– Right to Erasure: In certain cases, you may ask us to permanently delete your personal data.
– Right to Restrict Processing: You can request we limit the processing of your data under specific circumstances.
– Right to Data Portability: You can request a copy of your personal data in a structured, commonly used, machine-readable format for transfer to another service provider.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to safeguard your personal data against unauthorized access, accidental loss, destruction, or alteration. These measures include:
– Data encryption in transit and at rest
– Access controls and password protections
– Regular security audits and system monitoring
– Staff confidentiality agreements and data protection training
– Routine data backups and disaster recovery plans
7. International Transfers
If we transfer your personal data outside of the European Economic Area (EEA) or other regions with comprehensive data protection laws, we ensure the appropriate safeguards are in place. This includes the use of approved Standard Contractual Clauses, adequacy decisions, or other relevant mechanisms to ensure your information remains protected.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including for legal, regulatory, tax, accounting, or reporting obligations. General retention periods:
– Usage and Technical Data: up to 12 months
– Account and Profile Data: active until account deletion; stored up to 24 months thereafter
– Transaction Data: retained for up to 7 years for legal compliance
– Communication Data: retained for up to 36 months
– Preference Data: stored for 24 months or until consent is withdrawn
9. Cookie Policy
elmcamp.com uses cookies and similar technologies to enhance your browsing experience and improve our services. These include:
– Essential Cookies: Required for website functionality, such as login authentication and shopping cart management.
– Functional Cookies: Enable personalized features, like language settings or user preferences.
– Analytics Cookies: Help us understand how users interact with our website, allowing us to improve usability.
– Performance Cookies: Monitor system performance, identifying patterns and bottlenecks.
10. Cookie Management Under GDPR and CCPA
Upon your first visit to elmcamp.com, you will be presented with a cookie notice asking for consent where necessary. Under GDPR and CCPA, you have the right to accept or decline non-essential cookies at any time through our Cookie Management Tool located in the site footer. You may also manage cookies via your browser settings.
Under CCPA, California residents also have the right to opt out of the sale of personal information. We do not sell personal data as defined under CCPA. If this practice changes, we will update this policy accordingly and include the proper mechanisms.
11. Children’s Data
elmcamp.com is not directed to individuals under the age of 13. We do not knowingly collect or solicit personal information from children under 13. If we become aware that a child has provided us with personal data without verified parental consent, we will take steps to delete it promptly.
12. Policy Updates and Notifications
We may update this Privacy Policy from time to time to reflect changes in our legal obligations or business practices. When material changes are made, we will notify users through appropriate channels, which may include email notifications or prominent notices on the website. Please review this Privacy Policy periodically for any updates.
13. Contact
For inquiries relating to this Privacy Policy or to exercise your rights under applicable privacy laws, you may reach us by email at:
We are committed to compliance with all relevant data protection laws and to ensuring that your rights are respected. If you have any concerns regarding your personal data or this policy, we encourage you to contact us directly.