Privacy Policy
1. Introduction
At Groman Eden, accessible at gromaneden.com, we are firmly committed to respecting your privacy and safeguarding your personal data. Protecting the personal information of our users is central to our mission, and we process all personal data in accordance with applicable privacy and data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”), as amended.
This Privacy Policy outlines how Groman Eden collects, processes, and protects your data, as well as your rights and choices with regard to your personal information. We value transparency and control, and we want you to feel confident in our use and protection of your data when interacting with our website or services.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to the personal data collected and processed by Groman Eden through the operation of the website gromaneden.com and any related services. Groman Eden is the legal controller of your personal data for purposes of applicable data protection law.
Questions or concerns regarding this Policy or your personal data should be directed to us at [email protected].
3. Categories of Data We Process
We collect and process the following categories of personal data, depending on your interactions with our website or services:
a. Usage Data: Includes technical details about your access to our website such as your IP address, browser type, browsing history, referral URLs, time zone settings, page interactions, and session duration.
b. Account Data: Includes identifying details you provide in creating or managing an account, such as your full name, postal address, email address, and telephone number.
c. Profile Data: Encompasses your preferences, purchase history, content viewed, product interests, survey responses, and browsing behavior on gromaneden.com.
d. Communication Data: Includes records of your correspondences with us, such as contact form submissions, support queries, customer service interactions, and feedback.
e. Technical Data: Involves information about your device, operating system, browser configuration, unique device identifiers, mobile network information, and performance diagnostics.
f. Transaction Data: Contains data pertaining to purchases or orders you make, including payment information (processed securely by third-party payment processors), order history, delivery address, and billing details.
g. Preference Data: Includes your stated preferences for receiving marketing communications, subscriptions, and selected interests for personalization purposes.
4. Legal Bases for Processing
We process personal data only where there is a lawful basis to do so. The legal bases for our processing activities include:
– Consent: Where you have given clear consent for us to process your personal data for specific purposes such as marketing or the setting of non-essential cookies.
– Contractual Necessity: Where the processing is necessary for the performance of a contract with you, e.g., to fulfill product orders or deliver services.
– Legal Obligation: Where processing is required to comply with legal or regulatory duties.
– Legitimate Interests: Where we have a legitimate business interest that does not override your fundamental rights or freedoms, including fraud prevention, security monitoring, product improvement, and direct marketing.
5. Your Rights
If you are located in the European Economic Area, the United Kingdom, California, or other applicable jurisdictions, you may exercise the following rights, subject to specific legal limitations:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data under certain conditions (“right to be forgotten”).
– Right to Restriction: Ask us to suspend processing of your personal data in certain circumstances.
– Right to Data Portability: Obtain and reuse your personal data across different services.
– Right to Object: Object to processing based on our legitimate interests or for direct marketing purposes.
– Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions made solely by automated processing.
You may exercise these rights by contacting us at [email protected]. We will verify your identity before processing certain requests to ensure the protection of your data.
6. Security Measures
We implement and maintain robust organizational and technical security measures to protect your personal data, including:
– Encryption of data in transit and at rest.
– Access controls and authentication mechanisms.
– Secure servers and firewalls.
– Regular system monitoring and vulnerability assessments.
– Staff training on data protection and information security.
– Routine data backups and disaster recovery procedures.
7. International Data Transfers
We may transfer, store, or process your personal data outside your country of residence, including in jurisdictions that may not offer the same level of data protection. When we do so, we ensure appropriate safeguards are in place, such as:
– Standard Contractual Clauses approved by the European Commission.
– Binding Corporate Rules or reliance on adequacy decisions where applicable.
– Compliance with the CCPA’s requirements for cross-border data transfers.
By using our services, you acknowledge any such transfers, subject to appropriate protections.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, regulatory, tax, accounting, or reporting requirements. Retention periods vary by data category:
– Account Data: Retained while your account remains active and for up to 6 years thereafter.
– Usage and Technical Data: Retained for up to 2 years for analytics and service improvement.
– Transaction Data: Retained for 7 years post-transaction for financial and compliance purposes.
– Communication and Support Data: Retained for 3 years from the date of last communication.
– Marketing and Preference Data: Retained until you withdraw consent or opt out.
9. Cookie Policy
Groman Eden uses cookies and similar tracking technologies on gromaneden.com to enhance user experiences and analyze traffic. Cookies we use fall under the following categories:
– Essential Cookies: Necessary for core functionality such as security, session authentication, and navigation.
– Functional Cookies: Enable personalization and remember your preferences.
– Analytics Cookies: Help us understand user behavior through tools like Google Analytics.
– Performance Cookies: Measure system performance and load balancing to improve user experience.
10. Cookie Management and Consent
We comply with GDPR and CCPA principles in providing cookie transparency and control:
– Consent is obtained for all non-essential cookies via a cookie banner when you first visit our site.
– You may manage preferences or withdraw consent at any time using the cookie settings link available in the site footer.
– Browser settings allow you to disable or delete cookies altogether.
Under CCPA, you have the right to opt out of the “sale” or “sharing” of your personal information. While Groman Eden does not sell personal data, marketing and analytics cookies set by third parties may constitute “sharing”; therefore, you may opt out using our “Do Not Sell or Share My Information” tool provided on gromaneden.com.
11. Children’s Data Protection
Groman Eden does not knowingly collect or process personal data from children under the age of 13. If we learn that a user is under 13 and has submitted personal information, we will take steps to delete the information promptly. Parents or guardians who believe a child may have provided information without consent may contact us at [email protected].
12. Policy Updates
We may amend or update this Privacy Policy from time to time to reflect legal or operational requirements. We will notify users of material changes through our website, and continued use of gromaneden.com after any such changes indicates your acknowledgment of the updated terms.
13. Contact Us
If you have any questions, requests, or concerns regarding this Privacy Policy or the way your personal data is handled, please contact us at:
Email: [email protected]
We are committed to ensuring full compliance with applicable privacy regulations including the GDPR and CCPA. We encourage users to reach out if they wish to exercise any of their data rights or simply have questions about how their data is managed.