Privacy Policy
At Ghosts in Armour (“we,” “our,” “us”), accessible via ghostsinarmour.com, we value and uphold your privacy with the utmost seriousness. This Privacy Policy outlines our ongoing commitment to transparency, responsibility, and adherence to applicable data protection regulations, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant privacy frameworks.
We are committed to safeguarding your personal data and ensuring that your rights are respected, while maintaining the integrity and functionality of our online services.
1. Scope of This Policy and Role of Data Controller
This Privacy Policy applies to all users who access, browse, or interact with ghostsinarmour.com and related communication channels. Ghosts in Armour acts as the data controller for the personal information collected through this website, meaning we determine the purposes and means of processing such data.
Should you have any questions regarding this policy or data processing practices, please contact us directly at [email protected].
2. Categories of Data We Process
We collect and process various categories of personal data, limited to what is necessary for specific purposes and consistent with your rights and expectations:
a. Usage Data
Includes information about your browser type, IP address, session duration, referral URLs, time zone, and browsing activity while on ghostsinarmour.com.
b. Account Data
Personal details provided when registering or maintaining an account on our site, such as your name, billing address, shipping address, email address, and phone number.
c. Profile Data
Information related to your preferences, purchase history, saved items, content interactions, and behavioral patterns on our platform.
d. Communication Data
Includes any interactions with us such as support requests, inquiries, submitted forms, and communications via email or chat, along with associated metadata.
e. Technical Data
Details about the devices you use to access our services, such as operating systems, device identifiers, browser configurations, language settings, and system diagnostics.
f. Transaction Data
Includes records of subscription plans, payment details, order confirmations, delivery addresses, and billing history. Payment information is securely handled via PCI-compliant third-party processors.
g. Preference Data
Your stated or inferred preferences relating to marketing communications, regional settings, and product preferences collected through on-site behavior or direct input.
3. Legal Bases for Processing
We process your personal data under the following lawful bases in accordance with the GDPR:
– Consent: For optional services such as marketing communications, where you have provided explicit consent.
– Contractual Necessity: To fulfill our contractual obligations, including account setup, order fulfillment, and customer support.
– Legitimate Interests: To enhance, maintain, and secure our services, including analytics, fraud prevention, and service improvements, provided such interests do not override your fundamental rights.
– Legal Requirement: To comply with legal obligations or valid governmental requests.
4. Your Rights
Subject to applicable data protection laws, you have the following rights regarding your personal data:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data we hold.
– Right to Erasure (Right to Be Forgotten): You may request deletion of your personal data under certain conditions.
– Right to Restriction: You may ask us to restrict further processing of your personal data in specific circumstances.
– Right to Data Portability: Where applicable, you may request a structured, commonly used, and machine-readable copy of your data and have it transferred to another controller.
California residents may also have the right under the CCPA to opt out of the “sale” of personal information, request information about third-party data sharing, and not be discriminated against for exercising privacy rights.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request in accordance with applicable data protection laws.
5. Security Measures
We implement and maintain robust technical and organizational security measures to protect your personal data, including:
– Industry-standard encryption protocols
– Secure access controls and authentication procedures
– Regular data backups and disaster recovery protocols
– Data minimization and staff privacy training
Although we employ reasonable safeguards, no system can be completely invulnerable. You are encouraged to use caution when sharing sensitive data online.
6. International Data Transfers
Where personal data is transferred outside of the European Economic Area (EEA), we ensure an adequate level of protection through appropriate safeguards, such as:
– Execution of Standard Contractual Clauses approved by the European Commission
– Verification that recipients are located in jurisdictions with an adequacy decision
– Binding corporate rules or other transfer mechanisms compliant with GDPR
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with the following general timeframes:
– Account and Profile Data: Until account deletion or 3 years of inactivity
– Transaction and Communication Data: 7 years to comply with legal and tax obligations
– Usage and Technical Data: 12 months for analytics and troubleshooting
– Marketing Preferences: Until consent is withdrawn
After these retention periods, data is securely erased or anonymized.
8. Cookie Policy
We use cookies and similar technologies on ghostsinarmour.com for a variety of purposes:
– Essential Cookies: Necessary for basic site functionality and account access.
– Functional Cookies: Enhance user experience by remembering preferences.
– Performance Cookies: Improve page load speed and overall performance.
– Analytical Cookies: Collect aggregated data to help us understand usage patterns.
9. Cookie Management and Compliance
Upon your first visit to our site, you will be presented with a cookie consent banner that enables you to manage cookie preferences in compliance with GDPR and CCPA. You may change your preferences or withdraw consent at any time through our cookie settings interface or by modifying browser settings.
Consumers under the CCPA may also use authorized agents or opt-out mechanisms to invoke applicable rights regarding tracking and data sale preferences.
10. Children’s Privacy
Ghosts in Armour does not knowingly collect or process personal information from individuals under the age of 13. If you are a parent or guardian and believe a child has submitted personal data to our site without proper consent, please contact us immediately at [email protected], and we will act to remove the information promptly.
11. Policy Updates
We reserve the right to update or revise this Privacy Policy at any time to reflect changes in our services, legal obligations, or data handling practices. Any material changes will be communicated to users through appropriate channels. Continued use of ghostsinarmour.com following such updates shall constitute acceptance of the revised policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: ghostsinarmour.com
We are committed to complying with all applicable privacy laws and providing transparent data processing practices. If you believe your data has been handled improperly, please contact us directly. We also encourage you to report unresolved concerns to your local data protection authority.