Privacy Policy
1. Introduction
At Titanic in Dundee (“we,” “our,” or “us”), accessible via titanic-in-dundee.com, we are committed to protecting the privacy and personal data of all visitors, users, and customers of our website and services. We take data protection seriously and adhere to the highest standards of transparency, integrity, and accountability, in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you interact with our website and services. We are guided by a privacy-first approach that prioritizes user rights and empowerment.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to the personal data collected through our primary domain titanic-in-dundee.com and any subdomains or affiliated digital services operated by us. Titanic in Dundee is the data controller for the purposes of data protection law, responsible for determining the purposes and means of processing your personal information.
If you have any questions about this policy or how your information is handled, you may contact us at [email protected].
3. Categories of Personal Data We Process
We collect and process the following categories of personal data:
a. Usage Data:
Includes information about your interactions with titanic-in-dundee.com, such as pages visited, IP address, browser type and version, time zone settings, referral URLs, and session durations.
b. Account Data:
If you create an account, we collect personal identifiers such as your full name, email address, mailing address, telephone number, and account credentials.
c. Profile Data:
Includes data you provide voluntarily, such as purchase history, saved preferences, user-generated content, browsing behavior, and interactions with our digital media.
d. Communication Data:
Includes any messages, inquiries, or feedback submitted through our contact forms or customer support channels, as well as any associated correspondence history.
e. Technical Data:
Includes data about the device you use to access our services, such as operating system, device type, screen resolution, browser plugins, and internet service provider.
f. Transaction Data:
Includes records of purchases, payment methods, delivery and billing addresses, transaction timestamps, and payment verification outcomes.
g. Preference Data:
Includes marketing preferences, language selections, opt-in and opt-out statuses, and records of interests you have expressed in specific products or services.
4. Legal Bases for Data Processing
We process your personal information in accordance with one or more of the legal bases permitted under GDPR and other laws:
– Consent: Where you have provided clear and informed consent for us to process your personal data for specific purposes (e.g., marketing communications).
– Contractual Necessity: Where processing is necessary to perform our obligations under a contract with you (e.g., fulfillment of your purchases).
– Legal Obligations: Where processing is necessary for compliance with applicable laws or legal requirements.
– Legitimate Interests: Where it is in our legitimate interests to use your data in ways that do not override your fundamental rights and freedoms, such as enhancing website functionality or defending against fraud.
5. Your Rights
Under applicable data protection laws, you have the following rights in relation to your personal data:
– Right of Access: You may request a copy of your personal data being processed by us.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data, subject to legal exceptions.
– Right to Restrict Processing: You may request a temporary halt to data processing under specific circumstances.
– Right to Data Portability: You may request that we provide your data in a structured, commonly used, and machine-readable format for transfer to another controller.
– Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
To exercise any of these rights, please email us at [email protected]. We will respond in accordance with applicable law.
6. Security Measures
We implement rigorous technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These include, but are not limited to:
– Data encryption (SSL/TLS) for all transmissions
– Role-based and password-protected access controls
– Secure hosting environments with firewalls
– Regular data backups and disaster recovery protocols
– Staff training on data privacy and security awareness
While no method of transmission or storage is completely secure, we take all reasonable steps to mitigate risk and protect your information.
7. International Transfers
Your personal data may be stored and processed in locations outside your country of residence, including countries that may not offer the same level of protection as those in the European Economic Area (EEA). In such cases, we ensure appropriate safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission, and adherence to local data transfer regulations where applicable.
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this Privacy Policy, or as required by law. Retention periods by data category are as follows:
– Usage Data: Up to 12 months for analytics purposes
– Account Data: Retained for as long as the account is active, plus up to 5 years thereafter
– Profile Data: Retained for customer relationship management for up to 5 years
– Communication Data: Retained for 3 years from the most recent interaction
– Technical Data: Retained for up to 12 months
– Transaction Data: Retained for up to 7 years for financial audit and compliance
– Preference Data: Retained until deletion is requested or preferences are updated
Upon expiration of these periods, data is securely erased or anonymized.
9. Cookie Policy
Our website uses cookies and similar tracking technologies for the following purposes:
a. Essential Cookies:
These are required for the basic functioning of titanic-in-dundee.com, including login authentication, user sessions, and shopping cart functionalities.
b. Functional Cookies:
Allow the site to remember user preferences and customize user experience accordingly.
c. Analytics Cookies:
Used to gather anonymized data on website performance and user behavior (e.g., Google Analytics), helping us improve the site’s usability.
d. Performance Cookies:
Measure the performance of our services and identify areas for optimization.
10. Cookie Management and Compliance
When you first visit titanic-in-dundee.com, a cookie banner will inform you of your rights and allow you to customize your preferences. You may withdraw or modify your consent at any time through our cookie management interface or by adjusting your browser settings.
We honor “Do Not Track” signals and comply with consent and opt-out mechanisms aligned with GDPR and CCPA requirements.
11. Children’s Privacy
Our services are not directed to children under the age of 13, and we do not knowingly collect or solicit personal data from minors. If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will take steps to delete such information promptly. Parents or guardians who suspect that their child has submitted personal data may contact us at [email protected].
12. Policy Updates and Notifications
We may revise or update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or technology. Any significant changes will be communicated via a prominent notice on titanic-in-dundee.com or through direct communication channels when appropriate. Continued use of our services after such updates signifies acceptance of the revised policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or the way we handle your data, we encourage you to contact us at:
Email: [email protected]
We are committed to full legal compliance and ethical stewardship of your personal information. Your trust is important to us, and we welcome any inquiries you may have about how we protect your data.