Privacy Policy - Titanic In Dundee

1. Introduction

At Titanic in Dundee (“we,” “our,” “us”), we are firmly committed to safeguarding the privacy and personal data of our website visitors and users. Our goal is to ensure transparency about how we collect, use, disclose, and protect personal information gathered through the course of our business activities, including via our website at titanic-in-dundee.com. We prioritize data protection and privacy, and we adhere to applicable privacy laws and regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to all personal data collected and processed by Titanic in Dundee through the use of our website, services, and related communications. Titanic in Dundee acts as the data controller of your personal data, meaning we determine the purposes and means of processing your information.

For any questions or concerns regarding this policy or our data practices, you may contact us at: [email protected].

3. Categories of Personal Data We Process

Depending on your interaction with our website, we may collect and process the following categories of personal data:

a) Usage Data: Includes data about how you use our website, such as your IP address, browser type, operating system, referral sources, page views, navigation paths, and session activity.

b) Account Data: Information you provide during account registration or profile set-up, such as your name, email address, phone number, and mailing address.

c) Profile Data: Includes data derived from your interactions with us, such as preferences, purchase history, feedback, and browsing behavior.

d) Communication Data: Records of your correspondence with Titanic in Dundee, including support requests, inquiries, and contact form submissions.

e) Technical Data: Information from your device such as browser version, device type, time zone settings, location data, and system configurations.

f) Transaction Data: Includes purchase information and delivery details, such as billing address, shipping address, transaction history, and partial payment information (we do not store full payment card numbers).

g) Preference Data: Includes your consent to receive marketing communications, newsletter subscriptions, event preferences, and stated product interests.

4. Legal Bases for Processing Personal Data

We process personal data in accordance with lawful bases as defined in GDPR Article 6 and CCPA equivalents:

– Consent: Where you have given clear consent for us to process your data for specific purposes (e.g., marketing subscriptions).
– Contractual Necessity: Where processing is required to fulfill or enter into a contract (e.g., product delivery, account registration).
– Legal Obligation: Where processing is required for compliance with a legal obligation (e.g., tax or accounting rules).
– Legitimate Interests: Where it is necessary for our legitimate business interests (e.g., security enhancement, website optimization), provided that your rights and interests do not override those interests.

5. Your Rights

You may exercise the following rights regarding your personal data, subject to legal limitations:

– Right of Access: Request details about the personal data we hold about you.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure (“Right to Be Forgotten”): Request deletion of your data where legally permissible.
– Right to Restrict Processing: Request limitation of certain types of processing.
– Right to Data Portability: Obtain a copy of your data in a structured, commonly used format and request its transfer to another controller.
– Right to Object: Object to data processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please write to [email protected]. We will respond within the timeframe required by applicable law.

6. Security Measures

Titanic in Dundee maintains robust administrative, physical, and technical safeguards to protect your personal information. These measures include, but are not limited to:

– Encryption of data in transit and at rest.
– Access restriction policies based on job roles.
– Secure storage facilities and encrypted communications.
– Regular data backups and recovery procedures.
– Staff training in data protection and security protocols.

7. International Data Transfers

Where data may be transferred outside of the European Economic Area (EEA) or other regions with comprehensive data protection laws, we ensure appropriate safeguards are in place. This includes reliance on Standard Contractual Clauses approved by the European Commission or ensuring the recipient jurisdiction has an adequacy decision.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Retention periods vary:

– Account and Transaction Data: 7 years for tax and audit purposes.
– Communication Records: 2 years from date of last communication.
– Marketing Preferences: Indefinitely until you withdraw consent.
– Usage and Technical Data: 12 months, aggregated where feasible.

Upon expiration of applicable retention periods, data is securely deleted or anonymized.

9. Cookie Policy

Our website uses cookies to enhance user experience and for proper website functionality. Cookies may fall under the following categories:

– Essential Cookies: Required for core website functionality such as navigation and security.
– Functional Cookies: Remember user preferences and enhance user experience.
– Analytical Cookies: Collect statistical information to improve site performance, such as pages visited and bounce rates.
– Performance Cookies: Monitor system stability and performance across browsers and devices.

We do not use cookies to serve personalized advertising or to track users across websites unless consent is explicitly provided.

10. Cookie Management and Compliance

Upon your initial visit to titanic-in-dundee.com, a cookie banner will prompt you to manage your cookie preferences. You may reject non-essential cookies or tailor your selections accordingly.

Users from jurisdictions under GDPR and CCPA are given granular control via the cookie management tool and are able to withdraw or modify their consent at any time.

You may also manage cookies through your browser settings. Please note that disabling certain cookies may impact website functionality.

11. Children’s Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect or process personal data from individuals under 13. If we become aware that we have unintentionally collected data from a child, we will take prompt steps to delete such information from our systems.

12. Policy Updates and Notifications

We reserve the right to amend this Privacy Policy as practices change or legal obligations evolve. Users will be notified of material changes via an update on our website, and where required, we may seek renewed consent.

Please revisit this page periodically to stay informed about how your data is protected.

13. Contact Us

Should you have any questions or concerns regarding this Privacy Policy, your personal data, or your rights under applicable privacy laws, please contact us using the information below:

Email: [email protected]
Website: https://titanic-in-dundee.com

We are committed to compliance with all applicable data protection regulations and will respond to your questions or requests promptly and transparently.