Privacy Policy
1. Introduction
At Song for Marion (available at songformarion.com), we are deeply committed to protecting your privacy and safeguarding your personal data. We value the trust you place in us and aim to handle your information with integrity, transparency, and accountability. This Privacy Policy outlines how we collect, use, disclose, store, and protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of songformarion.com and covers all data processing activities conducted through our website and related services. For the purposes of GDPR, Song for Marion acts as the “data controller,” meaning we determine the purposes and means of processing your personal data. For users under CCPA, this policy outlines the categories and purposes of personal information we collect and how consumers may exercise their rights.
For questions or requests regarding your data, please contact us at [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data:
– Usage Data: Includes information about your browser type, IP address, access timestamp, visited pages, session duration, and navigation patterns.
– Account Data: Collected when you register or engage in transactions, including your full name, postal address, email address, and phone number.
– Profile Data: Covers your stated preferences, language selection, purchase history, and user behavior on songformarion.com.
– Communication Data: Includes any correspondence you have with our team (e.g., support tickets, contact requests, complaint submissions) and contact history.
– Technical Data: Encompasses device identifiers, operating system type/version, browser plug-in types and settings, and system customization information.
– Transaction Data: Contains information necessary to process purchases or services, including payment methods, billing addresses, and delivery data.
– Preference Data: Includes records of your marketing and communication preferences, product interests, opt-in/opt-out selections, and responses to personalization options.
4. Legal Bases for Processing
We process personal data on the following legal bases under GDPR:
– Consent: Where you have provided clear, informed consent (e.g., when opting into marketing communications).
– Contract: When processing is necessary to perform a contractual obligation (e.g., transactions or account access).
– Legal Obligation: To comply with applicable laws and legal requests.
– Legitimate Interests: When processing is necessary for our legitimate interests and does not override your fundamental rights and freedoms (e.g., for analytics, service improvement, or fraud prevention).
Under CCPA, we do not sell personal data and only process consumer information in line with the purposes disclosed in this policy.
5. Your Rights
If you are located within the European Economic Area (EEA) or California, you have the following rights over your personal data, subject to applicable exceptions:
– Right of Access: You may request a copy of your personal data.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your data unless retention is legally required.
– Right to Restriction: You may request limited processing of your data in specific circumstances.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to data processing based on legitimate interests or for direct marketing.
– Right to Non-Discrimination (CCPA): California residents are entitled to equal service and pricing, regardless of whether they exercise their privacy rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We employ stringent security measures to ensure your data remains safe and confidential:
– Data encryption in transit (SSL/TLS) and at rest.
– Restricted access to data based on role-specific permissions.
– Regular system backups and audit logging.
– Continuous staff training on data protection best practices.
– Internal policies governing data handling and incident response.
Despite our efforts, no internet-based platform is entirely immune to risks. We urge users to safeguard their login credentials and report any suspicious activity.
7. International Data Transfers
If your personal data is transferred outside your region (e.g., from the EEA to the United States), such transfers are conducted under appropriate safeguards, such as Standard Contractual Clauses (SCCs) approved by the European Commission or other lawful mechanisms. We ensure that any third-party processor handling international data adheres to robust data protection obligations.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
– Usage & Technical Data: 12 months for analytics and security.
– Account & Profile Data: While the account is active and up to 3 years afterward.
– Communication Data: Up to 5 years for audit and customer support.
– Transaction Data: Retained for 7 years for legal and tax obligations.
– Preference Data: Until the user revokes consent or deletes account.
Following expiration of these periods or a valid erasure request, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance website functionality and user experience. Cookies fall into these categories:
– Essential Cookies: Enable basic website functionality and security.
– Functional Cookies: Remember user preferences and settings.
– Analytics Cookies: Track usage for performance and improvements.
– Performance Cookies: Help measure website efficiency and feature A/B testing.
These cookies may be delivered by either first-party or approved third-party providers.
10. Cookie Management and Legal Compliance
Under GDPR, we obtain explicit consent before deploying non-essential cookies. Visitors from California can exercise their CCPA rights to opt-out of certain tracking technologies. Our cookie banner allows you to manage your preferences at any time.
You may also modify your cookie settings directly from your browser or by contacting us at [email protected].
11. Special Protections for Children Under 13
songformarion.com is not intended for use by children under the age of 13. We do not knowingly collect or solicit personal information from children. If we become aware that we have inadvertently obtained personal information from a child under 13, we will promptly delete such data. Parents or guardians who believe their child has submitted personal data may contact us at [email protected].
12. Policy Updates and User Notifications
We may revise this Privacy Policy to reflect changes to our practices, applicable laws, or our services. Any material changes will be communicated via our website or by email, where appropriate. We encourage users to periodically review this policy to stay informed of how we protect your data.
13. Contact
If you have any questions, concerns, or requests relating to this Privacy Policy or the way we process your personal data, please contact us at:
We are committed to ensuring full compliance with applicable data privacy laws and to providing a secure and respectful digital environment. Your privacy is our priority.