Privacy Policy
1. Introduction
At NML Westend, accessible via nml-westend.com, we are firmly committed to safeguarding the privacy and personal data of our users, customers, and partners. We recognize the importance of data protection under global standards and are dedicated to maintaining the confidentiality, integrity, and security of all personal data we process. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information, and your rights in connection with that personal data.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all visitors to and users of the website nml-westend.com (“Website”), and to any personal data collected or processed in the course of providing our services. NML Westend is the data controller for the personal data processed via this Website within the meaning of applicable data protection laws, including the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Any inquiries about this Privacy Policy or our data processing practices should be directed to [email protected].
3. Categories of Data We Process
We collect and process various categories of personal data to provide, optimize, and secure our services:
a) Usage Data
Information automatically collected when you visit nml-westend.com, including browser type and version, IP address, pages visited, time and date of visit, session duration, and other technical diagnostics.
b) Account Data
Personal identifiers provided when registering or completing transactions with us, such as full name, billing and delivery address, email address, and phone number.
c) Profile Data
Preferences, behavior patterns, feedback, past purchases, wish-lists, and any other data you voluntarily provide to enhance personalized experiences.
d) Communication Data
Records of any correspondence you have with us, including emails, support requests, inquiries, and contact history.
e) Technical Data
Device type, operating system, browser specifications, language settings, and system configuration information relevant to site access and compatibility.
f) Transaction Data
Payment-related information, including payment method, purchase amount, date of purchase, shipping data, and invoice records.
g) Preference Data
Your marketing and communication preferences, consent records, and data indicating your interest in particular products or services.
4. Legal Bases for Processing
We process your personal data only when a lawful basis exists, as defined by applicable legislation:
– Consent: Where you have provided clear, affirmative consent for the specific processing activity (e.g., subscribing to newsletters or accepting cookies).
– Contractual Necessity: Where data processing is required to fulfill a contract with you or take steps at your request prior to entering into a contract.
– Legal Obligation: Where processing is necessary for compliance with a legal or regulatory obligation.
– Legitimate Interests: Where processing is necessary for our legitimate interests or those of third parties, provided these interests are not overridden by your privacy rights (e.g., site analytics, fraud prevention, or network security).
5. Your Rights
Subject to the conditions and limitations set forth in applicable law, you have the following rights regarding your personal data:
– Right of Access: Request confirmation of whether we process your data and obtain access to a copy of it.
– Right to Rectification: Request correction or completion of inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your data under specific conditions (“right to be forgotten”).
– Right to Restriction of Processing: Request limitations on how we process your data in certain circumstances.
– Right to Data Portability: Request to receive or transfer your data in a commonly portable format to another controller.
– Right to Object: Object to data processing conducted on grounds of legitimate interest or for direct marketing.
– Right to Withdraw Consent: Revoke previously granted consent at any time without affecting prior lawful processing.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement a combination of technological and organizational safeguards to protect your data across all systems:
– Data encryption in transit and at rest.
– Strict access control through user authentication and authorization protocols.
– Firewalls, intrusion detection systems, and routinely audited server environments.
– Regular data backups stored in secure, geographically redundant facilities.
– Internal staff training and confidentiality agreements to ensure responsible handling of personal data.
7. International Transfers
Where personal data is transferred outside of the European Economic Area (EEA) or other local jurisdictions, such transfers are conducted in full compliance with applicable legal mechanisms. We utilize Standard Contractual Clauses approved by the European Commission or rely on legally recognized adequacy decisions to ensure equivalent data protection standards.
For transfers involving U.S. entities or other countries without EU adequacy designations, we further assess and verify the recipient’s data protection practices and contractual commitments.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, including for any legal, regulatory, accounting or reporting requirements:
– Account and Profile Data: retained while account is active and for up to 7 years after closure for tax and legal compliance.
– Transaction and Communication Data: retained for a period of 7 years for auditing and business recordkeeping purposes.
– Technical and Usage Data: generally anonymized or deleted after 24 months.
– Marketing Preferences: retained until revoked or until legally required to purge.
9. Cookie Policy
We use cookies and similar tracking technologies on nml-westend.com to enhance user experience, understand behavior, and provide essential functionalities.
– Essential Cookies: Strictly necessary for the functioning of our Website and services.
– Functional Cookies: Enable personalization, such as remembering your settings and preferences.
– Analytics Cookies: Help analyze web traffic to improve usability and performance (e.g., Google Analytics).
– Performance Cookies: Evaluate and improve the speed and responsiveness of our services.
We do not use cookies to collect sensitive personal data or share identifiable information with third parties without your consent.
10. Cookie Management and Compliance
Upon first visit to nml-westend.com, you are presented with a cookie banner allowing granular consent settings in compliance with GDPR and CCPA requirements. You may manage your cookie preferences at any time by adjusting your browser settings or by accessing the cookie control panel on our Website.
Under CCPA, California residents have the right to opt out of the “sale” or “sharing” of personal data. We do not sell personal data but provide equivalent options to opt-out of targeted advertising and third-party tracking services.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have inadvertently collected data from a child without verifiable parental consent, we will delete it promptly. If you believe that a child may have provided us their personal information, please contact us at [email protected].
12. Policy Updates
We may update or amend this Privacy Policy from time to time for operational, legal, or regulatory reasons. Where required, you will be notified of material changes via email or via a prominent notice on our Website. Continued use of nml-westend.com after such updates constitutes acceptance of the revised policy.
13. Contact
For questions, concerns, or to exercise your data rights, please contact us:
Email: [email protected]
We are committed to lawful, fair, and transparent processing of personal data in compliance with prevailing data protection laws. If you have any privacy-related inquiry, do not hesitate to reach out to us.