Privacy Policy
1. Introduction
At NML West End (“we,” “us,” or “our”), accessible via nml-westend.com, we are committed to protecting your privacy and ensuring the secure handling of your personal data. We understand and respect your right to privacy and take our responsibilities under applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), seriously. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you interact with our website and services.
2. Scope and Role of the Data Controller
This Privacy Policy applies to all personal data collected through your use of our website, nml-westend.com, and when you communicate with us through other channels, such as email. For the purposes of applicable data protection laws, we act as the “data controller,” meaning we determine the purposes and means of processing your personal data.
3. Categories of Data Processed
We collect and process various categories of personal data to provide and improve our services. The data we collect may include:
Usage Data: Information about your interactions with our website, such as IP addresses, browser type, access times, pages viewed, referring URLs, and session durations.
Account Data: Information provided when registering or updating an account, including full name, email address, postal address, and telephone number.
Profile Data: Data related to your account preferences, purchasing behavior, browsing habits, and service usage.
Communication Data: Information provided when you contact us directly, such as customer support inquiries, email correspondence, and chat history.
Technical Data: Device information used to access our services, including operating system, hardware type, browser settings, language preferences, and other system configuration data.
Transaction Data: Details relating to purchases made or services requested, including payment information, delivery address, transaction timestamps, and order history.
Preference Data: Data related to your communication preferences, marketing opt-ins, product interests, and consent records.
4. Legal Bases for Processing
We rely on the following legal bases to process your personal data:
– Performance of Contract: Processing necessary for the performance of a contract with you or to take pre-contractual steps at your request.
– Consent: Where you have given clear, affirmative consent, such as signing up for newsletters.
– Legitimate Interests: Processing necessary for our legitimate business interests, provided these interests are not overridden by your data protection rights.
– Legal Obligation: Where processing is necessary for compliance with legal and regulatory obligations.
5. Your Data Protection Rights
Under GDPR and CCPA, you have certain rights regarding your personal data. These include:
– Access: The right to request access to and receive a copy of the personal data we hold about you.
– Rectification: The right to request correction of inaccurate or incomplete data.
– Erasure: The right to request deletion of your personal data, where applicable.
– Restriction: The right to request the restriction of processing under specific circumstances.
– Portability: The right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
– Objection: The right to object to processing based on legitimate interests or for direct marketing.
To exercise any of the above rights, please email us at [email protected]. We will respond in accordance with applicable laws.
6. Security Measures
We implement appropriate technical and organizational measures to ensure a high level of data security, including:
– Encryption of data in transit and at rest.
– Access controls and authentication protocols to restrict and monitor access to systems.
– Regular data backups and disaster recovery procedures.
– Ongoing employee training on data protection and privacy awareness.
7. International Data Transfers
Where necessary, we may transfer your personal data outside your country of residence. In such cases, we ensure appropriate safeguards are in place, including:
– The use of Standard Contractual Clauses approved by the European Commission.
– Compliance with regional data protection standards where applicable.
– Ensuring that our third-party vendors adhere to comparable levels of data protection.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Specific retention periods include:
– Usage and Technical Data: Retained for up to 12 months for analytics and security purposes.
– Account and Profile Data: Maintained as long as your account is active and for up to 6 years after account closure to comply with legal obligations.
– Communication Data: Stored for 3 years to manage ongoing requests and for training purposes.
– Transaction Data: Retained for a minimum of 7 years in line with financial and tax regulations.
– Preference Data: Stored until you withdraw your consent or update your preferences.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience. Categories of cookies include:
– Essential Cookies: Necessary for website functionality, including navigation and access to secure areas.
– Functional Cookies: Enable enhanced functionality and personalization.
– Analytics Cookies: Help us understand how visitors interact with the site by collecting and reporting information anonymously.
– Performance Cookies: Track site performance and technical issues to improve user experience.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we obtain your consent before placing non-essential cookies on your device. You may manage cookie preferences through our cookie banner or by adjusting your browser settings. Additionally, users in applicable jurisdictions may opt out of data sales and tracking technologies without discrimination.
Links to third-party services or external websites may place their own cookies on your device. We encourage you to review their respective privacy policies for further information.
11. Children’s Privacy
Our services are not directed to children under the age of 13, and we do not knowingly collect personal data from them. If we become aware that information from a child under 13 has been provided to us, we will take appropriate steps to delete such data promptly. If you believe your child has provided us with personal information without your consent, please contact us at [email protected].
12. Policy Updates
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in legal or regulatory requirements, technologies, our practices, or other factors. Any significant changes will be posted on this page, and where appropriate, we will notify you directly through designated communication channels.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us at:
Email: [email protected]
We are fully committed to respecting and safeguarding your privacy in accordance with applicable data protection laws. Please reach out to us if you would like to learn more about how we protect your personal data.