Privacy Policy for Riding Hood Music

Riding Hood Music (“we,” “our,” or “us”) is committed to protecting and respecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data when you visit or interact with our website, ridinghoodmusic.com, or otherwise engage with our services. We process your personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (Regulation EU 2016/679 – “GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”), as amended.

1. Our Commitment to Your Privacy

Your privacy and the protection of your personal information are of paramount importance to us. We are dedicated to implementing high standards of data privacy and security, and to being transparent about how we collect and use your data to deliver a quality experience across all interactions with ridinghoodmusic.com.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all personal information collected through ridinghoodmusic.com and any related services, tools, features, or communications. We act as the “Data Controller” concerning any personal data processed under this policy. If you have questions regarding the processing of your data, please contact us at [email protected].

3. Categories of Personal Data We Process

We may collect and process the following categories of data, which vary depending on your interactions with our services:

– Usage Data: Information related to your website usage, including IP address, browser type and version, pages visited, time spent, and referring URLs.

– Account Data: Information provided during registration and account creation, such as your name, email address, mailing address, and phone number.

– Profile Data: Information including preferences, website behavior, past purchases, saved items, and feedback.

– Communication Data: Records of your communications with us, including email correspondence, customer service inquiries, chat history, and other contact records.

– Technical Data: Device type, operating system, browser settings, geographical location (broad level), system configuration, and identifiers such as cookies and similar technologies.

– Transaction Data: Payment history, billing and shipping information, order details, and financial information collected through secure third-party payment processors.

– Preference Data: Your marketing and communication preferences, such as consent to receive promotional emails, SMS, newsletters, or information about products you’ve expressed interest in.

4. Legal Bases for Processing Personal Data

We process your personal data under the following legal bases as defined in GDPR:

– Consent: Where you have provided explicit consent (e.g., newsletter subscriptions or accepting cookies).

– Contractual Necessity: Where processing is required to perform a contract with you (e.g., fulfilling purchases).

– Legal Obligation: Where processing is necessary for compliance with legal obligations.

– Legitimate Interest: Where we have a legitimate business reason to process your data, provided these interests do not override your fundamental rights and freedoms.

For residents of California, we may also collect your data in accordance with the purposes outlined in the CCPA and provide you with the right to opt out of the sale or sharing of personal information.

5. Your Rights

In accordance with applicable privacy laws, you may exercise the following rights regarding your personal data:

– Right of Access: Request a copy of your personal data we hold.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request the deletion of your personal data, subject to legal limitations.
– Right to Restriction: Request restriction of processing when certain conditions apply.
– Right to Data Portability: Request your personal data in a structured, commonly used electronic format for transfer to another service provider.

You also have the right to object to specific processing activities, including direct marketing. To make any rights-based requests, please contact us at [email protected].

6. Security Measures

We take the protection of your data seriously and have implemented appropriate technical and organizational measures, including:

– Encryption: SSL encryption is used for secure data transmission.
– Access Control: Access to your data is role-based and limited to authorized personnel only.
– Data Backups: Regular encrypted backups protect against accidental data loss.
– Employee Training: Staff are regularly trained on data protection and confidentiality safeguarding procedures.

7. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence, including jurisdictions that may not provide the same level of data protection as your own. Where such transfers occur, we use Standard Contractual Clauses approved by the European Commission and other appropriate safeguards to ensure an adequate level of data protection.

8. Data Retention

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, including:

– Usage Data: Up to 12 months for website analytics and security purposes.
– Account and Profile Data: For the lifetime of the account plus 5 years thereafter for legal or regulatory purposes.
– Communication and Preference Data: 3 years from the last communication unless a longer retention period is required.
– Technical and Transaction Data: Up to 7 years in accordance with financial retention laws.

All data is securely deleted or anonymized upon the expiry of the retention period.

9. Cookie Policy

We use cookies and similar technologies for various purposes:

– Essential Cookies: Required for website functionality (e.g., login sessions).
– Functional Cookies: Enhance user experience by remembering preferences.
– Analytics Cookies: Help us analyze site usage and improve performance.
– Performance Cookies: Monitor system performance, bugs, and response times.

These cookies may be set by us or by third-party providers whose services we utilize, such as Google Analytics.

10. Cookie Management and Compliance

Upon your first visit to ridinghoodmusic.com, you are presented with a cookie consent management banner. You may choose to accept or reject non-essential cookies. At any time, you may adjust your cookie preferences through your browser settings or use our website’s cookie control tool.

Under GDPR and CCPA, you have the right to opt out of the sale or sharing of your personal data derived through cookies. We honor Global Privacy Control (GPC) signals when enabled in your browser.

11. Children’s Privacy

Riding Hood Music does not knowingly collect personal data from children under the age of 13. If you believe that a minor under 13 has provided us with personal data without parental consent, please contact us at [email protected] and we will take appropriate steps to delete such information.

12. Policy Updates and Revisions

We reserve the right to revise this Privacy Policy as laws, technologies, or our practices change. Material changes will be communicated where required by law. Continued use of ridinghoodmusic.com following the publication of updates constitutes acceptance of those changes.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, or wish to exercise any of your rights under GDPR or CCPA, please contact us at:

Email: [email protected]

We are committed to maintaining your trust and ensuring compliance with applicable privacy laws. Please contact us if you have concerns regarding how your personal data is processed or stored.