Privacy Policy for Riding Hood Music

1. Introduction

At Riding Hood Music, accessible at https://ridinghoodmusic.com, we are committed to protecting your personal data and upholding your rights to privacy. This Privacy Policy outlines how we collect, use, store, and share your personal information, and the choices and rights available to you under applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We adopt a privacy-first approach in everything we do and implement industry-standard practices to safeguard your information.

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to all users of our website, services, transactions, and communications conducted through or associated with https://ridinghoodmusic.com. Riding Hood Music operates as the data controller for all personal data collected, determining the purposes and means of processing such data. Questions or concerns should be directed to [email protected].

3. Categories of Data We Process

We may collect and process the following categories of personal data, depending on your interactions with our website and services:

a. Usage Data
Includes data about your browser type, IP address, device identifiers, time zone, pages viewed, session durations, navigation paths, and referral websites.

b. Account Data
Includes your full name, residential or billing address, email address, and telephone number, which you provide when creating an account or completing a transaction.

c. Profile Data
Includes your preferences, purchase history, website behavior patterns, saved favorites, playlists, and other user-generated interactions.

d. Communication Data
Includes emails, messages, support inquiries, and other correspondence with our support and service teams.

e. Technical Data
Includes data about your hardware device, operating system, browser settings, screen resolution, language setting, and system configurations collected during your use of our platform.

f. Transaction Data
Includes purchase records, payment method details (processed securely by third-party processors), fulfillment addresses, shipping details, and transaction status.

g. Preference Data
Includes your expressed preferences related to marketing, communication types, subscription options, and interests in specific artists or genres.

We do not knowingly process sensitive personal data (as defined under GDPR Article 9) unless explicitly required and approved by law or consent.

4. Legal Bases for Processing

We process your personal data under the following lawful bases:

– Consent: When you voluntarily provide your information or opt in to newsletters, promotions, or cookies.
– Performance of a Contract: To fulfill transactions, process orders, and manage accounts.
– Legitimate Interests: To improve our services, prevent fraud, and perform analytics – unless overridden by your data protection rights.
– Legal Obligations: To comply with applicable tax, accounting, regulatory, or court-mandated obligations.

5. Your Rights

Under applicable data protection laws, you have the following rights:

– Right of Access: You can request a copy of the personal data we hold about you.
– Right to Rectification: You may correct or update incomplete or inaccurate data.
– Right to Erasure: You may request deletion of your personal data under certain legal grounds (“right to be forgotten”).
– Right to Restriction of Processing: You may request limited processing where accuracy or legality is in dispute.
– Right to Data Portability: You can request your data in a structured, commonly used, machine-readable format.
– Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time.

To exercise any of the above rights, please contact us at [email protected]. We may require verification of your identity before processing your request.

6. Security Measures

We employ robust physical, technical, and organizational measures to ensure the security of your personal data, including:

– Data encryption in transit and at rest (e.g., SSL, HTTPS).
– Role-based access control and authentication.
– Regular encrypted backups and system recovery practices.
– Continuous cybersecurity monitoring and security audits.
– Employee training on data privacy and information security.

Although we take all reasonable precautions to secure your data, no digital transmission or storage system can be guaranteed to be entirely secure.

7. International Transfers

Where your personal data is transferred outside the European Economic Area (EEA), we ensure adequate protection through Standard Contractual Clauses (SCCs) and other lawful mechanisms as required under GDPR. We monitor our service providers and ensure their compliance with regional privacy frameworks such as the EU-U.S. Data Privacy Framework or comparable instruments.

8. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected. Specific retention periods include:

– Account and Profile Data: Retained for the duration of your account and up to 12 months thereafter.
– Transaction Data: Retained for a minimum of 6 years for compliance with accounting and tax obligations.
– Usage and Technical Data: Retained for up to 24 months for analytics and security purposes.
– Communication Data: Retained for up to 24 months.
– Preference Data: Retained until you change preferences or revoke consent.

When data is no longer required, it is securely deleted or anonymized in accordance with our data retention policy.

9. Cookie Policy

Our website employs cookies and similar tracking technologies to enhance user experience, enable website functionality, and gather analytics. Categories of cookies used include:

– Essential Cookies: Required for core functionality, such as navigation and secure login.
– Functional Cookies: Enable additional features like remembering user preferences.
– Analytics Cookies: Provide insights into website usage, traffic patterns, and performance.
– Performance Cookies: Measure service uptime and responsiveness.

10. Cookie Management and Compliance

You may control cookie usage through the cookie consent banner that appears when you visit https://ridinghoodmusic.com, in accordance with GDPR and CCPA requirements. You may also opt out of non-essential cookies at any time by adjusting the settings in your browser or through our cookie preference center. We honor “Do Not Track” browser signals and provide transparent notice and consent features for California residents, including the right to opt-out of the sale or sharing of personal information.

11. Special Protections for Children

Riding Hood Music does not knowingly collect or solicit personal information from persons under the age of 13. If we become aware that we have unknowingly collected such data, we will delete it promptly. If you are a parent or legal guardian and believe your child under 13 has provided us with personal information, please contact us at [email protected].

12. Policy Updates and User Notifications

We reserve the right to update or amend this Privacy Policy. Any material changes to our practices will be reflected on this page and, where appropriate, communicated to users via email or notifications on https://ridinghoodmusic.com. Continued use of our website following changes constitutes your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, our data practices, or your personal information, please direct all inquiries to:

Email: [email protected]

We are committed to full compliance with GDPR, CCPA, and other applicable privacy frameworks and encourage users to reach out with any privacy-related concerns.