Privacy Policy for Well Dressed Burrito
1. Introduction
At Well Dressed Burrito, accessible online at welldressedburrito.com, we are deeply committed to protecting your privacy and ensuring the security of your personal data. We understand the importance of transparency and accountability in managing your personal information, and we adhere strictly to applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Your trust is important to us, and we strive to process all personal data lawfully, fairly, and in a manner that respects your rights.
2. Scope of This Privacy Policy & Data Controller Responsibility
This Privacy Policy governs the collection, use, disclosure, and protection of personal information collected through the website welldressedburrito.com and associated services. For the purposes of GDPR, the data controller is Well Dressed Burrito, responsible for determining the purposes and means of processing personal data. If you have any questions about this policy or your personal data, please contact us at [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal information, depending on your interactions with our website:
a) Usage Data:
Includes information about how you use our website, such as your browser type, IP address, session duration, viewed pages, referral sources, and interactions with site features.
b) Account Data:
Collected when you create an account, place an order, or sign up for updates. This includes your full name, billing and shipping addresses, email address, and telephone number.
c) Profile Data:
Encompasses your purchase history, product preferences, behavior, reviews, saved items, and other details associated with your profile created on welldressedburrito.com.
d) Communication Data:
Includes data provided when you contact us (via web form, email, or other means), such as inquiries, support tickets, message content, and your contact history with us.
e) Technical Data:
Collected automatically and includes the type of device you use, operating system, resolution settings, language preferences, browser configuration, and other system specifications.
f) Transaction Data:
Includes payment details (processed via secure third-party payment gateways), delivery and receipt information, order amounts, and transaction status.
g) Preference Data:
Includes your preferences regarding marketing communications, opt-in/out status for promotional materials, frequency of contact preferences, and product interest data.
4. Legal Bases for Data Processing
We rely on the following lawful bases under GDPR and corresponding provisions of the CCPA when processing your personal information:
– Consent: Provided explicitly when you opt-in to receive newsletters, cookies, or promotional updates.
– Contractual Necessity: For processing data required to fulfill transactions or service-related requests initiated by the user.
– Legal Obligations: For compliance with applicable legal and regulatory requirements.
– Legitimate Interests: For running our business operations efficiently, improving user experience, ensuring website security, and conducting analytics—provided such interests are not overridden by your rights or interests.
5. Your Rights Under GDPR and CCPA
Depending on your jurisdiction, you may exercise the following rights over your personal data:
– Right of Access: You have the right to obtain confirmation as to whether we process your data and to access such data.
– Right to Rectification: You may request corrections of inaccurate or incomplete data.
– Right to Erasure: Also known as “the right to be forgotten,” you may request deletion of your personal data under certain conditions.
– Right to Restrict Processing: You may request limited processing of your data while a dispute about accuracy or legality is being resolved.
– Right to Data Portability: You can request your personal data in a machine-readable format or request that it be transferred to another controller.
– Right to Object: You can object to processing based on legitimate interests, direct marketing, or automated decision-making.
– Non-discrimination (under CCPA): You have the right to exercise your privacy rights without being denied goods or services or being subject to unfair pricing or quality differences.
To exercise any of these rights, or to formally request access to your data, please contact [email protected] with your request.
6. Security Measures
We implement comprehensive security measures to safeguard your personal data, including but not limited to:
– End-to-end encryption for data transmissions over secure channels (SSL/TLS)
– Strict access controls and authentication mechanisms for internal data access
– Regular data backups and disaster recovery provisions
– Internal staff training on data protection best practices
– Monitoring for unauthorized access or activity
While no method of transmission or storage is 100% secure, we adopt industry-standard practices to mitigate security risks.
7. International Data Transfers
If your personal data is transferred outside of your jurisdiction (e.g., from the EEA to the United States), we ensure appropriate safeguards are in place. These may include the use of European Commission-approved Standard Contractual Clauses (SCCs), adequacy decisions, or other lawful mechanisms approved under GDPR or CCPA to ensure that your data rights and protections remain intact.
8. Data Retention
We retain your personal data for no longer than is necessary for the purposes described in this Privacy Policy. Specific timeframes include:
– Usage and Technical Data: Retained for 12 months to facilitate analytics and improve site functionality.
– Account and Profile Data: Retained until your account is deleted or after five years of inactivity.
– Transaction Data: Retained for seven years in compliance with legal and tax obligations.
– Communication Data: Retained for three years following the resolution of the query.
– Preference Data: Retained for two years following last active engagement or until consent is withdrawn.
Upon expiry of retention periods, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyze usage. These include:
– Essential Cookies: Required for website functionality, such as secure login and form submissions.
– Functional Cookies: Enable website customization based on user preferences and past interactions.
– Analytical Cookies: Monitor site performance, user behavior, and technical diagnostics.
– Performance Cookies: Help us measure and improve site speed, responsiveness, and performance metrics.
10. Cookie Management & GDPR/CCPA Compliance
We comply with GDPR and CCPA obligations regarding cookie use:
– Consent: Explicit user consent is obtained for non-essential cookies through a pop-up banner upon first visit.
– Preferences: Users can manage or withdraw consent at any time via the cookie settings panel available on our site.
– Opt-out: Instructions on how to disable cookies via browser settings or recognized opt-out mechanisms (such as “Do Not Track” signals) are provided in our Cookie Settings section.
– California Residents: Under CCPA, you have the right to opt-out of the sale or sharing of your personal information gathered via cookies for advertising purposes.
11. Protection of Children’s Privacy
We do not knowingly collect or process personal data of children under the age of 13. If we become aware that such data has been collected without verified parental consent, it will be deleted promptly. Parents or legal guardians who believe personal data of a child under 13 has been collected may contact us at [email protected] for prompt remediation.
12. Policy Updates & User Notifications
We reserve the right to amend this Privacy Policy to reflect legal updates, operational changes, or improvements in data protection. All changes become effective immediately upon posting to welldressedburrito.com. Substantial modifications will be communicated through on-site banners, user notifications, or direct emails when necessary.
13. Contact Information
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: https://www.welldressedburrito.com
Compliance Assurance
Well Dressed Burrito is committed to full compliance with applicable data protection laws, including GDPR and CCPA. We maintain a proactive stance on privacy and welcome all inquiries regarding our data-handling practices via our contact information above.