Privacy Policy
At River Light London (“we,” “us,” or “our”), accessible at riverlightlondon.com, we recognize the importance of safeguarding your privacy and are committed to the protection of personal data in accordance with applicable data protection and privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit or interact with our website.
1. Commitment to Privacy and Data Protection
We are fully committed to protecting the confidentiality, integrity, and security of the personal data entrusted to us. We handle your information carefully and responsibly and implement appropriate technical and organizational measures to protect it.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of riverlightlondon.com and describes how we, as the data controller under the GDPR and as a “business” under the CCPA, collect, use, and disclose personal data. This policy governs all personal data collected through our website, whether through direct interaction, automated technologies, or third-party integrations.
3. Categories of Data Processed
We may collect, store, and use the following categories of personal data:
a. Usage Data
Data concerning how you use our website, including IP addresses, browser types, access times, referring websites, pages viewed, session durations, and clickstream data.
b. Account Data
Information you provide when you create an account with us or fill out online forms, including your full name, email address, postal address, phone number, and login credentials.
c. Profile Data
Details related to your preferences, interests, browsing habits, product selections, and purchase history.
d. Communication Data
Records of your communication with us, including inquiries, feedback, support requests, chat logs, and other correspondence.
e. Technical Data
Information about your device, including model, operating system, browser type, language settings, and configuration data necessary for system maintenance and diagnostics.
f. Transaction Data
Details associated with purchases and payments, such as billing information, payment method, transaction ID, shipping address, and order history.
g. Preference Data
Marketing preferences, product interest indicators, communication consents, and opt-in/opt-out selections regarding promotional communications.
4. Legal Bases for Processing
We process your personal data lawfully under one or more of the following legal bases:
– Contractual Necessity: To perform our obligations under a contract with you.
– Legitimate Interests: To operate our website, improve our services, and ensure security and usability, provided such interests are not overridden by your data protection rights.
– Consent: Where required by law or in certain marketing contexts, we obtain your explicit consent prior to processing.
– Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation.
5. Your Rights
Subject to applicable law, you are entitled to:
– Access: Request access to the personal data we hold about you.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of your personal data (“right to be forgotten”).
– Restriction: Request limitation of our processing of your data.
– Portability: Request transmission of your data to another controller in a structured format.
– Objection: Object to processing based on legitimate interests or direct marketing.
Under the CCPA, California residents may also request:
– Disclosure regarding categories and specific items of personal data we collect, sell, or disclose.
– Deletion of personal information, subject to exceptions.
– Opt-out of the sale or sharing of personal data.
These rights may be exercised by contacting us at [email protected].
6. Security Measures
We implement industry-standard technical and organizational safeguards including, but not limited to:
– Encryption of data at rest and in transit
– Access control with role-based permissions
– Regular data backups and system monitoring
– Internal data protection training for team members
– Secure hosting infrastructure with ongoing vulnerability scanning
7. International Transfers
Where personal data is transferred outside the European Economic Area (EEA), including to service providers located in countries without an adequacy decision by the European Commission, we implement appropriate safeguards, including EU-approved Standard Contractual Clauses or equivalent legal mechanisms.
8. Data Retention
We retain personal data only as long as necessary for the purposes stated in this Policy or as required by applicable law:
– Usage Data: Retained for up to 26 months for analytics and performance improvement.
– Account and Profile Data: Retained for the duration of your account and up to 6 years after closure for legal and compliance purposes.
– Communication and Transaction Data: Retained for up to 7 years for auditing, dispute resolution, and accounting purposes.
– Preference and Marketing Data: Retained until you withdraw consent or object to processing.
9. Cookie Policy
We use cookies and similar tracking technologies on riverlightlondon.com to improve website functionality and user experience. Cookies are used for the following purposes:
– Essential Cookies: Necessary for site functionality, login, and security.
– Functional Cookies: Remember user preferences and settings.
– Analytics Cookies: Help us understand visitor behavior to optimize website performance.
– Performance Cookies: Measure website speed, responsiveness, and usage patterns.
10. Cookie Management and Compliance
Upon first visit, riverlightlondon.com presents users with a cookie notice allowing them to accept or manage their preferences in accordance with GDPR and CCPA requirements. You may also adjust cookie settings through your browser at any time.
Under applicable law, you can opt out of non-essential cookies and withdraw consent without affecting the lawfulness of prior processing.
11. Special Protections for Children Under 13
We do not knowingly collect personal data from children under the age of 13. If we learn that we have collected data from a minor without appropriate consent or verification, we will promptly delete such data. Parents or legal guardians may contact us at [email protected] to make such requests.
12. Policy Updates and Notifications
We may update this Privacy Policy periodically in response to legal, technical, or business developments. Any material changes will be communicated through our website or via email if appropriate. Continued use of the website after updates signifies your acknowledgment and acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: https://www.riverlightlondon.com
We are committed to upholding your privacy rights and ensuring that your personal data is handled in accordance with applicable data protection laws.