Privacy Policy
1. Introduction
At The Ducket (“we,” “us,” or “our”), accessible at theducket.com, we value and respect the privacy and protection of all individuals whose personal data we process. We are committed to safeguarding personal information and maintaining compliance with all pertinent data protection and privacy laws, including but not limited to the General Data Protection Regulation (EU GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you interact with us and use our website, as well as your rights regarding that information.
2. Scope and Data Controller Role
This Privacy Policy applies to all personal data collected through our website (theducket.com), and other interactions (e.g., email communications) you may have with us. The Ducket acts as the “data controller” (as defined under the GDPR and equivalent legal frameworks) for the personal information processed in connection with your interactions with our website and services. As the data controller, we determine the purposes and means of processing your personal data.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Includes information such as browser type and version, IP address, pages visited, browsing duration, referral URLs, and session timestamps. This data is automatically collected when you access theducket.com and may be used for diagnostic, analytical, or security purposes.
b. Account Data
When you create an account or register with us, we collect personal details such as your full name, billing/shipping address, email address, phone number, and login credentials.
c. Profile Data
We collect data related to your interests, preferences, purchase history, and behavioral patterns on the website, including feedback, reviews, and personalized settings.
d. Communication Data
Includes information submitted via contact forms or support channels, such as prior communication history, inquiries, and the content of your messages sent to [email protected].
e. Technical Data
This may include device type, operating system, language settings, time zone, and other technical information related to system configuration used to access our services.
f. Transaction Data
We collect details relating to product orders, payment confirmations, shipping details, and billing history. While we partner with secure third parties to process payments, we may store transaction-related metadata for reconciliation and customer service.
g. Preference Data
We record marketing opt-ins and opt-outs, interest categories, communication preferences, and your consent choices relating to cookies and promotional communications.
4. Legal Bases for Processing
We process your personal data lawfully, fairly, and transparently. Our processing activities rely on the following lawful bases:
– Consent: When legally required or when we seek your clear agreement to process specific data.
– Contractual necessity: To perform a contract with you or to take steps prior to entering into one.
– Legitimate interests: To operate, improve, and secure our platform, provided that such interests are not outweighed by your fundamental rights.
– Legal obligation: For compliance with laws and regulations applicable to us.
5. Your Privacy Rights
Depending on your jurisdiction, you may have rights under the GDPR or CCPA/CPRA, including:
– Right of Access: To request a copy of your personal data held by us.
– Right to Rectification: To correct any inaccurate or incomplete data.
– Right to Erasure: To request deletion of your personal data where there are no overriding legitimate grounds for retention.
– Right to Restriction of Processing: To limit how your data is processed under certain conditions.
– Right to Data Portability: To receive your data in a structured, commonly-used format and to transmit it to another controller.
– Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
– Right to Object: To object to certain processing including direct marketing.
– Right to Non-Discrimination: We will not discriminate against you for exercising any of your rights under applicable privacy laws.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We employ a variety of organizational, administrative, and technical security controls to protect your information, including:
– TLS (Transport Layer Security) for encrypted data transmission.
– Role-based access controls and authentication measures.
– Regular data backups and secure storage solutions.
– Staff training in data protection principles and best practices.
– Ongoing monitoring of our systems for unauthorized access.
7. International Transfers
As part of our operations, personal data may be transferred to, and stored at, destinations outside the European Economic Area (EEA) or the UK. When we do so, we ensure your data is protected by appropriate safeguards, such as:
– Standard Contractual Clauses (SCCs) adopted by the European Commission.
– Binding corporate rules or other legal mechanisms approved by supervisory authorities.
– Ensuring the third-country recipient benefits from adequate data protection standards.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or reporting requirements. Typical retention periods include:
– Account Data: For as long as your account remains active and, thereafter, for relevant statutes of limitations.
– Transaction Data: Retained for at least 7 years for legal and tax compliance.
– Communication Data: Retained for up to 3 years following last contact.
– Usage/Technical Data: Retained for a maximum of 12 months where not aggregated/anonymized.
– Marketing Preferences: Maintained until consent is withdrawn.
9. Cookie Policy
The Ducket uses cookies and similar tracking technologies to personalize your experience and understand website performance. Categories include:
– Essential Cookies: Necessary for the functioning of our website.
– Functional Cookies: Enable personalization and improved user experience.
– Analytical Cookies: Help us understand how users interact with our website.
– Performance Cookies: Monitor systems performance, such as error logs and page load times.
We do not install unnecessary cookies without your consent, where required by law.
10. Cookie Management and Compliance
You may control cookie use through:
– Browser settings: To accept, decline, or delete cookies.
– Website banner preferences: To grant or withdraw consent for optional cookies.
– Do Not Track (DNT) settings and Global Privacy Control (GPC) mechanisms, where supported.
Visitors from California can exercise their CCPA rights, including the right to opt out of “sale” or “sharing” of personal data, by contacting us at [email protected].
11. Children’s Privacy
The Ducket does not knowingly collect or solicit personal information from children under the age of 13. If we learn that we have inadvertently obtained such data without verified parental consent, we will take steps to delete the information promptly. If you believe that a child may have provided us with personal information, please contact us at [email protected].
12. Policy Updates and Notifications
We may update this Privacy Policy to reflect changes in our data practices or legal obligations. Changes will be posted to this page. Where appropriate, we may notify you via email or on the website. We encourage regular review of this policy to stay informed about how we are protecting your data.
13. Contact Us
For questions regarding this Privacy Policy, your rights, or data protection practices at The Ducket, please reach out via:
Email: [email protected]
Postal inquiries may also be sent to our registered address, available upon request via email.
We are committed to full compliance with applicable data protection laws and to transparency in all data handling practices. We welcome all inquiries concerning your privacy and will respond diligently to any concerns submitted.