Privacy Policy
1. Introduction
At NYC Gifted (nycgifted.com), we are committed to protecting and respecting your privacy. We recognize the importance of safeguarding the personal data of our users and are dedicated to handling all personal information in a secure, transparent, and lawful manner. This Privacy Policy outlines how we collect, use, disclose, and protect your information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of our website (nycgifted.com), platforms, and digital services. NYC Gifted acts as the Data Controller in relation to any personal data processed via our website or during the provision of our services. This policy governs all personal data collected through our site and services and explains your rights and our obligations relating to your personal information.
3. Categories of Data Processed
We may collect and process the following categories of personal data depending on your interaction with our website or services:
a. Usage Data: This includes information such as your IP address, browser type and version, pages visited, time and date of your visit, referring URLs, and other diagnostic data. This data is used to monitor traffic and enhance our site functionality.
b. Account Data: When you create an account or make a purchase, we collect identifying information such as your full name, billing/shipping address, email address, and phone number.
c. Profile Data: We may collect data related to your preferences, interests, service usage, purchase history, and behavior patterns to personalize your experience.
d. Communication Data: We store and process data arising from any correspondence with us, including support requests, inquiries, feedback, and contact history.
e. Technical Data: This covers device-specific information such as your operating system, hardware configuration, language settings, and browser configuration.
f. Transaction Data: Includes payment card details, payment confirmations, delivery instructions, shipping history, and associated billing records. Sensitive payment data is processed through secure third-party payment processors.
g. Preference Data: Information provided by you regarding your communication preferences, marketing consents, and interests in specific products or services.
4. Legal Bases for Processing
In accordance with Article 6 of the GDPR and other privacy laws, we process personal data under the following lawful bases:
– Contract: Where processing is necessary to fulfill contractual obligations, such as completing a transaction or providing a requested service.
– Consent: Where you have given us clear, affirmative consent to process your data for specific purposes, such as email marketing.
– Legal Obligation: Where we are required to process data in compliance with legal obligations.
– Legitimate Interest: Where data processing is necessary for our legitimate interests (e.g., improving services, communicating with users), and such interests are not overridden by your rights and interests.
5. Your Rights
Under GDPR, CCPA, and other relevant data protection laws, you have specific rights regarding your personal data. Subject to conditions and limitations, those rights may include:
– Right to Access: Obtain confirmation as to whether your data is being processed and access a copy of such data.
– Right to Rectification: Request correction or completion of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data where applicable.
– Right to Restrict Processing: Temporarily or permanently block processing of your data under certain circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transfer it to another controller.
– Right to Object: Object to data processing based on legitimate interests, direct marketing, or profiling.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement comprehensive security safeguards to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:
– End-to-end encryption of sensitive data in transit and at rest
– Role-based access controls and authentication protocols
– Routine backups and disaster recovery procedures
– Regular audits and security assessments
– Staff training on data protection best practices
7. International Transfers
Personal data collected by nycgifted.com may be transferred and processed outside your local jurisdiction, including to countries not deemed to provide equivalent data protection standards. Where such transfers occur, we ensure they are made in accordance with applicable data protection laws and safeguarded through:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Binding Corporate Rules
– Other valid data transfer mechanisms as permitted by law
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes outlined in this Privacy Policy, including satisfying any legal, accounting, or reporting requirements. Retention periods vary by data category:
– Usage and Technical Data: Retained up to 12 months
– Account and Transaction Data: Retained for up to 7 years for compliance with tax and contractual obligations
– Profile and Communication Data: Retained for the duration of your account or up to 3 years following your last interaction
– Marketing and Preference Data: Retained until consent is withdrawn or five years, whichever comes first
9. Cookie Policy
Our website uses cookies and similar technologies to collect data, enhance performance, and deliver personalized experiences. Cookies fall into the following categories:
– Essential Cookies: Necessary for basic site functionality, including navigation and secure login.
– Functional Cookies: Enhance usability by remembering user preferences and settings.
– Analytics Cookies: Help us understand how users interact with the site, using aggregated and anonymous data.
– Performance Cookies: Monitor site performance and user pathways to improve reliability.
10. Cookie Management and Compliance
You may accept or reject cookies through our cookie banner or manage preferences using your browser settings. Users in jurisdictions governed by GDPR and CCPA have the right to opt-out of non-essential cookies and tracking technologies. We honor ‘Do Not Track’ signals as applicable and provide clear, accessible controls for cookie consent changes.
11. Special Protections for Children Under 13
We do not knowingly collect or solicit personal data from individuals under the age of 13. If you believe a child has provided us with personal information, please contact us immediately at [email protected]. We will take prompt steps to remove such information from our systems.
12. Policy Updates & User Notifications
We reserve the right to amend this Privacy Policy at our discretion. Any significant changes will be communicated through appropriate channels such as website notices or direct communication, where practical. Continued use of nycgifted.com following any updates constitutes acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is processed, please contact us:
Email: [email protected]
We are fully committed to privacy compliance and user data protection. For privacy-related inquiries or concerns, we encourage you to reach out directly using the contact methods above.