Privacy Policy for gotham-cycles.com

1. Introduction

At Gotham Cycles, your privacy is our priority. We are firmly committed to protecting your personal data and respecting your rights under applicable data protection and privacy laws, including but not limited to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit or interact with our website, gotham-cycles.com (“Site”).

2. Scope of Policy and Data Controller Role

This Privacy Policy governs all personal data processed through gotham-cycles.com, including data collected via online forms, customer accounts, support tickets, and other communication channels. For the purposes of applicable data protection laws, Gotham Cycles acts as the data controller with respect to personal data collected directly through this Site. Any questions regarding this policy or our data processing activities should be directed to [email protected].

3. Categories of Personal Data Processed

We may collect, store, and process the following categories of personal data:

a) Usage Data:
Includes information such as your IP address, browser type, operating system, referral source, pages visited, time and date of visit, and interactions with our Site.

b) Account Data:
Includes your full name, billing and shipping addresses, email address, and phone number, typically collected upon account registration or during checkout.

c) Profile Data:
Includes your interests, preferences, order history, and user behavior on our Site, including wish lists and browsing habits.

d) Communication Data:
Includes support inquiries, chat transcripts, emails, contact form submissions, and metadata associated with these communications.

e) Technical Data:
Includes information about the device you use to access our Site, such as device type, operating system, language preferences, screen resolution, and system configuration settings.

f) Transaction Data:
Includes payment details (excluding full card numbers, which are processed by payment gateways), order history, invoice records, and delivery details.

g) Preference Data:
Includes your preferences regarding marketing communications, product categories of interest, newsletter sign-ups, and cookie consent selections.

4. Legal Bases for Processing

We process personal data under the following legal grounds as permitted under the GDPR and other applicable laws:

– Consent: Where you have given explicit permission for specific processing activities, such as subscribing to our newsletter or accepting optional cookies.
– Contractual necessity: To fulfill a contract with you, such as completing a purchase or delivering a product.
– Legal obligation: Where processing is required to comply with our legal and regulatory obligations.
– Legitimate interest: For purposes including fraud prevention, service improvement, network and information security, and direct marketing (where allowed), provided such interests are not overridden by your fundamental rights and freedoms.

5. Your Rights under Data Protection Law

Subject to applicable laws, you have the following rights regarding your personal data:

– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request deletion of your personal data, subject to legal and contractual obligations.
– Right to Restrict Processing: You may request limits on how we use your data in certain circumstances.
– Right to Data Portability: You may request a structured, commonly used, and machine-readable copy of your data, and have it transferred to another controller where feasible.
– Right to Object: You may object to processing on the grounds of legitimate interest or direct marketing.

To exercise any of the above rights, please contact us at [email protected].

6. Security Measures

We use a combination of technical and organizational safeguards to ensure the confidentiality, integrity, and availability of your personal data:

– Encryption of data-in-transit and data-at-rest
– Role-based user access controls
– Firewalls and threat monitoring systems
– Regular security audits and software updates
– Employee training in information security and data protection principles
– Secure backup and disaster recovery protocols

While we strive to use commercially acceptable means to protect your personal data, no system can guarantee absolute security.

7. International Data Transfers

Your personal data may be transferred to and processed in countries outside of your jurisdiction, including in the United States and other regions that may have different data protection standards. In all such cases, we ensure that appropriate legal safeguards are in place, such as:

– Standard Contractual Clauses approved by the European Commission
– Data processing agreements with third-party service providers
– Ongoing review of compliance with applicable cross-border data protection requirements

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, and reporting requirements, as follows:

– Usage data: Retained up to 24 months from collection
– Account and profile data: Retained while your account remains active plus 6 years after closure
– Communication data: Retained for 2 years for customer support and recordkeeping
– Transaction data: Retained for 7 years for accounting compliance
– Marketing preference data: Retained until you opt out or withdraw consent

Upon expiration of the retention periods, data will be securely deleted or anonymized.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to enable site functionality, enhance user experience, and collect analytics:

– Essential Cookies: Necessary for proper website operation, such as session management and checkout functionality.
– Functional Cookies: Enhance usability by remembering preferences and settings.
– Analytics Cookies: Provide insights into user behavior and website performance (e.g., Google Analytics).
– Performance Cookies: Monitor system performance and site navigation to improve service delivery.

10. Cookie Management and Compliance

Upon your first visit to gotham-cycles.com, you will be presented with a cookie consent banner allowing you to accept or reject non-essential cookies in compliance with GDPR and CCPA requirements. You may modify your cookie preferences at any time by accessing the Cookie Settings page. Users from California can opt out of the sale of personal information as defined under the CCPA by submitting a Do Not Sell My Personal Information request via our contact email.

Third-party tracking and advertising cookies will only be activated with your prior consent where required by law.

11. Children’s Privacy

Our services are not intended for or directed toward individuals under the age of 13. We do not knowingly collect personal data from children. If we learn that a child under 13 has submitted personal information to gotham-cycles.com, we will promptly delete such data. Parents or guardians who believe their child has provided us with personal data may contact us at [email protected].

12. Policy Updates and User Notification

We reserve the right to update this Privacy Policy to reflect changes in our practices, technologies, legal obligations, or for other operational reasons. Material changes will be communicated through prominent notices on gotham-cycles.com or via direct email when appropriate. We encourage users to review this policy periodically to stay informed of how we protect your personal data.

13. Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your rights under applicable privacy laws, please contact:

Gotham Cycles
Email: [email protected]
Website: https://gotham-cycles.com

We are committed to maintaining full compliance with all relevant privacy regulations, and stand ready to address any concerns you may have regarding your personal data.