PRIVACY POLICY

1. Introduction

At Mersey Waterfront (merseywaterfront.com), we are committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and safeguard your personal data in accordance with applicable data protection laws including the European Union General Data Protection Regulation (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR), and the California Consumer Privacy Act (CCPA). We take a privacy-first approach to ensure transparency, minimize data collection, and uphold the highest standards of user data protection.

2. Scope of the Policy and Data Controller Role

This Privacy Policy applies to all users who access and interact with merseywaterfront.com, whether through a desktop or mobile browser or any affiliated platform. Mersey Waterfront acts as the Data Controller for the information processed under this Policy. Any references to “you” refer to users, customers, and site visitors whose data we collect.

For inquiries regarding this policy or the handling of your data, please contact us at [email protected].

3. Categories of Data Processed

We may collect and process the following categories of personal data, depending on your interaction with our website and services:

a) Usage Data:
Includes information such as IP address, browser type and version, time zone setting, pages visited, session duration, and site navigation behavior. This data helps us analyze traffic patterns and improve our digital infrastructure.

b) Account Data:
Personal information you provide during account setup or checkout, such as your name, postal address, email address, and telephone number.

c) Profile Data:
Details including purchase history, product preferences, loyalty participation, and behavioral indicators relevant to your interaction with merseywaterfront.com.

d) Communication Data:
Records of your communication with us including support inquiries, contact form submissions, and email correspondence.

e) Technical Data:
Device type, operating system, screen resolution, browser plug-in types, and other technical settings used to access our site.

f) Transaction Data:
Payment details (processed securely via third-party providers), order history, billing addresses, shipping addresses, and delivery status.

g) Preference Data:
Marketing preferences, opt-in or opt-out decisions for newsletters and updates, and declared areas of interest in our offerings.

4. Legal Bases for Processing

We rely on the following legal bases under GDPR for the collection and processing of your data:

– Consent: Where legally required, we will obtain your explicit consent before collecting or processing your data.
– Contractual Necessity: To fulfill our obligations under a contract with you, including processing payments or delivering services.
– Legitimate Interests: For understanding user behavior, improving products and services, and protecting network security, where such interests are not overridden by your rights.
– Legal Obligation: When processing is required for compliance with applicable laws or regulatory requirements.

For California residents, we also comply with data processing authorizations as outlined in the CCPA.

5. Your Rights

As a data subject, you have the following rights under applicable laws, subject to verification and certain exceptions:

– Right of Access: You may request confirmation of data being held and access to your personal data.
– Right to Rectification: You are entitled to have inaccurate or incomplete data corrected.
– Right to Erasure: You may request deletion of your data where grounds for retention no longer exist.
– Right to Restriction: You may request limited processing in specific scenarios.
– Right to Data Portability: You may request that we transfer your data to you or another organization in a structured, commonly-used format.
– Right to Object: You may object to certain types of processing, such as direct marketing or processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected].

California residents may also request information on how their data is shared or sold (note: Mersey Waterfront does not sell personal information to third parties).

6. Security Measures

We implement a comprehensive data protection framework, which includes:

– Data encryption (TLS/SSL) for information in transit
– Role-based access control and multi-factor authentication for internal systems
– Regular data backups with secure storage protocols
– Periodic employee training on privacy and data handling practices
– Secure development practices and vulnerability monitoring

Despite these efforts, no system can guarantee absolute security; we therefore encourage users to exercise caution and minimize sharing of sensitive information.

7. International Transfers

Some of your personal data may be transferred to and processed in countries outside of your jurisdiction, including locations where data protection laws may differ. Where such transfers occur, we ensure appropriate safeguards are put in place, including Standard Contractual Clauses (SCCs) or adequacy decisions where applicable, in accordance with GDPR.

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including for legal, accounting, or reporting obligations. Our retention schedules are as follows:

– Usage and Technical Data: 14 months
– Account and Profile Data: Active until account deletion or 5 years of inactivity
– Transaction Data: Maintained for 7 years for legal and tax purposes
– Communication and Preference Data: Maintained for 24 months or as legally required
– Cookies: As per lifespan listed in our Cookie Policy
– Marketing consent records: Retained until withdrawal of consent

Data is securely deleted or anonymized once the retention period has expired.

9. Cookie Policy

Mersey Waterfront uses cookies and similar technologies to enhance website functionality, personalization, and visitor analysis. Categories of cookies we use include:

– Essential Cookies: Required for core functionality (e.g. login, navigation).
– Functional Cookies: Enable advanced features such as site preferences or language settings.
– Performance Cookies: Collect aggregated user behavior data to improve site performance.
– Analytics Cookies: Help us understand user interactions via third-party services like Google Analytics, with data anonymized wherever possible.

10. Cookie Management and Compliance

In compliance with GDPR and CCPA:

– Upon first visit, users are presented with a cookie consent banner allowing you to accept, reject, or customize cookie settings.
– You may withdraw or adjust your cookie preferences at any time via our Cookie Settings interface.
– Most browsers allow cookie control through settings; disabling certain cookies may impact site performance.

Do Not Track signals are honored where feasible in accordance with browser configurations.

11. Children’s Data

Our website and services are not intended for or directed at children under the age of 13. We do not knowingly collect or process personal data from anyone under 13 years of age. If you believe that a minor has provided us with information without parental consent, please contact us at [email protected], and we will promptly delete such data.

12. Policy Updates and User Notifications

We may update this Privacy Policy from time to time in response to evolving legal, technical, or business developments. Such changes will be prominently posted on merseywaterfront.com. Where appropriate, we may notify you of material changes via email or through site notifications.

13. Contact

For any questions, requests, or concerns regarding this Privacy Policy or how your data is handled, please contact:

Email: [email protected]

We are fully committed to maintaining your trust. For any privacy-related issue, please do not hesitate to get in touch.

Mersey Waterfront is dedicated to full compliance with GDPR, CCPA, and any other applicable data protection frameworks. Your privacy is our priority.