Privacy Policy

Privacy Policy

1. Introduction

At St. Eugene’s Band (“we,” “us,” or “our”), accessible via steugenesband.com (the “Website”), we are fully committed to safeguarding the privacy and personal data of our Website visitors, users, customers, and communication partners (“you,” “your”). This Privacy Policy outlines our practices concerning the collection, use, and protection of personal data pursuant to applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Your trust matters to us, and we are dedicated to handling your personal information in a transparent, secure, and lawful manner.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all data collected through steugenesband.com and any related communications or transactions you may have with us. St. Eugene’s Band, as the data controller, determines the purposes and means of processing your personal data in accordance with applicable laws. For any privacy-related inquiries, please contact us at [email protected].

3. Categories of Data Processed

We collect and process various categories of personal data depending on your interaction with our Website and services. This may include:

a) Usage Data
Includes information such as browser type and version, IP address, time zone setting, operating system, referral source, length of visit, pages viewed, and Website navigation paths. This data helps us analyze use patterns and optimize site performance.

b) Account Data
Collected when you create an account or purchase products. Includes your full name, physical address, email address, and phone number.

c) Profile Data
May include preferences, interests, browsing behavior on steugenesband.com, purchased products, and other personal choices.

d) Communication Data
Includes the content of inquiries and messages you send us, email threads, technical support requests, and related correspondence.

e) Technical Data
May include device model, operating system, screen resolution, browser plug-ins, and system settings gathered to improve compatibility and security.

f) Transaction Data
Includes payment card details (processed securely through third-party payment providers), purchase history, billing data, and delivery information.

g) Preference Data
Covers your choices regarding email subscriptions, preferred products or services, marketing preferences, and opt-in consents.

4. Legal Bases for Processing

We rely on the following legal bases under GDPR and equivalent CCPA provisions to process your personal data:

– Contractual Necessity: For fulfilling purchases, managing accounts, and providing Website services.
– Legitimate Interests: For Website analytics, fraud prevention, service improvement, and direct marketing (unless overridden by your fundamental rights).
– Consent: Where legally required, particularly for marketing communications and non-essential cookies.
– Legal Obligation: Where processing is necessary to comply with applicable legal or regulatory requirements.

You may withdraw consent at any time where it is the legal basis for processing.

5. Your Rights

Under GDPR and CCPA, you are entitled to the following data subject rights, where applicable:

– Right of Access: Obtain confirmation whether we hold your data and access a copy upon request.
– Right of Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure (“Right to Be Forgotten”): Request the deletion of your personal data when there is no legal justification for retention.
– Right to Restriction: Restrict our processing in certain circumstances (e.g., pending verification of data accuracy).
– Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format for transfer to another controller.
– Right to Object: Object at any time to processing for direct marketing or based on legitimate interests.
– Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing.

You may exercise these rights by emailing us at [email protected]. We strive to respond to verifiable requests promptly and in compliance with statutory timeframes.

6. Security Measures

We apply stringent technical and organizational safeguards to preserve the confidentiality, integrity, and availability of your data. These include:

– End-to-end encryption of data-in-transit and at-rest.
– Access controls and role-based data restriction within our systems.
– Secure backups to prevent data loss.
– Staff training in data protection practices and responsible data handling.
– Regular audits and vulnerability assessments.

While no system is 100% secure, we continually assess and upgrade our security practices to mitigate risks.

7. International Transfers

Your personal data may be stored or processed in countries outside your jurisdiction, including the European Economic Area (EEA) or the United States. When transferring data internationally, we employ legal safeguards such as Standard Contractual Clauses approved by the European Commission, binding corporate rules, or reliance on adequacy decisions to ensure your data is afforded equivalent protection.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Retention periods include:

– Usage and Technical Data: 18 months after last use.
– Account and Profile Data: For the duration of your account and up to 7 years thereafter.
– Communication Data: Up to 3 years, or as needed for customer service continuity.
– Transaction Data: Retained for up to 7 years for financial and legal compliance.
– Preference Data: Stored until you withdraw consent or request deletion.

Data is securely deleted or anonymized upon expiration of the applicable retention period.

9. Cookie Policy

steugenesband.com uses cookies and similar technologies to enhance your experience, analyze traffic, and communicate relevant content. We categorize cookies as follows:

a) Essential Cookies
Necessary for core site functionality such as navigation, secure access, and shopping cart management.

b) Functional Cookies
Enable improved functionality and personalization such as remembering your preferences.

c) Analytics Cookies
Help us understand how visitors interact with the Website, including pages visited, sources of traffic, and conversion paths.

d) Performance Cookies
Used to monitor and improve speed, responsiveness, and interface consistency.

We do not use cookies to collect sensitive or personally identifiable data unless you have explicitly provided it.

10. Cookie Management and Compliance

In accordance with GDPR and CCPA, we obtain explicit consent for the use of non-essential cookies. You will be presented with a cookie notice upon visiting steugenesband.com, enabling you to accept, reject, or configure cookie preferences.

You can also adjust or revoke consent through your browser settings or cookie management tools at any time. Do Not Track (DNT) signals are honored to the extent required by applicable law.

11. Children’s Privacy

St. Eugene’s Band does not knowingly collect or process personal data of children under the age of 13. If we become aware that such data has been collected inadvertently, we will take immediate steps to delete the data. Parents or guardians who believe their child has provided information can reach us at [email protected] for prompt assistance.

12. Policy Updates & Notifications

We may amend this Privacy Policy from time to time to reflect changes in legal requirements, operations, or service enhancements. If significant changes are made, we will provide notice via email or prominently on steugenesband.com. Continued use of the Website after changes have been posted constitutes your acknowledgment of the updated policy.

13. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:

Email: [email protected]

We are committed to full compliance with applicable data protection laws and will respond appropriately to all inquiries regarding privacy practices. If you believe your rights under GDPR, CCPA, or similar frameworks have been infringed, you also have the right to lodge a complaint with a relevant supervisory authority.

Your privacy matters. For anything related to data protection or to exercise your rights, please reach out to us at [email protected] — we are here to help.