Privacy Policy
1. Introduction
At Nutmeg High (nutmeghigh.com), we are firmly committed to protecting and respecting your privacy. This Privacy Policy sets out how we collect, use, disclose, and safeguard your personal data when you engage with our website, services, and communications. We are dedicated to processing personal data in a transparent, lawful, and secure manner, in line with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection legislation.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and others who access the website nutmeghigh.com (the “Site”) or utilize our services. Nutmeg High, as the data controller, is responsible for determining the purposes and means of processing your personal data. Any data processing activities we engage in as a provider are done in accordance with applicable privacy laws.
3. Categories of Data Processed
We collect and process various categories of personal data about you, depending on your interaction with our website and services:
A. Usage Data
This includes information such as browser type and version, operating system, referring website, pages visited, date/time stamps, time spent on pages, IP address, and other diagnostic data.
B. Account Data
When you create an account or register for our services, we collect information such as your full name, mailing address, email address, and phone number.
C. Profile Data
This encompasses data relating to your preferences, purchasing history, interests, and behavioral patterns on our Site.
D. Communication Data
We process data contained in or relating to any communications that you send to us, including customer support inquiries and correspondence history.
E. Technical Data
Information about your device, browser settings, hardware model, and system configurations, including unique device identifiers and network information, may be collected to ensure proper site functionality.
F. Transaction Data
We collect and maintain records of financial transactions made through our Site, including billing address, payment card details, transaction amounts, and delivery information.
G. Preference Data
This includes express consents for marketing purposes, newsletter subscriptions, and stated product or service preferences.
4. Legal Bases for Processing
We process personal data according to one or more of the following legal bases:
– Contractual Necessity: Where processing is required to fulfill a contract with you, such as account management or delivery of services.
– Consent: Where you have expressly consented to processing, such as subscribing to newsletters or consenting to the use of non-essential cookies.
– Legitimate Interests: Where necessary for our legitimate interests or those of a third party, provided that your fundamental rights are not overridden (e.g., usage analytics, fraud prevention).
– Compliance with Legal Obligations: Where processing is required to comply with legal or regulatory duties.
5. Your Rights
Under applicable privacy laws, you may have the following rights in relation to your personal data:
– Right of Access: To request confirmation as to whether your personal data is processed and access copies of such data.
– Right to Rectification: To request correction of inaccurate or incomplete personal data we may hold about you.
– Right to Erasure: To request deletion of your personal data, subject to legal or contractual obligations to retain it.
– Right to Restriction: To request that we limit processing under specified conditions.
– Right to Data Portability: To obtain and reuse your personal data in a structured, commonly used, and machine-readable format.
To exercise any of these rights, please contact us at: [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:
– Encryption protocols
– Role-based access controls
– Regular system audits and backups
– Staff privacy and data protection training
While we take robust precautions, no system can guarantee complete security. We encourage users to take appropriate measures to safeguard their personal information.
7. International Transfers
Where we transfer personal data outside of the UK, European Economic Area (EEA), or other jurisdictions with similar laws, we do so using appropriate safeguards. This may include the use of Standard Contractual Clauses approved by the European Commission or other regulatory mechanisms, ensuring equivalent protection of your personal data irrespective of location.
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this Privacy Policy—typically:
– Usage Data: up to 12 months
– Account and Profile Data: while your account remains active, and thereafter as required for legal compliance
– Transaction Data: for 6 years or as required by financial regulation
– Communication Data: for up to 3 years following the last correspondence
– Preference Data: until withdrawn or preferences are updated
Upon expiration of the relevant periods, data is securely deleted or anonymized, unless retention is legally required.
9. Cookie Policy
We use cookies and similar tracking technologies on nutmeghigh.com to enhance your browsing experience and analyze site usage. Cookies are categorized as follows:
– Essential Cookies: Required for core functionality such as navigation and account access.
– Functional Cookies: Enable personalized features and remember your settings.
– Analytical Cookies: Allow us to understand how users interact with our Site and improve performance.
– Performance Cookies: Optimize the load time and efficiency of our Site.
10. Cookie Management and Compliance
Before placing any non-essential cookies on your device, we request your explicit consent in accordance with GDPR requirements. You have the option to manage your cookie preferences through our Cookie Settings panel or by configuring your browser to reject non-essential cookies.
Under the CCPA, California residents can opt out of the sale or sharing of their personal data collected via cookies via our Do Not Sell or Share My Personal Information link. We honor Global Privacy Control (GPC) signals where applicable.
11. Special Protections for Children
Nutmeg High does not knowingly collect or solicit personal data from individuals under the age of 13. If you are under 13, please do not provide any personal data through our Site. If we learn that we have unintentionally collected such data, we will take prompt action to delete it. Parents or guardians who believe we may have processed data from or about a child under 13 may contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to revise and update this Privacy Policy from time to time to reflect changes in applicable law, technologies, or our data practices. Where material changes occur, we will notify users by appropriate means, which may include notice on our Site or email communication. You are encouraged to review this Policy regularly to stay informed about how we protect your data.
13. Contact
If you have any questions about this Privacy Policy or your personal data, or if you wish to exercise any of your legal rights, please contact us at:
Enquiries Team
Nutmeg High
Email: [email protected]
We are committed to upholding the highest standards of privacy and regulatory compliance. Thank you for trusting Nutmeg High with your personal information.