Privacy Policy for NutmegHigh.com
1. Introduction
At Nutmeg High (“we”, “us”, or “our”), accessible via nutmeghigh.com, we are committed to ensuring the privacy, protection, and transparency of the personal data of our users, customers, and visitors (“you” or “your”). We value your trust and are dedicated to safeguarding your personal information in compliance with all applicable laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
This Privacy Policy outlines how we collect, use, disclose, and protect your personal data, and informs you about your rights regarding that information. We adopt a privacy-first approach in every aspect of our data handling practices.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected and processed through our website located at nutmeghigh.com and any related services operated or provided by us.
For the purposes of the GDPR, Nutmeg High is the data controller responsible for your personal data. As a data controller, we determine how and why we process your personal information. For users based in California, this policy also serves to provide all required disclosures consistent with the CCPA.
3. Categories of Data Processed
We collect and process the following categories of personal data:
a. Usage Data
Includes technical information about how you interact with our website, such as your browser type, IP address, referral source, pages visited, time spent on our site, and session identifiers.
b. Account Data
Includes personal identifiers you provide when creating an account on nutmeghigh.com, such as full name, residential or billing address, email address, and phone number.
c. Profile Data
Includes your preferences, purchase history, browsing behavior, and interaction with products or services.
d. Communication Data
Includes the information you provide when contacting us, including support inquiries, email correspondences and communication logs.
e. Technical Data
Includes device-specific information such as hardware model, operating system type and version, browser details, and configuration preferences.
f. Transaction Data
Includes payment details, order history, delivery addresses, billing information, and transaction timestamps.
g. Preference Data
Includes your choices regarding marketing and promotional communications, consent settings, interests in specific products or categories.
4. Legal Bases for Processing
We rely on the following legal bases under the GDPR and other applicable laws to process your personal data:
– Performance of a contract: To fulfill obligations arising from any agreement between you and us (e.g., fulfilling orders, providing services).
– Legitimate interests: For our business purposes, including analytics, fraud prevention, security, direct marketing (within lawful boundaries), and improving user experience—provided such interests do not override your fundamental rights.
– Consent: When you give us permission to process your data, such as by opting in to receive marketing or accepting the use of non-essential cookies.
– Compliance with legal obligations: When necessary to comply with legal and regulatory requirements.
5. Your Rights
Under the GDPR, CCPA, and other applicable privacy laws, you may exercise the following rights:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
– Right to Erasure (Right to be Forgotten): You may request that we delete your personal data under certain conditions.
– Right to Restrict Processing: You may ask us to suspend processing when you contest the accuracy or purpose of processing.
– Right to Data Portability: When applicable, you are entitled to obtain a portable copy of your personal data in a structured format.
– Right to Opt-Out (CCPA): California residents may opt out of the sale or sharing of personal information.
To exercise any of these rights, you may contact our Privacy Team at [email protected]. We will respond promptly and lawfully to all valid requests.
6. Security Measures
We implement a robust combination of technical, administrative, and organizational safeguards to protect your personal data, including:
– End-to-end encryption for sensitive data transmissions
– Role-based access controls and secure authentication protocols
– Regular backups and data recovery systems
– Security audits, risk assessments, and personnel training to ensure data protection awareness across our teams
7. International Transfers
As a company operating globally, your personal data may be transferred to, stored, or processed in jurisdictions outside your home country, including the United States. Whenever we transfer data internationally, we do so using legally approved mechanisms such as Standard Contractual Clauses as provided under the GDPR, and we ensure equivalent levels of protection are maintained.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including for the following durations:
– Account and Profile Data: Retained as long as your account remains active or as required by applicable law or operational necessity.
– Communication and Support Data: Retained for up to 2 years following your last interaction with us.
– Transaction Data: Retained for a minimum of 7 years for tax and legal compliance.
– Usage and Technical Data: Retained for analytical and performance purposes, typically no more than 2 years.
– Preference and Marketing Data: Retained until consent is withdrawn or subject to periodic review.
9. Cookie Policy
We use cookies and similar tracking technologies on nutmeghigh.com to enhance user experience, enable core functionality, and gather analytics. Cookies fall into the following categories:
– Essential Cookies: Required for basic services such as login and navigation.
– Functional Cookies: Facilitate features like language preferences and saved settings.
– Analytics Cookies: Help us understand website usage and improve performance metrics.
– Performance Cookies: Enable us to test new features and optimize speed or responsiveness.
10. Cookie Management and Compliance
We provide a cookie consent banner when you first visit nutmeghigh.com, offering clear choices in line with GDPR and CCPA rules. You can adjust cookie preferences anytime by accessing cookie settings through your browser or the settings link on our website.
California residents may exercise additional rights concerning the use of cookies that qualify as “selling” or “sharing” of data under the CCPA. For more details or to submit a request, please email [email protected].
11. Special Protections for Children
Nutmeg High does not knowingly collect personal data from children under the age of 13 without verifiable parental consent. If we become aware that a child has submitted data without such consent, we will take steps to promptly delete the information. Parents or guardians who believe their child has submitted information may contact us at [email protected].
12. Policy Updates & User Notifications
We reserve the right to revise or update this Privacy Policy to reflect changes in our practices, legal obligations, or technological advancements. Any material changes will be communicated to users via prominent notices on nutmeghigh.com and, where required, via email. We encourage you to periodically review this Policy to remain informed.
13. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact our data protection team via:
Email: [email protected]
We are committed to full compliance with privacy regulations and aim to resolve all inquiries in a fair, timely, and transparent manner.
This Privacy Policy ensures that nutmeghigh.com complies with applicable data protection laws and reflects our commitment to safeguard your personal information. Please do not hesitate to contact us if you have any privacy-related concerns.