Privacy Policy
1. Introduction
At St. Helena City (https://sthelenacity.com), we are committed to protecting the privacy, confidentiality, and rights of individuals in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Your trust is important to us, and we are dedicated to being transparent about how and why we collect, use, and protect your personal data. This Privacy Policy outlines our practices and your rights concerning your information when you engage with our website or services.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to our collection and processing of your personal data when you access or use https://sthelenacity.com and related services. For users located within the European Economic Area (EEA), the data controller responsible for the processing of your personal data is St. Helena City. We determine the purposes and means of processing your personal information.
3. Categories of Data Processed
We may collect, use, store, and transfer various categories of personal data as detailed below:
a. Usage Data
Includes information related to how you use our website and services, such as IP address, browser type, device identifiers, referring/exit pages, time stamps, session duration, and interaction with website content.
b. Account Data
Covers details you provide when registering or editing an account with us, such as your name, mailing address, email address, and telephone number.
c. Profile Data
Comprises your preferences, purchase history, behavioral patterns on sthelenacity.com, saved items, and other information inferred from your interactions with the site.
d. Communication Data
Encompasses help requests, messages sent via contact forms or email (including through [email protected]), customer service interactions, and communication logs.
e. Technical Data
Pertains to the technology and device you use to access our website, including operating system, device model, browser plug-in types, system settings, screen resolution, and mobile network information.
f. Transaction Data
Includes billing and payment information, order history, products purchased, delivery address, and transaction verification.
g. Preference Data
Relates to your selected marketing preferences, subscription settings, product interests, preferred categories, and participation in promotions.
4. Legal Bases for Processing
We process your personal data only when there is a valid legal ground to do so. These bases include:
– Consent: Where you have expressly agreed to the processing (e.g., subscribing to marketing).
– Performance of Contract: Where processing is necessary for the fulfillment of a purchase, service request, or other contractual obligation.
– Legal Obligation: Where processing is required by law or regulatory compliance.
– Legitimate Interests: Where processing is necessary for our lawful business interests, so long as those interests are not overridden by your rights and freedoms.
5. Your Rights
You have the following rights under GDPR and, where applicable, CCPA:
– Right of Access: Request a copy of your personal data held by us.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, with exceptions where retention is legally required.
– Right to Restriction: Request limitation on processing under certain circumstances.
– Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller.
– Right to Object: Object to data processing based on legitimate interest or for direct marketing purposes.
– Right to Non-Discrimination (CCPA): You shall not be discriminated against for exercising your data protection rights.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure a high level of security for your personal information. These include:
– End-to-end encryption of personal and transactional data.
– Regular access controls and staff role-based credentialing.
– Secure cloud backup routines.
– Confidentiality training for employees handling sensitive information.
– Ongoing security reviews and vulnerability protection mechanisms.
Despite these efforts, no system is completely foolproof. Users should also take care to protect their passwords and devices.
7. International Transfers
We may transfer your personal data outside your jurisdiction, including to countries that may not have equivalent data protection laws. Where such transfers occur, we utilize appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or other relevant measures to ensure data protection compliance.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Specific timeframes include:
– Account and profile data: Retained for the duration of your account’s existence and up to 1 year thereafter.
– Transaction data: Retained for up to 7 years for tax and accounting compliance.
– Communication data: Retained for up to 3 years post final contact or resolution.
– Technical and usage data: Retained for analytics purposes up to 24 months then anonymized where applicable.
– Preference and marketing data: Retained until you withdraw consent or opt-out.
9. Cookie Policy
We use cookies and similar technologies for the following purposes:
– Essential Cookies: Necessary for the core functionality of sthelenacity.com, including account login, session management, and transaction processing.
– Functional Cookies: Enable auxiliary features like remembering your region or preferences.
– Performance Cookies: Help us measure and improve website performance, load times, and navigation efficiency.
– Analytics Cookies: Allow us to gather aggregate data on user behavior and site interaction via third-party tools such as Google Analytics.
Cookies are only deployed with appropriate legal bases under GDPR and CCPA standards and are not used for unnecessary tracking without consent.
10. Cookie Management and Compliance
Upon your first visit to sthelenacity.com, you will be presented with a cookie banner allowing you to accept, decline, or customize your cookie preferences. You may also manage your preferences via your browser settings or revisit the cookie settings option available on our site. Consent is recorded and stored in compliance with relevant laws, and we honor “Do Not Sell or Share My Personal Information” requests as mandated by CCPA.
11. Special Protections for Children
St. Helena City does not knowingly collect or solicit personal data from children under the age of 13. If we learn that we have inadvertently collected such data, we will take swift action to delete it. If you believe we may have data from or about a child under 13, please contact [email protected].
12. Policy Updates & User Notifications
We reserve the right to update this Privacy Policy from time to time to reflect changes in legal requirements, our data practices, or site operations. Substantial changes will be communicated clearly via updates on sthelenacity.com or via email if applicable. Continued use of the site constitutes acceptance of such changes.
13. Contact Us
If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your personal data, please contact us at:
Email: [email protected]
We are committed to ensuring your privacy rights are respected and upheld at every level of engagement with sthelenacity.com.
This Privacy Policy is maintained in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data privacy laws. Please do not hesitate to reach out with any privacy-related inquiries.