Privacy Policy - Wanderscroll

At WanderScroll (“we,” “us,” or “our”), accessible via wanderscroll.com (the “Site”), we are committed to protecting and respecting your privacy. This Privacy Policy outlines our procedures regarding the collection, use, and disclosure of your personal data and your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

1. Our Commitment to Privacy and Data Protection

Your privacy is of utmost importance to us. We process your personal data lawfully, fairly, and transparently. We adhere to data minimization principles, limit usage to the stated purposes, and continuously implement safeguards to protect your information against unauthorized access and misuse.

2. Scope of This Policy and Data Controller Responsibility

This Privacy Policy applies to personal data we collect via wanderscroll.com and in connection with our services. WanderScroll is the data controller with respect to your personal information, meaning we determine the purposes and means of processing personal data. For questions or concerns, you may contact us at [email protected].

3. Categories of Data We Process

We collect and process various categories of personal data, as outlined below:

a. Usage Data: Information about how you use the Site, such as IP address, browser type, operating system, geographic location, referring URLs, page views, session duration, and interactions with the site.

b. Account Data: Information you provide when you register or update an account, including your full name, mailing address, email address, and phone number.

c. Profile Data: Preferences, purchase history, and behavioral data related to your interactions with the Site and services offered, such as saved destinations and favorite content.

d. Communication Data: Records of your communications with us, such as support requests, inquiries, complaint submissions, and general feedback.

e. Technical Data: Device specifications, operating system details, browser and language settings, IP address, and system configurations used to interact with our platform.

f. Transaction Data: Data regarding purchases and deliveries, including billing and shipping addresses, payment method, and transaction history.

g. Preference Data: Marketing preferences, communication consents, and stated interests in products or services.

4. Legal Bases for Processing Your Data

We process personal data based on one or more of the following grounds:

– Consent: Where required, we ask for your explicit consent to process your data for specific purposes such as email marketing or cookie tracking.
– Contractual Necessity: We process your data to fulfill obligations under a contract, including account registration, order fulfillment, or customer support.
– Legal Obligation: To comply with legal or regulatory duties, for example providing transaction data to tax authorities.
– Legitimate Interests: For purposes such as analytics, fraud prevention, network security, or enhancing user experience, where such interests are not overridden by your rights.

5. Your Rights Under GDPR and CCPA

Subject to legal conditions and limitations, you have the following rights with respect to your personal data:

– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data when no longer necessary.
– Right to Restriction: Ask us to limit the processing of your personal data.
– Right to Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right to Non-Discrimination (for California Residents): You will not be discriminated against for exercising any of your CCPA rights.

To exercise your rights, please contact us at [email protected]. We may verify your identity before responding to requests.

6. Security Measures

We implement technical and organizational security measures appropriate to the risks involved in data processing. These measures include:

– End-to-end encryption of data in transit and at rest.
– Role-based access controls and authentication.
– Regular security reviews, audits, and vulnerability assessments.
– Secure system configuration practices and continual system monitoring.
– Staff training on data protection principles and incident response.

7. International Data Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

– Standard Contractual Clauses approved by the European Commission.
– Compliance with applicable regional data protection laws, including UK and Swiss equivalents where applicable.
– Partnerships with vendors that offer adequate levels of data protection.

8. Data Retention

We retain personal data no longer than necessary for the purposes for which it was collected or to meet legal, contractual, operational, or audit requirements. Specific retention periods include:

– Account and Profile Data: Retained while your account remains active and for up to 24 months after closure.
– Transaction Data: Retained for up to 7 years for financial compliance.
– Communication Data: Retained for 36 months post-interaction.
– Technical and Usage Data: Aggregated and anonymized after 12 months.
– Preference Data: Retained based on the duration of consent or until unsubscribed.

9. Cookie Policy

We use cookies and similar technologies to collect certain data automatically. Cookies serve various purposes:

– Essential Cookies: Required for basic site functionality, such as navigation and access to secure areas.
– Functional Cookies: Remember choices you make (e.g., language preference) to enhance user experience.
– Analytics Cookies: Collect anonymized information on how users interact with the site to improve functionality and performance.
– Performance Cookies: Track website performance metrics and user flows to optimize responsiveness and scalability.

10. Cookie Management and Compliance

By using wanderscroll.com, you consent to the placement of cookies unless you disable them via browser settings or our cookie banner tool. Where required by law, we will request your consent before placing non-essential cookies on your device.

Users have the option to:
– Adjust browser settings to refuse or delete cookies.
– Use our on-site cookie management tool to modify preferences.
– Withdraw previously given consent at any time via available mechanisms.

We honor “Do Not Track” signals and comply with applicable opt-out rights under the CCPA.

11. Children’s Privacy

We do not knowingly collect personal data from children under 13 years of age. If we discover that we have inadvertently processed a child’s data, we will immediately delete it. Parents or legal guardians who believe their child has provided information to us are encouraged to contact us at [email protected].

12. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be communicated in a transparent manner, such as a banner notification or user prompt on the Site.

13. Contact Us

For inquiries, requests, or concerns related to this Privacy Policy or your personal data, please contact our Privacy Lead at:

Email: [email protected]

Postal correspondence is available upon request.

We are committed to ensuring our data protection practices remain consistent with the highest standards and fully compliant with applicable laws and regulations. Please reach out to [email protected] for any privacy-related concerns or requests.