Privacy Policy
1. Introduction
At Rocking Horse Wine, accessible at rockinghorsewine.com, we are steadfast in our commitment to protecting and preserving the privacy of all our users. We respect your personal data and are resolute in handling it transparently and securely in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation. This Privacy Policy outlines how we process personal data collected through our website and connected services.
2. Scope of This Policy & Role of Data Controller
This Privacy Policy applies to all personal data collected through rockinghorsewine.com or through your interactions with us via email, phone, or other channels. Rocking Horse Wine serves as the “data controller” with respect to personal data processed under this policy, meaning we determine the purposes and means of processing your data.
If you have questions or concerns regarding this policy or our handling of your data, please contact us at: [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
– Usage Data: Includes information about how you use our website, such as IP address, browser type, referral source, time zone setting, session durations, and interactions with site elements.
– Account Data: Personal identifiers including your full name, billing/shipping address, email address, and telephone number provided during account registration or purchase processes.
– Profile Data: Includes your purchase history, preferences, product selections, reviews, wishlists, and behavioral patterns on our website.
– Communication Data: Encompasses correspondence you send to us, including support requests, inquiries, feedback, and any related contact history.
– Technical Data: Information related to the devices and systems you use to access our website, such as operating system, device type, screen resolution, and language settings.
– Transaction Data: Details regarding your purchases from us, including payment card information (processed securely via payment providers), delivery details, and order history.
– Preference Data: Includes your consents, opt-ins/opt-outs for marketing communications, product interest categories, and user experience choices.
4. Legal Bases for Processing
We rely on the following legal bases under GDPR and equivalent standards for data processing:
– Consent — For marketing emails, cookies, and certain data collection where we request your explicit consent.
– Contractual Necessity — To fulfill orders, deliver goods, and manage accounts as part of contractual obligations.
– Legitimate Interests — For analytical purposes, website enhancement, fraud prevention, and responding to user inquiries, provided such interests are not overridden by your rights.
– Legal Compliance — Where processing is necessary for compliance with applicable legal obligations, including financial reporting and legal enforcement.
5. Your Rights
Under GDPR, CCPA, and other applicable laws, you may exercise the following rights:
– Right to Access — You have the right to request a copy of the personal data we hold about you.
– Right to Rectification — You may request correction of inaccurate or incomplete personal data.
– Right to Erasure — You have the right to request deletion of your personal data under certain conditions.
– Right to Restriction — You may ask us to restrict processing of your personal data in limited circumstances.
– Right to Data Portability — You may request your personal data be transmitted to you or another organization.
– Right to Object — You may object to processing carried out on the basis of legitimate interests or direct marketing.
– Right to Opt-out of Sale (for CCPA) — If you are a California resident, you have the right to opt-out of the sale of your personal data.
To exercise any of these rights, contact us at [email protected]. We may require verification of your identity before fulfilling such requests.
6. Security Measures
We have implemented comprehensive technical and organizational measures to protect your personal data. These include:
– Encryption of data in transit and at rest
– Secure access protocols and strict access controls
– Regular system monitoring and penetration testing
– Scheduled backups and data integrity protocols
– Employee privacy training and data minimization practices
While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure.
7. International Transfers
Your data may be transferred to, and processed in, countries outside of your country of residence, including jurisdictions that may not offer the same level of data protection. Where required, we use Standard Contractual Clauses or rely on equivalent safeguards recognized under GDPR to ensure these transfers are lawful and secure. We comply with applicable cross-border data transfer regulations.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or to comply with statutory or regulatory obligations. Our retention periods are as follows:
– Usage, Technical & Communication Data: Up to 24 months
– Account, Profile & Transaction Data: Up to 7 years after last interaction (for legal, tax, and audit purposes)
– Preference Data: As long as you remain subscribed or until preferences are updated
– Cookie Data: As defined in our Cookie Policy
We regularly review our data retention practices and securely delete or anonymize data when it is no longer necessary.
9. Cookie Policy
We use cookies and similar technologies that enable us to enhance user experiences, provide functionality, and analyze website traffic. Cookies fall into the following categories:
– Essential Cookies — Necessary to operate the website and allow access to secure areas.
– Functional Cookies — Enable basic personalization and recall user preferences/settings.
– Analytics Cookies — Collect data on user behaviors to improve the performance and content of rockinghorsewine.com.
– Performance Cookies — Assess website speed and usability during your sessions.
You can find more information about the cookies we use and their purposes in our full Cookie Policy, available via our website.
10. Cookie Management & Legal Compliance
You can manage cookie preferences upon first entry and via persistent settings on our website. Consent is obtained in accordance with GDPR requirements for non-essential cookies, and opt-out mechanisms are honored per CCPA. Depending on your browser settings, you may also delete or block cookies entirely; however, this may impact website functionality.
We support the use of Do Not Track (DNT) controls and respect opt-out requests where feasible.
11. Children’s Privacy
Our services are not directed toward, nor do we knowingly collect data from, children under the age of 13. If we become aware that we have collected personal information from a child without verifiable parental consent, we will promptly delete that information. If you believe we may have collected data from a minor without appropriate authorization, please contact us at [email protected].
12. Policy Updates
We reserve the right to modify this Privacy Policy at any time. Material changes will be prominently communicated through our website and, where feasible, through direct notices to affected individuals. We encourage users to regularly review this policy to remain informed of how we are protecting your data.
13. Contact Us
If you have any questions about this Privacy Policy, or if you wish to exercise your privacy rights or raise a concern, please contact us via:
Email: [email protected]
We are committed to maintaining compliance with all relevant privacy law obligations and handling all inquiries in a professional and timely manner.