Privacy Policy
1. Introduction
At Grange Lane (“we,” “us,” or “our”), accessible via grangelane.com, we are deeply committed to respecting and safeguarding your privacy. We understand the importance of protecting the personal data of our users and customers, and we handle all personal information responsibly and in accordance with applicable privacy legislation, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy describes how we collect, use, store, share, and protect your personal data, and the rights you have in relation to your information.
2. Scope of This Policy and Data Controller Role
This policy applies to all personal data collected through our website, grangelane.com, and any associated services, features, or applications. For purposes of GDPR and other applicable data protection laws, the data controller responsible for your personal data is Grange Lane. If you have any questions about how your data is used, please contact us at [email protected].
3. Categories of Data We Process
We may collect, use, store, and transfer various categories of personal data as outlined below:
– Usage Data: Includes data about how you interact with our website, such as your IP address, browser type and version, time zone setting, location data, access times, and referring URLs.
– Account Data: Includes personal identifiers such as your full name, postal address, email address, and phone number that you provide when creating an account or completing forms.
– Profile Data: Includes details about your preferences, past purchases, browsing behaviors, and any profiling data derived through analytics or personalization technologies.
– Communication Data: Includes records of correspondence with you, anything you submit via contact or support forms, live chat transcripts, and customer service communications.
– Technical Data: Includes information about the devices you use to access grangelane.com, such as hardware model, operating system, browser plug-in types, screen resolution, and mobile device identifiers.
– Transaction Data: Includes payment and delivery details, order history, billing addresses, and other relevant information necessary to complete purchases and deliver products or services.
– Preference Data: Includes your choices in receiving marketing communications from us and your interests in particular products, services, or areas of the website.
4. Legal Bases for Processing Personal Data
We process your personal data only when permitted by law and in accordance with the GDPR. Legal bases for processing your data include:
– Consent: Where you have provided explicit consent for a specific purpose, such as receiving newsletters or marketing emails.
– Contract: Where processing is necessary to enter into, or perform, a contract with you.
– Legal Obligation: Where we are required to process your data to comply with applicable laws and regulatory requirements.
– Legitimate Interests: Where we have a legitimate interest that is not overridden by your privacy rights, such as improving site functionality or facilitating customer service.
5. Your Data Protection Rights
In accordance with applicable laws, you may have the right to:
– Access: Request access to your personal data and obtain a copy of the data we hold about you.
– Rectification: Request correction of any inaccurate or incomplete personal data.
– Erasure: Request that we delete your personal data, under certain circumstances (“right to be forgotten”).
– Restriction: Request limits on how we process your data where the accuracy or legality of our use is contested.
– Portability: Request that personal data you provided to us is transmitted to another organization in a structured, commonly used, and machine-readable format.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before fulfilling a request.
6. Security Measures
We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:
– End-to-end encryption for data in transit and at rest.
– Strict access controls and periodic audits of access logs.
– Regular data backups and secure server hosting.
– Employee training on data privacy and information security protocols.
While we take reasonable steps to secure your information, absolute security cannot be guaranteed. If you suspect unauthorized access to your data, please notify us immediately.
7. International Data Transfers
Your personal data may be stored and processed in countries outside your residence, including where data protection levels may differ. Where applicable, we implement safeguards to ensure international transfers comply with GDPR requirements, including the use of Standard Contractual Clauses and supplementary security measures.
8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required under applicable laws. The retention periods for different categories of data are as follows:
– Usage and Technical Data: 18 months
– Account and Profile Data: Retained for the duration of the account’s existence and up to 6 years thereafter
– Communication Data: 3 years, unless part of legal proceedings or disputes
– Transaction Data: 7 years for tax and audit purposes
– Preference and Marketing Data: Until consent is withdrawn or 2 years after last interaction
When personal data is no longer required, it is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies on grangelane.com to collect and process Usage, Technical, and Preference Data. Cookies are categorized as follows:
– Essential Cookies: Necessary for the operation of the website (e.g., login and security functions).
– Functional Cookies: Allow enhanced functionality and personalization, such as remembering login credentials or preferences.
– Analytics Cookies: Help us understand user behavior on the site using aggregated, anonymous statistics (e.g., Google Analytics).
– Performance Cookies: Gather data on system performance and user interactions to improve future experiences.
For more details on the specific cookies we use, please refer to our Cookie Notice available through the site’s footer.
10. Cookie Management and GDPR/CCPA Compliance
Users are provided with a cookie banner on first visit, allowing them to accept or reject non-essential cookies in compliance with GDPR and CCPA. Preferences may be updated at any time through our cookie settings interface. California residents may also opt-out of the “sale” or “sharing” of personal data through a clearly marked “Do Not Sell or Share My Personal Information” link available on the home page.
11. Children’s Privacy
Our services are not intended for, and we do not knowingly collect personal data from, individuals under the age of 13. If we become aware that a child under 13 has provided us with personal data, we will delete such data. Parents or guardians who believe that their child has submitted personal data to us should contact us immediately at [email protected].
12. Policy Updates
We reserve the right to modify or update this Privacy Policy as necessary to reflect legal, technological, or operational changes. Users are encouraged to review the policy periodically for updates. Material changes will be communicated via suitable channels, such as on-site notices or email notifications, where required by law.
13. Contact Information
If you have any questions, comments, or concerns regarding this Privacy Policy or our data practices, you may contact us using the following details:
Email: [email protected]
We are committed to fully complying with data protection laws, including GDPR and CCPA. Your privacy is our priority, and we welcome your inquiries at any time.