Privacy Policy
1. Introduction
At John Elliott & Co. (“we,” “our,” or “us”), accessible at johnelliottco.com, we are deeply committed to protecting your privacy and handling your personal data in a transparent, secure, and lawful manner. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information in compliance with global data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We prioritize your privacy rights and employ industry-standard practices to ensure the protection of your data.
2. Scope of This Policy and Data Controller Identity
This Privacy Policy applies to all visitors, users, and others who access and use services offered through johnelliottco.com. We act as the “Data Controller” with respect to any personal data collected through the website, meaning that we determine the purposes and means of processing your personal data. By accessing or using our website, you acknowledge that you have read and understood this Privacy Policy.
For data subjects in the European Economic Area (EEA), our obligations under the GDPR apply. For California residents, the provisions of the CCPA apply as discussed herein.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal information:
a. Usage Data
Includes information such as browser type, IP address, time zone settings, pages viewed, referring URLs, duration of sessions, and website navigation paths. This data is collected through server logs and cookies when you interact with johnelliottco.com.
b. Account Data
Includes your name, billing and shipping address, email address, telephone number, and login credentials when you register for an account or make purchases.
c. Profile Data
Includes your purchase history, product preferences, saved items, wishlist contents, behavior on johnelliottco.com, and feedback or survey responses.
d. Communication Data
Includes details from your correspondence with us, customer support interactions, submitted inquiries, and communication preferences.
e. Technical Data
Includes your device type, operating system, internet connection, hardware model, unique device identifiers, browser plug-ins, and system diagnostics.
f. Transaction Data
Includes order details, payment information (excluding full card numbers, which are handled by third-party payment processors using secure methods), shipping details, and delivery history.
g. Preference Data
Includes your marketing and communication consents, preferred product categories, contact method preferences, and opt-in status for newsletters and promotions.
4. Legal Bases for Processing Personal Data
We process your personal data under applicable data protection laws based on the following legal grounds:
– Performance of a Contract: When necessary to fulfill purchase orders, manage your account, or provide requested services.
– Legitimate Interests: To improve our website, respond to inquiries, protect our legal rights, and prevent fraud.
– Consent: For sending marketing communications, managing cookies beyond what is strictly necessary, and collecting sensitive information where applicable.
– Legal Obligation: When required to comply with applicable law, regulatory requests, or legal processes.
5. Your Rights
Subject to certain legal exceptions, you may exercise the following rights with respect to your personal information:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You are entitled to have inaccurate or incomplete personal data corrected.
– Right to Erasure: You may request deletion of your personal data, subject to legal or contractual obligations.
– Right to Restriction: You may ask us to restrict the processing of your data under certain circumstances.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format and to transfer that data to another controller.
If you are a California resident, you also have the rights to:
– Know what personal information is collected, disclosed, or sold.
– Opt-out of the sale of personal data (note: we do not sell personal data).
– Non-discrimination for exercising your privacy rights.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement technical and organizational safeguards designed to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include, but are not limited to:
– SSL encryption during data transmission
– Access controls and authentication
– Firewall and intrusion detection systems
– Employee training on data protection responsibilities
– Regular security assessments and system monitoring
– Secure storage and regular data backups
While we take reasonable steps to protect personal information, no method of electronic transmission or storage is entirely secure. Users provide data at their own risk.
7. International Data Transfers
Your personal data may be transferred to and processed in countries outside your jurisdiction, including regions where data protection laws may be less stringent than those in your country. When transferring your personal data internationally, we ensure an adequate level of protection is maintained through:
– Standard Contractual Clauses approved by the European Commission
– Binding corporate rules (where applicable)
– Confirmation of adequacy decisions by governing authorities
We take all steps necessary to ensure that data transferred to our service providers or affiliates in other jurisdictions are treated securely and in accordance with this Policy.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including to meet legal, security, or operational retention requirements:
– User account data: Retained for the duration of the account and for up to 6 years thereafter to comply with tax and accounting laws.
– Transaction data: Retained for at least 7 years for record-keeping and fraud prevention.
– Communication data: Retained for up to 24 months to provide support and verify interactions.
– Marketing and preference data: Retained until you withdraw consent or object to further processing.
– Technical and usage data: Typically retained for up to 12 months for performance analysis and system integrity.
9. Cookie Policy
Cookies are small text files used to collect and store information about your interactions with our website. We use cookies for the following purposes:
– Essential Cookies: Required for operating basic website features such as shopping cart functionality and secure login.
– Functional Cookies: Enable enhanced features like saved preferences, region selection, and personalized content.
– Analytics Cookies: Collect data on user behavior, page performance, and navigation patterns to improve site usability. These may be administered by third-party tools such as Google Analytics.
– Performance and Optimization Cookies: Help monitor site speed, detect errors, and enhance responsiveness.
You may control and delete cookies via your browser settings. Refusing cookies may affect some features’ functionality.
10. Cookie Management and Legal Compliance
We comply with GDPR and CCPA requirements for cookie usage:
– Visitors from EEA jurisdictions are presented with a clear cookie consent banner.
– Only essential cookies load prior to obtaining consent.
– You may withdraw or change cookie preferences at any time through the cookie settings tool available on johnelliottco.com.
– Users can also restrict or delete cookies through individual browser configurations.
Under the CCPA, California users can request to know what information has been collected via cookies and can opt-out of the sale of personal data (note: we do not sell cookies or tracking data to third parties).
11. Protection of Children’s Privacy
johnelliottco.com is not intended for children under the age of 13. We do not knowingly collect or process personal data from anyone under 13 years of age. If we become aware that we have collected personal information from a child under 13 without verified parental consent, we will promptly delete such data. If you believe a child under your care has provided us with personal data, please contact us at [email protected].
12. Updates to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, legal obligations, or technological advancements. Any material changes will be communicated clearly via our website interface or via email, where appropriate. Continued use of johnelliottco.com following such changes constitutes your acknowledgment of the updated Policy.
13. Contact Information
If you have any questions, requests, or concerns related to this Privacy Policy or your personal data, please contact our Privacy Officer at:
Email: [email protected]
Website: https://johnelliottco.com
—
This Privacy Policy represents our commitment to data protection and compliance with global privacy regulations including GDPR and CCPA. We encourage you to reach out to us at any time with questions regarding data processing or to exercise your legal rights.