Privacy Policy
1. Introduction
At Georgia Echo (“we”, “our”, “us”), accessible via georgiaecho.com, we are fully committed to safeguarding your privacy and protecting your personal data. We understand that your trust is essential and we strive to be transparent about how we collect, use, and safeguard your information. Our privacy practices are designed to provide a high level of protection in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope and Data Controller
This Privacy Policy applies to individuals (“you”, “your”) who access, use, or engage with the georgiaecho.com website and our related services. Georgia Echo is the controller of the personal data collected through this website. As the data controller, we are responsible for determining the purposes and methods of processing your personal information.
3. Categories of Data Processed
We collect and process various categories of data depending on how you interact with georgiaecho.com. These categories include:
– Usage Data: information about how you use our website, including browser type, IP address, access times, pages viewed, referring URLs, and device identifiers.
– Account Data: information you provide during registration or purchase, including your name, email address, mailing address, and phone number.
– Profile Data: data relating to your preferences, purchase history, behavior on our website, and account settings.
– Communication Data: any correspondence you send to us, including contact forms, customer service messages, and support inquiries.
– Technical Data: information regarding the device and technology you use to access our services, such as operating system, screen resolution, and device model.
– Transaction Data: details about purchases, payments, shipping, invoices, and delivery confirmations.
– Preference Data: information you provide regarding marketing preferences, communication consents, and product interests.
4. Legal Bases for Processing
We process your personal data only when we have a valid legal basis to do so under the GDPR and analogous laws. The primary legal bases under which we process your data include:
– Contractual Necessity: To fulfill our obligations under a contract with you, such as delivering products or services.
– Legitimate Interests: To improve services, prevent fraud, ensure security, and analyze website traffic, provided such interests are not overridden by your rights.
– Consent: When you have explicitly agreed to the processing of certain types of data, particularly for marketing.
– Legal Obligations: To comply with applicable laws, regulatory obligations, or requests by public authorities.
5. Your Rights
Under applicable data protection regulations, you have several rights:
– Right of Access: You may request details about the personal data we hold about you.
– Right to Rectification: You have the right to request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal information where appropriate.
– Right to Restriction: You may request that we limit how your data is processed under certain circumstances.
– Right to Data Portability: You may request a copy of your data in a structured, commonly used format so you can transfer it to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of your personal data. Measures include, but are not limited to, encryption of sensitive data in transit and at rest, access controls based on least-privilege principles, secure data backups, regular security audits, and staff privacy training.
7. International Data Transfers
Some of your personal data may be processed outside your jurisdiction, including countries outside the European Economic Area (EEA) or the State of California. Where such transfers occur, we utilize appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or ensure adequacy decisions are in place. These measures are designed to ensure an equivalent level of data protection as provided by your own jurisdiction.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected:
– Usage Data: up to 24 months for analytics and performance improvement.
– Account and Profile Data: retained for the duration of your active user relationship and up to 6 years thereafter for compliance purposes.
– Transaction Data: retained for 7 years for financial and regulatory obligations.
– Communication Data: stored for 2 years to maintain service records.
– Preference Data: retained until you withdraw your consent or update your marketing preferences.
Data no longer needed will be securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance your browsing experience and collect information about site usage. The types of cookies we use include:
– Essential Cookies: Necessary for the operation and security of the site.
– Functional Cookies: Enable remembered settings and improve usability.
– Analytics Cookies: Help us understand how users interact with georgiaecho.com and measure site performance.
– Performance Cookies: Used to analyze and enhance site speed and responsiveness.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, we provide a cookie consent banner on first visit allowing you to accept, reject, or customize cookie settings. You may also modify or withdraw your consent at any time via the Cookie Settings section of our site. Additionally, you can configure your browser settings to block or delete cookies.
Under CCPA, California residents have the right to opt-out of the sale or sharing of personal data by using the “Do Not Sell or Share My Personal Information” feature, where applicable.
11. Children’s Data Protection
georgiaecho.com is not directed toward or intended for use by children under the age of 13. We do not knowingly collect or process personal data from individuals under this age. If we become aware that we have inadvertently collected personal data from a child, we will take prompt measures to delete that information from our records.
12. Policy Updates
Georgia Echo reserves the right to revise this Privacy Policy to reflect changes in technology, legal requirements, or our data processing practices. Where appropriate, we will notify users of significant changes to this Policy via georgiaecho.com or by direct communication, depending on your account settings and communication preferences.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
We are committed to resolving privacy-related concerns and ensuring full compliance with GDPR, CCPA, and other applicable data protection regulations.