Privacy Policy for Tomat Ponty Park

Tomat Ponty Park (“we,” “us,” or “our”) is committed to protecting the privacy and personal data of our website users and visitors. This Privacy Policy outlines how we collect, use, store, and safeguard your personal information in accordance with applicable privacy laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We value transparency and accountability and strive to ensure the highest standards of data protection.

By accessing or using our website at tomatpontypark.com (“Website”), you acknowledge that you have read, understood, and agreed to the practices described herein.

1. Scope and Role of the Data Controller

This Privacy Policy applies to personal data processed by us in connection with your use of tomatpontypark.com, including data provided through forms, purchases, correspondence, and other interactions. For the purposes of the GDPR, we act as the Data Controller of the personal data collected and are responsible for determining the purposes and means of processing this data.

If you have any questions or requests regarding this policy or your data, you can contact us at: [email protected].

2. Categories of Personal Data We Process

We collect and process various categories of personal data in the following ways:

a. Usage Data
Includes information about how you use our Website, such as your IP address, browser type, operating system, device information, referral URL, time zone setting, clickstream data, session duration, pages viewed, and activity logs.

b. Account Data
Includes identifying information provided when you register or create an account, such as your full name, email address, phone number, billing and shipping addresses.

c. Profile Data
Includes your preferences, product selections, past purchases, interests, feedback, and survey responses.

d. Communication Data
Covers your interactions with us via support requests, contact forms, emails, or any customer service communications, including audio, transcripts, or written messages as applicable.

e. Technical Data
Encompasses device characteristics, browser plug-ins, screen resolution, language preferences, time stamps, and configuration metadata necessary for platform functionality.

f. Transaction Data
Includes information relating to purchases or services made through our Website, such as payment method, transaction amount, delivery details, and order history.

g. Preference Data
Includes your indicated choices regarding marketing, communication preferences, and product or content preferences.

3. Legal Bases for Processing

We process your personal data pursuant to the following lawful bases under the GDPR:

– Consent: Where you have explicitly consented to the processing of your data (e.g., subscribing to newsletters or accepting non-essential cookies).
– Contractual Necessity: To fulfill a contract with you or take requested steps prior to entering into a contract (e.g., processing orders, handling customer inquiries).
– Legitimate Interests: Where processing is necessary to support our business operations and your data protection rights are not overridden (e.g., analytics, service improvement).
– Legal Obligation: Where processing is required to comply with applicable laws or regulations.

For CCPA purposes, personal data is collected and processed as necessary for “business purposes” in accordance with California law.

4. Your Data Protection Rights

You have the following rights regarding your personal data, subject to applicable law:

– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: Under certain conditions, you may request deletion of your personal data.
– Right to Restriction: You may request temporary restriction of processing in certain circumstances.
– Right to Data Portability: You may receive your data in a structured, machine-readable format and transmit it to another provider.
– Right to Object: You may object to processing based on our legitimate interests or direct marketing.
– Right to Withdraw Consent: Where processing relies on your consent, you may withdraw it at any time.

To exercise any of the above rights, please contact us at [email protected]. We will respond in accordance with applicable legal requirements.

5. Security Measures

We implement appropriate technical and organizational security measures to protect personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include but are not limited to:

– Encryption of data in transit and at rest
– Role-based access control and secure authentication
– Regular system monitoring and patching
– Data backup and recovery protocols
– Staff training and internal data handling policies

6. International Data Transfers

Where data is transferred outside the European Economic Area or your region of residence, we ensure such transfers are made in compliance with applicable data protection laws. This may include implementing Standard Contractual Clauses approved by the European Commission, verifying adequacy decisions, or utilizing other lawful mechanisms.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, contractual, or regulatory obligations.

Retention guidelines by category include:

– Usage Data: Up to 12 months for analytics or security purposes
– Account and Profile Data: As long as your account is active and up to 6 years thereafter
– Communication and Support Data: Up to 3 years after case closure
– Transaction Data: 7 years, per accounting standards
– Marketing and Consent Data: Retained until you opt out or withdraw consent

Data retained beyond these periods may be anonymized or aggregated for research or statistical purposes.

8. Cookie Policy

Our Website uses cookies and similar tracking technologies to enhance user experience, provide functionality, and analyze performance.

Types of cookies include:

– Essential Cookies: Necessary for core functions like authentication, security, and service continuity.
– Functional Cookies: Remember your preferences and settings to improve usability.
– Performance/Analytics Cookies: Help us understand how users interact with the Website to improve services.
– Marketing Cookies: Used to deliver relevant advertisements and track campaign performance. These cookies require your explicit consent before activation.

9. Cookie Management & GDPR/CCPA Compliance

You may manage your cookie preferences at any time via the Website’s cookie consent manager or through your browser settings. You have the right to opt out of non-essential cookies under the GDPR and CCPA.

Do Not Track (DNT) signals are honored where technically feasible. Users residing in California may also exercise rights under the CCPA to opt out of the “sale” of personal information, although we do not sell personal data as defined by the CCPA.

10. Children’s Data Protection

Our Website is not directed to children under the age of 13, and we do not knowingly collect personal data from individuals in this age group. If we become aware that we have received personal data from a person under 13 without verified parental consent, we will take appropriate steps to delete such information.

11. Policy Amendments

We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page, and you are encouraged to review the Privacy Policy regularly for the most current version. Material updates may be communicated via email or other direct notification methods where feasible.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact us:

Email: [email protected]
Website: https://www.tomatpontypark.com

13. Compliance Assurance

Tomat Ponty Park is committed to upholding the rights of data subjects and to maintaining compliance with all applicable data protection laws. Please reach out at [email protected] if you believe your privacy rights have been infringed or if you require further clarification about this policy.