PRIVACY POLICY
1. INTRODUCTION
At BSA Grace (“we,” “us,” or “our”), accessible at bsagrace.com, we are committed to safeguarding your personal data and upholding your rights to privacy. This Privacy Policy reflects our unwavering commitment to data protection, transparency, and lawful information management. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”), and applicable data protection laws.
We recognize the importance of trust and accountability when handling your personal information. Whether you are browsing our website, creating an account, or interacting with our services in any capacity, your privacy is a priority.
2. SCOPE OF THIS POLICY & DATA CONTROLLER
This Privacy Policy applies to all personal data collected through our website, bsagrace.com, and any related activities, services, and support communications.
For purposes of applicable data protection laws, including the GDPR, BSA Grace is the “Data Controller”. This means we determine the purposes and means of processing your personal data. If you have any privacy-related inquiries, please contact us at [email protected].
3. CATEGORIES OF PERSONAL DATA WE PROCESS
We only collect data that is necessary for the functioning of our services, customer interactions, and legal obligations. The categories of data we process include the following:
3.1. Usage Data
Includes automatically collected data such as your browser type, IP address, geographic location, referring websites, session duration, and pages viewed. This data helps us improve platform performance and security.
3.2. Account Data
Includes user-provided details such as your full name, mailing address, email address, telephone number, and account credentials. This data is required for account creation and maintenance.
3.3. Profile Data
Includes user-generated preferences, product interests, browsing behavior, and purchase history. This helps us deliver personalized content and recommendations.
3.4. Communication Data
Encompasses any messages or inquiries you send us, including customer support requests, contact forms, and correspondence history.
3.5. Technical Data
Pertains to device specifications, operating systems, system configurations, browser settings, mobile identifiers, and similar diagnostics.
3.6. Transaction Data
Includes order details, billing and shipping addresses, payment confirmation (processed through secure third-party services), and fulfillment records.
3.7. Preference Data
Captures your marketing preferences, opt-in or opt-out status for communications, and specific content/product interests.
4. LEGAL BASES FOR PROCESSING PERSONAL DATA
We process your data only when permitted by law. The legal grounds upon which we rely include the following:
– Contractual necessity: Where data processing is required to fulfill our agreements with you (e.g., for account services, customer support, or transactions).
– Legitimate interests: For necessary business operations, fraud prevention, site optimization, or personalized offerings, provided your rights don’t override such interests.
– Consent: When you explicitly permit us (e.g., subscribing to newsletters, accepting non-essential cookies).
– Legal obligations: To comply with regulatory, tax, or statutory requirements.
5. YOUR RIGHTS
Under applicable data protection laws, you have the following rights regarding your personal data:
– Right of Access: Receive confirmation whether your personal data is held and obtain a copy.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your data where retention is no longer necessary.
– Right to Restriction: Request that data processing be limited under certain conditions.
– Right to Data Portability: Obtain your data in a machine-readable format and transmit it elsewhere.
– Right to Object: Object to data use based on legitimate interests or direct marketing.
– Right to Withdraw Consent: Revoke previously granted consent at any time without affecting prior processing activities.
To exercise any of the above rights, please contact us at [email protected]. We will seek to respond promptly and fully to any valid requests.
6. SECURITY MEASURES
We employ appropriate organizational and technical measures to safeguard your information from unauthorized access, loss, misuse, or disclosure. These include:
– Data encryption (in transit and at rest)
– Access controls and user authentication procedures
– Regular data backups and system audits
– Internal staff training on GDPR and data protection practices
While we strive to use commercially acceptable methods to protect your personal data, no method of transmission or storage is entirely secure.
7. INTERNATIONAL DATA TRANSFERS
Your data may be processed outside your country of residence, including in jurisdictions that may not offer the same level of data protection as under EU or California law. When we transfer your data internationally, we ensure:
– Adequate safeguards through standard contractual clauses approved by the European Commission or
– Compliance with adequacy decisions of governing data protection authorities or
– Other lawful bases as permitted under the GDPR and CCPA
We take steps to ensure any recipients uphold confidentiality and data integrity standards.
8. DATA RETENTION
We retain personal data only for as long as necessary for legitimate business purposes, compliance with legal obligations, or resolution of disputes. Specifically:
– Account Data: Retained as long as your account remains active or as legally required
– Transaction Data: Maintained for minimum statutory retention periods (e.g., 6-10 years for financial records)
– Communication and Support Data: Generally retained for a period of up to 24 months
– Technical and Usage Data: Retained for analytical and security purposes, typically aggregated or anonymized after 12 months
– Marketing Preference Data: Retained until you withdraw consent or request deletion
After these durations, data is either securely deleted or anonymized.
9. COOKIE POLICY
Our website uses cookies and similar tracking technologies to enhance user experience, analyze performance, and deliver personalized content. We categorize these as follows:
– Essential Cookies: Required for core functionality (e.g., navigation, authentication)
– Functional Cookies: Enable personalization settings (e.g., language, saved preferences)
– Analytical Cookies: Track usage metrics to improve user experience and website analytics
– Performance Cookies: Monitor technical performance (e.g., page speed, error logs)
Certain cookies may be set by third-party service providers (e.g., analytics or advertising partners).
10. COOKIE MANAGEMENT AND COMPLIANCE
Users are provided with an option to manage non-essential cookie preferences via our Cookie Consent Banner in compliance with GDPR and CCPA. You may also adjust browser settings to disable or delete cookies.
Under California law, users may opt-out of the “sale” of personal data, if applicable, via clearly marked opt-out mechanisms or by contacting us at [email protected]. We do not knowingly “sell” personal data under CCPA definitions.
11. CHILDREN’S PRIVACY
Our services are not intended for individuals under the age of 13. We do not knowingly collect, solicit, or process data from minors. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at [email protected] so we can take appropriate action.
12. POLICY UPDATES
We may modify this Privacy Policy from time to time to reflect changes in legal requirements, technological advancements, or our business practices. Any significant changes will be communicated through updates on bsagrace.com or direct notification where feasible.
We encourage you to review this page periodically to remain informed of how we protect your privacy.
13. CONTACT US
If you have any questions, requests, or concerns about this Privacy Policy or how your data is handled, you may contact us at:
Email: [email protected]
Website: https://bsagrace.com
We are committed to maintaining high standards of privacy compliance and transparency. Your trust is central to our mission, and we welcome your inquiries on how we handle your data responsibly.