Privacy Policy
1. Introduction
At Santa Drive Thru Village (“we,” “our,” or “us”), we are committed to protecting your personal data and safeguarding your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard the personal information of visitors and users (“you” or “your”) of our website, santadrivethruvillage.com. We adhere strictly to applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), and aim to process your information lawfully, fairly, and transparently.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through your interactions with the website santadrivethruvillage.com, including when you visit, browse, make a purchase, or submit an inquiry. Santa Drive Thru Village is the data controller in relation to the processing of your personal data and is responsible for determining the purposes and means of such processing.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a) Usage Data
Includes data about how you use our website, such as your IP address, browser type, operating system, pages visited, referring URLs, clickstream data, and session duration.
b) Account Data
Includes identifying information you provide when creating or managing an account or placing an order, such as your name, billing and shipping address, email address, and telephone number.
c) Profile Data
Includes data derived from your interactions with us that build a profile of your preferences, including previous purchases, event selections, and usage behavior.
d) Communication Data
Includes records of your correspondence with us, such as emails, support tickets, and messages submitted through contact forms on santadrivethruvillage.com.
e) Technical Data
Includes information collected automatically from your device, such as device type, mobile network information, time zone setting, screen resolution, and browser plug-ins.
f) Transaction Data
Includes payment details (last 4 digits of payment card numbers, billing status), order confirmation, and delivery information used in the fulfillment of services.
g) Preference Data
Includes your choices regarding communications, marketing subscriptions, customer feedback, and product or service interests.
4. Legal Bases for Processing
We process personal data only when a lawful basis exists under the GDPR and other applicable privacy laws, including:
– Contract performance: To fulfill our obligations under a contract with you (e.g., to deliver event tickets or customer support).
– Legitimate interest: For the operation and security of our site, fraud prevention, and improving user experiences; provided such interests are not overridden by your rights.
– Consent: When you opt-in for marketing or set cookie preferences, we rely on your informed consent.
– Legal obligation: To comply with applicable laws, including financial regulations and dispute resolution procedures.
5. Your Rights
Under the GDPR and CCPA, you have the following rights concerning your personal data:
– Right of Access: To request a copy of data we hold about you.
– Right to Rectification: To request correction of inaccurate or incomplete data.
– Right to Erasure: To request deletion of your data, subject to legal or contractual obligations.
– Right to Restrict Processing: To request a limitation on data use under certain conditions.
– Right to Data Portability: To receive your processed data in a structured, machine-readable format under specific circumstances.
– Right to Object: To object to data processing based on legitimate interests or direct marketing.
To exercise these rights, please contact us at: [email protected].
6. Security Measures
We implement appropriate technical and organizational security measures to protect your personal data from unauthorized access, loss, misuse, or disclosure. These measures include, but are not limited to:
– Encryption of data in transit and at rest,
– Role-based access control to limit access to necessary personnel,
– Scheduled backups to prevent data loss, and
– Regular staff training on data protection and privacy compliance.
7. International Transfers
Your personal information may be transferred to, and maintained on, servers located outside of your country, including jurisdictions that may not offer the same level of data protection as your home jurisdiction. In such cases, we ensure an adequate level of protection through Standard Contractual Clauses or other appropriate safeguards as prescribed under GDPR and international data protection laws.
8. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy or as required by legal or regulatory obligations. Specifically:
– Usage and Technical Data: up to 12 months, unless required for security investigations,
– Account and Profile Data: for the duration of your relationship with us and up to 7 years thereafter for record-keeping,
– Transaction Data: up to 7 years for tax and financial compliance,
– Communication Data: up to 3 years from the date of last contact,
– Preference Data: until you withdraw your consent or unsubscribe.
9. Cookie Policy
We use cookies and similar technologies on santadrivethruvillage.com to enhance functionality, improve user experience, and analyze website performance. Cookies fall into the following categories:
– Essential Cookies: Necessary for the operation of the website, including security, shopping cart, and user session support.
– Functional Cookies: Remember your preferences and settings to facilitate a personalized experience.
– Analytics Cookies: Help us understand visitor interaction with our website, allowing us to improve performance and optimize content.
– Performance Cookies: Collect data on system errors, loading times, and responsiveness for technical diagnostics.
10. Cookie Management and Compliance
By visiting santadrivethruvillage.com, you are presented with a cookie notice that allows you to manage your preferences in compliance with GDPR and CCPA. You may adjust your cookie settings at any time or clear existing cookies via your browser settings. Where required by law, we obtain your explicit consent before using non-essential cookies.
11. Children’s Privacy
santadrivethruvillage.com is not intended for use by children under the age of 13. We do not knowingly collect or solicit personal information from children under 13. If you are a parent or guardian and believe your child has provided personal data, please contact us to request its deletion at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in legal, technical, or business developments. Material changes will be communicated to users through our website or via email where necessary to ensure your continued awareness and control.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, you may contact us at:
Email: [email protected]
We are committed to upholding your data protection rights and maintaining full compliance with applicable privacy laws. Please do not hesitate to reach out to us with any privacy-related concerns or inquiries.