Privacy Policy
1. Commitment to Privacy and Data Protection
At Santa Drive-Thru Village (“we,” “our,” or “us”), accessible at santadrivethruvillage.com (“the Website”), we are committed to safeguarding the privacy and personal information of our users (“you,” “your”). We recognize the fundamental importance of privacy and data protection and strictly adhere to applicable laws and regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), where applicable. This Privacy Policy sets forth our principles and procedures for collecting, using, storing, sharing, and protecting your personal data.
2. Scope of This Policy and Role as Data Controller
This Privacy Policy applies to all personal data collected through the Website, communication channels, and interactive services we offer. Santa Drive-Thru Village acts as the “Data Controller” under GDPR for all personal data collected, meaning we determine the purposes and means of processing your personal information. If you are a resident of the State of California, we also act as a “Business” as defined under the CCPA.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data from our website visitors, users, and customers:
a) Usage Data
Data collected automatically when you visit santadrivethruvillage.com, such as your IP address, browser type, time zone, referring pages, accessed pages, and interactions with the site. This information helps us understand user behavior and improve functionality.
b) Account Data
Information you provide when creating an account or making a purchase, including your full name, shipping and billing address, email, and phone number.
c) Profile Data
Details related to your interactions with the Website, including your shopping history, saved preferences, event participation, and behavior metrics.
d) Communication Data
Records of your communications with us, including inquiries, support requests, email interactions, and messages sent via webforms or other contact mechanisms.
e) Technical Data
Data about your hardware and software, such as device type, operating system, system settings, cookies, and diagnostic logs.
f) Transaction Data
Details of purchases or reservations made through the Website, including payment confirmations, delivery information, and partial payment records (note: complete financial details such as card numbers are securely handled by third-party processors).
g) Preference Data
Marketing and newsletter preferences, promotional opt-ins, and expressed interests in certain products or features.
4. Legal Bases for Processing
We process your personal data lawfully under the following legal bases:
– Consent: Where required, we will request your explicit consent before processing your personal data (e.g., for sending marketing emails).
– Contract: Processing necessary to fulfill a contractual obligation, such as fulfilling your purchases or service requests.
– Legitimate Interests: Where necessary for the pursuit of our legitimate interests in improving our services, marketing effectively, detecting fraud, or ensuring safety and security, provided your interests and rights do not override those interests.
– Compliance with Legal Obligations: When required to comply with statutory obligations or regulatory inquiries.
5. Your Rights
Under applicable data protection law, you have the following rights:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You have the right to correct inaccurate or outdated personal data.
– Right to Erasure: You may request the deletion of your personal data, subject to certain lawful exceptions.
– Right to Restrict Processing: You may ask us to limit the processing of your personal data under certain circumstances.
– Right to Data Portability: You can request that we provide your personal data in a structured, commonly used, machine-readable format and, where feasible, transmit it to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, loss, destruction, or misuse. These measures include but are not limited to: data encryption, access control protocols, secure backups, and staff training to ensure data handling is consistent with best practices and legal requirements.
7. International Data Transfers
Information collected through the Website may be stored or transferred outside of your country of residence, including countries that may not have equivalent data protection laws. Where such transfers occur, we rely on appropriate safeguards, including standard contractual clauses approved by the European Commission, adequacy decisions where applicable, and other legally accepted transfer mechanisms under GDPR and CCPA.
8. Data Retention
We retain personal data only for as long as reasonably necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or accounting obligations. Our retention periods include:
– Usage Data: 26 months
– Account and Transaction Data: 7 years from last interaction for tax and contractual records
– Communication Records: 3 years from final contact
– Marketing Preference Data: Until user withdraws consent or unsubscribes
– Technical Logs: Up to 12 months for system diagnostics and fraud prevention
Where there is no legal requirement to retain data, we will delete or anonymize it.
9. Cookie Policy
Our Website uses cookies and similar tracking technologies to enhance the user experience. Cookies are small data files stored on your device that identify you across sessions.
We use the following categories of cookies:
– Essential Cookies: Necessary for the Website’s operation and to enable core functions such as secure login and shopping cart management.
– Functional Cookies: Improve site functionality by remembering preferences and selections.
– Analytics Cookies: Help us understand how users interact with the Website (e.g., Google Analytics), so we can improve content and performance.
– Performance Cookies: Support website optimization and ensure load balancing and quick navigation.
10. Cookie Management and Legal Compliance
Upon your first visit to santadrivethruvillage.com, we present you with a cookie banner that allows you to manage your preferences in accordance with GDPR and CCPA. You may modify your choices at any time from the browser or through our website’s cookie settings panel.
To opt out of third-party analytics, you may follow instructions at tools like: https://tools.google.com/dlpage/gaoptout.
California residents may also request to opt out of the sale of personal information by contacting us via the email listed below.
11. Protection of Children’s Personal Information
We do not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have inadvertently collected personal information from a child under that age, we will take timely steps to delete such data. If you believe we may have information about a child under 13, please contact us immediately at [email protected].
12. Policy Updates and Notifications
We reserve the right to modify this Privacy Policy from time to time to reflect changes in legal obligations, technological advancements, or our business practices. Any updates will be posted directly to this page. Where significant changes are made, we will notify users through the Website or by email where appropriate.
13. Contact Us
If you have any questions, concerns, requests, or complaints related to this Privacy Policy or to the handling of your personal data, please contact us directly:
Email: [email protected]
Website: https://santadrivethruvillage.com
We are committed to ensuring your experience on santadrivethruvillage.com respects your privacy rights and complies with global data protection laws. Please reach out to us if you have any issues or need assistance with your privacy-related requests.