Privacy Policy
1. Introduction
At The Cosey (thecosey.com), we are firmly committed to safeguarding your personal data and respecting your privacy. This Privacy Policy outlines the nature of the personal information we collect, how it is processed, disclosed, and protected in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are dedicated to maintaining the confidentiality, integrity, and availability of your data and ensuring transparency in its use.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through thecosey.com and related services. The entity responsible for determining the purposes and means of processing your personal data under this policy is The Cosey. For all queries related to this policy or data practices, you may contact us at [email protected].
As a data controller, The Cosey determines the purposes and legal bases for processing your data in accordance with the strict requirements of applicable data protection laws.
3. Categories of Data Processed
We process various categories of personal data depending on your interaction with our website and services:
– Usage Data: Includes data concerning your interactions with the website, such as IP address, browser type and version, geographic location, time zone setting, language preferences, pages viewed, site navigation paths, and session information.
– Account Data: Information you provide when creating an account, including your full name, home or shipping address, email address, and telephone number.
– Profile Data: Preferences, browsing history, purchase habits, order history, saved items, and behavior within your customer profile.
– Communication Data: Records and logs of customer inquiries, support tickets, emails, or other communications submitted to us, whether through online forms or via direct contact.
– Technical Data: Device identifiers, operating system, hardware specifications, browser plug-ins, network information, and system configurations collected through automated methods.
– Transaction Data: Information required to complete and deliver purchases, such as payment method (limited payment details in line with PCI standards), billing and shipping address, order history, and transaction confirmations.
– Preference Data: Marketing communication preferences, product interest indicators, and consent records for non-essential data use.
4. Legal Bases for Processing
We rely on the following legal bases for collecting and processing your personal data:
– Contractual Necessity: To perform obligations under a contract with you (e.g., fulfilling orders, delivering services).
– Legitimate Interests: To administer and manage our website, to improve products and services, detect fraud, ensure network and information security, and manage business operations—so long as these interests do not override your rights and freedoms.
– Consent: Where legally required, for direct marketing, placement of certain cookies, and other non-essential data collection. You have the right to withdraw your consent at any time.
– Legal Obligation: To comply with applicable legal and regulatory requirements.
5. Your Data Protection Rights
You are entitled to exercise the following rights under data protection laws:
– Right of Access: You may request access to your personal data and receive a copy of the data we hold about you.
– Right to Rectification: You have the right to request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request that we delete your personal data in circumstances where there is no overriding legal or legitimate reason for retention.
– Right to Restriction: You may request limitation on the processing of your personal data where you contest its accuracy or the lawfulness of its use.
– Right to Data Portability: You may obtain a copy of your personal data in a structured, commonly used and machine-readable format, and request its transfer to another data controller.
To exercise any of these rights, please contact us at [email protected]. We will respond in accordance with applicable privacy regulations and timeframes.
6. Security Measures
We employ robust technical and organizational safeguards to protect your personal data from unauthorized access, misuse, alteration, or destruction. These measures include:
– Encryption of data in transit and at rest.
– Role-based access control and secure authentication.
– Regular system audits and vulnerability testing.
– Routine backups and secure storage practices.
– Staff training on data protection and confidentiality principles.
While no data transmission or storage system is entirely secure, we strive to use commercially acceptable means to protect your personal information.
7. International Transfers
Your personal data may be transferred to and processed in countries outside of the European Economic Area (EEA) or your jurisdiction of residence. Where such transfers occur, we implement appropriate safeguards such as standard contractual clauses approved by the European Commission and ensure that adequate protections are in place in compliance with applicable data transfer laws.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for complying with legal, accounting, and reporting requirements. Specific retention periods include:
– Account and Profile Data: Retained for as long as your account remains active or as required under applicable laws.
– Transaction Data: Retained for seven (7) years for tax, compliance, and business record purposes.
– Communication Data: Retained for up to three (3) years from the date of last contact.
– Technical and Usage Data: Retained for up to two (2) years for analytics and security purposes.
Upon expiration of the applicable retention period, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to optimize user experience, facilitate essential site functions, and analyze user behavior. Cookies used on thecosey.com fall into these categories:
– Essential Cookies: Necessary for website operation, enabling core functionalities like shopping cart management and account login.
– Functional Cookies: Enhance usability by remembering user selections and preferences.
– Analytics Cookies: Help us understand user interactions, page performance, and usage trends through aggregated data (e.g., via Google Analytics).
– Performance Cookies: Monitor site load times, responsiveness, and error reporting to improve service delivery.
10. Cookie Management and Compliance with GDPR & CCPA
Where legally required, we request your informed consent before placing non-essential cookies. You can manage your cookie preferences through our cookie banner or browser settings. Under GDPR, you have the right to withdraw consent at any time. Under CCPA, California residents may opt out of the “sale” of personal data and request disclosure of what data has been collected.
To make a CCPA-related request, contact [email protected]. We do not knowingly “sell” personal information as defined under the CCPA.
11. Children’s Privacy
We do not knowingly collect personal information from children under the age of 13. If you are a parent or legal guardian and believe that your child has provided us with information, please contact us at [email protected]. Any such information will be deleted in accordance with applicable laws.
12. Policy Updates and User Notifications
The Cosey may update this Privacy Policy periodically to reflect legal, operational, or technological changes. We will notify users of material changes either by prominently posting a notice on the website or by contacting you directly if required by applicable law. Continued use of our services after changes have been posted will be deemed as acceptance unless otherwise required by law.
We encourage you to review this policy from time to time to remain informed about how we protect your data.
13. Contact
If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
Website: https://thecosey.com
We are committed to upholding the highest standards of privacy and will address your inquiries promptly and in accordance with applicable privacy laws.
Compliance Statement
The Cosey is committed to full compliance with the GDPR, CCPA, and other applicable privacy frameworks. Please contact [email protected] with any privacy-related concerns or requests.