Privacy Policy
1. Introduction
At Christmas in Oaxaca (“we,” “us,” or “our”), accessible via christmas-in-oaxaca.com (the “Website”), your privacy is a priority. We are fully committed to safeguarding the confidentiality, integrity, and accessibility of your personal data. This Privacy Policy outlines how we collect, use, share, and protect your information when you interact with our Website and related services. We undertake to process your personal data in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection legislation.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all personal data collected or processed when you visit christmas-in-oaxaca.com, contact us via email or forms, or engage with our services. For purposes of the GDPR, we act as the “Data Controller,” meaning we determine the purposes and means of processing your personal data. Under CCPA, we act as a “Business,” as defined in the regulation.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data, either directly from you or automatically through your interaction with our Website:
a. Usage Data:
Includes data about how you use our Website such as your IP address, browser type and version, time zone setting, location, language preferences, operating system, referral sources, site navigation behavior, and session data.
b. Account Data:
If you register or make a purchase, we may collect your full name, billing and shipping address, email address, phone number, and account login credentials.
c. Profile Data:
Includes preferences, past purchases, wishlists, saved itineraries, and behavioral insights based on user interaction patterns.
d. Communication Data:
Includes any data you provide when you contact us for support or inquiries, such as through contact forms, emails, chats, or customer service requests.
e. Technical Data:
Includes information about the devices you use to access our website, such as device IDs, hardware model, screen resolution, browser plug-ins, and operating systems.
f. Transaction Data:
Includes purchase records, payment methods, billing details, shipping information, and order history.
g. Preference Data:
Includes records of your preferences in receiving marketing communications, notification settings, and your product and content interests.
4. Legal Bases for Processing
We rely on the following lawful bases for processing your data:
– Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as subscribing to newsletters or marketing communications.
– Contract: Where processing is necessary for the performance of a contract with you (such as processing an order or providing customer support).
– Legal Obligation: Where we are required to process your personal data to comply with the law.
– Legitimate Interest: Where processing is necessary for our legitimate interests or those of a third party, such as improving our Website, promoting relevant services, or preventing fraud, except where those interests are overridden by your rights.
5. Your Rights
Under GDPR and where applicable under CCPA, you have the following rights concerning your personal data:
– Right of Access: To obtain confirmation and copies of the personal data we hold about you.
– Right to Rectification: To correct inaccurate or incomplete data.
– Right to Erasure: Also known as the “right to be forgotten,” this allows you to request deletion of your personal data in certain circumstances.
– Right to Restrict Processing: To limit how we process your data under specific conditions.
– Right to Data Portability: To receive your data in a structured, commonly used format and to transfer it to another controller.
– Right to Object: To object to the processing of your data based on public interest, direct marketing, or legitimate interest.
– Right to Opt Out (CCPA): California residents may request that we not “sell” their personal information. We do not sell user data in the conventional sense but honor this right under applicable interpretations.
You may exercise any of these rights by contacting us at [email protected]. We will respond within reasonable timeframes as required by law.
6. Security Measures
We employ organizational and technical security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These include:
– SSL encryption of our Website
– Secure servers and firewall technologies
– Role-based internal access control
– Data minimization and controlled access protocols
– Regular employee training on data protection principles
– Routine backup and disaster recovery planning
7. International Data Transfers
As a globally accessible website, user data may be transferred and processed outside your region, including to jurisdictions that may not provide the same level of data protection laws. When personal data is transferred internationally, we take appropriate safeguards in accordance with GDPR, including reliance on Standard Contractual Clauses approved by the European Commission, and we comply with relevant requirements under CCPA.
8. Data Retention
We will retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, including any legal, regulatory, or accounting requirements.
Generally:
– Usage and Technical Data: 12 months from date of collection
– Account and Profile Data: Retained for as long as your account is active
– Transaction Data: Minimum 7 years for tax and financial compliance
– Communication Data: Retained for up to 24 months after your last contact
– Preference and Consent Data: As long as the consent is active or until revoked
9. Cookie Policy
christmas-in-oaxaca.com uses cookies and similar tracking technologies to enhance user experience and provide analytic data. Cookies are categorized as follows:
– Essential Cookies: Necessary for Website functionality and security.
– Functional Cookies: Enable user preferences and enhance usability.
– Analytics Cookies: Allow collection of statistical and behavioral data for performance insights.
– Performance Cookies: Aid in measuring and optimizing Website speed and responsiveness.
For more information, refer to our dedicated Cookie Policy page.
10. Cookie Management and Compliance
Visitors from the European Economic Area (EEA) and California are presented with the option to manage cookie preferences upon their first visit through our consent banner. You may adjust your cookie consent choices at any time using settings on the Website or your browser.
Under GDPR and CCPA provisions, you have the right to:
– Be informed about the categories of data collected via cookies
– Opt-in to non-essential cookies (GDPR)
– Request opt-out of data “sales” (CCPA)
– Withdraw or modify consent at any time
11. Protection of Children
We do not knowingly collect personal information from children under the age of 13. If you are a parent or guardian and believe that your child has provided personal information on christmas-in-oaxaca.com, please contact us immediately at [email protected]. We will take prompt steps to remove such data.
12. Policy Updates
We reserve the right to revise this Privacy Policy periodically to reflect changes in our data processing practices, legal obligations, or service offerings. Updated versions of this Policy will be posted visibly on the Website. Continued use of our Website after such changes constitutes acceptance of the revised Policy.
13. Contact
If you have any questions about this Privacy Policy or wish to exercise any of your data protection rights, please contact us at:
Email: [email protected]
We are committed to maintaining transparency and upholding your privacy rights under all applicable laws. For all data privacy-related inquiries, you are encouraged to contact us directly.
—
We value your trust and are committed to maintaining the privacy and security of your information in compliance with GDPR, CCPA, and applicable data protection laws. Please reach out to us at [email protected] with any privacy-related questions or concerns.