Privacy Policy for TullyMills.com
1. Introduction
At Tully Mills (“we”, “us”, “our”), we are committed to protecting and respecting your privacy. Your trust is important to us, and we are dedicated to maintaining the confidentiality, integrity, and security of your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard information when you visit or interact with our website, tullymills.com. We process your information in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), as amended.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal information collected by Tully Mills through tullymills.com and any related services. For the purposes of the GDPR and CCPA, Tully Mills operates as the “data controller” of your personal information. This means we determine the purposes and means of processing your personal data. If you are located in the European Economic Area (EEA), the United Kingdom, or California, your rights and our obligations in relation to your personal data may be further governed by local data protection laws.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data:
Includes data on how you interact with tullymills.com such as browser type and version, IP address, referral source, length of visit, page views, and website navigation data.
b. Account Data:
Includes your name, email address, phone number, physical address, and other identifying information provided when you create an account or place an order.
c. Profile Data:
Includes your preferences, product interests, behavior on the site, and purchase history.
d. Communication Data:
Includes records of correspondence, including support requests, inquiries submitted via our contact forms, and emails exchanged with our team.
e. Technical Data:
Includes device identifiers, operating system, device type, configurations, and system diagnostics used to optimize site functionality.
f. Transaction Data:
Includes details related to purchases, order histories, preferences, shipping addresses, and billing details (note: we do not store full payment card numbers).
g. Preference Data:
Includes your marketing preferences, opt-in or opt-out selections, cookie consents, and expressed interests for future offerings.
4. Legal Bases for Processing
We lawfully process your personal data only when permitted under applicable laws. Our legal bases include:
– Contractual necessity: To fulfill obligations arising from a contract with you, such as the delivery of goods or services.
– Legitimate interests: To operate and improve our website, provide customer support, detect fraud, and promote our products (provided such interests are not overridden by your rights).
– Consent: Where required, we rely on your freely given, informed consent to process your data (e.g., for marketing purposes or placing certain cookies).
– Legal obligation: To comply with applicable statutory duties and legal orders.
5. Your Rights
Subject to applicable laws, you have the following rights regarding your personal data:
– Right of Access: Obtain confirmation as to whether your personal data is processed and gain access to such data.
– Right to Rectification: Request correction of inaccurate or incomplete information.
– Right to Erasure: Request deletion of your data where legally permissible.
– Right to Restriction: Request we limit the processing of your information in certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format and transmit it to another data controller.
– Right to Object: Object to processing that relies on legitimate interest or direct marketing grounds.
– Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time, without affecting prior processing.
To exercise your rights, please contact us at [email protected].
6. Security Measures
We implement a variety of technical and organizational safeguards to ensure a high level of security for your personal data. This includes, but is not limited to:
– End-to-end encryption of data in transit and at rest
– Role-based access control and authentication protocols
– Secure server infrastructure with regularly monitored firewalls
– Frequent data backups and disaster recovery procedures
– Staff awareness training and confidentiality agreements
7. International Transfers
Personal data we collect may be transferred to, stored in, or processed in countries outside your jurisdiction, including the United States. Where such international transfers occur, and the recipient countries do not provide an equivalent level of data protection, we ensure adequate safeguards are in place through standard contractual clauses, data transfer agreements, or other lawful mechanisms.
8. Data Retention
We retain your personal data only as long as necessary for the purposes under which it was collected or to comply with applicable laws. Specifically:
– Usage, Technical, and Preference Data: retained for up to 24 months.
– Account, Transaction, and Communication Data: retained for up to 7 years for accounting, reporting, and legal compliance.
– Profile and Marketing Data: retained until you request deletion or withdraw consent.
After expiry of the applicable retention period, data will be securely deleted or anonymized.
9. Cookie Policy
Tullymills.com uses cookies and similar technologies to provide essential services, analyze site performance, and improve your user experience. We classify cookies as follows:
– Essential Cookies: Required for the core functionality of the site.
– Functional Cookies: Remember preferences and settings.
– Analytics Cookies: Track site usage to help improve performance and content.
– Performance Cookies: Measure the effectiveness of advertising and site responsiveness.
10. Cookie Management and Compliance
Upon your first visit, you will be presented with a cookie consent banner allowing you to accept, reject, or customize your settings. You can manage your cookie preferences at any time by accessing the cookie settings tool embedded on our site or by adjusting your browser settings. We comply with all applicable provisions of GDPR and CCPA concerning the use of cookies, including prior consent for non-essential cookies and mechanisms for opting out.
11. Children’s Privacy
Tullymills.com is not intended for nor directed at children under the age of 13. We do not knowingly collect personal information from children. If we become aware that a child under 13 has provided personal data, we will take immediate steps to delete such data. Parents or guardians who believe their child has submitted information without consent may notify us at [email protected].
12. Policy Updates
We may revise this Privacy Policy periodically in response to legal, technical, or operational developments. Where required under applicable law, we will notify you of material updates via prominent notices on tullymills.com or via direct communication. Your continued use of the site signifies acceptance of the revised policy.
13. Contact Us
If you have questions, concerns, or wish to exercise your rights regarding your personal data, you may contact us at:
Tully Mills
Email: [email protected]
Website: https://tullymills.com
We are committed to full compliance with applicable privacy legislation and dedicated to maintaining the trust you place in us. Please reach out to us at any time with privacy-related inquiries.