PRIVACY POLICY
1. Introduction
At StoneLoot (“we,” “us,” “our”), we are committed to safeguarding the privacy and personal data of all users who interact with our website, located at https://stoneloot.com. This Privacy Policy outlines how we collect, process, protect, and store your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA, as amended by the CPRA). We uphold a privacy-first philosophy and believe in full transparency, control, and accountability in all matters concerning your personal information.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data processed by us through your access and use of stoneloot.com, including any related services, features, platforms, or digital communications. For the purposes of the GDPR and other applicable data protection laws, the data controller responsible for your personal data is StoneLoot. Any inquiries regarding our privacy practices or your data can be directed to [email protected].
3. Categories of Data Processed
We process the following categories of personal data:
a) Usage Data
Includes information such as your browser type, IP address, referral source, pages browsed, session duration, and interaction data. This is collected automatically through cookies and analytics tools to improve site functionality and user experience.
b) Account Data
Includes personally identifiable information provided when creating an account or placing an order, such as name, email address, phone number, billing and shipping addresses.
c) Profile Data
Includes purchasing behavior, wishlists, interests, preferences, product ratings, and any other data associated with your account profile on stoneloot.com.
d) Communication Data
Covers correspondence records including emails, contact form submissions, support interactions, and any other direct communications with us.
e) Technical Data
Contains device details, operating system type and version, screen resolution, language settings, browser settings, and diagnostic logs.
f) Transaction Data
Involves payment method information (processed through third-party providers), transaction identifiers, order history, shipping details, and billing confirmations.
g) Preference Data
Includes your marketing communication preferences, participation in promotions or surveys, and data related to display or notification choices on our platform.
4. Legal Bases for Processing
We process personal data on lawful grounds under GDPR and similar principles under CCPA, including:
– Consent: When you voluntarily provide data for newsletters, marketing communications, or specific optional services.
– Contractual necessity: When data is required to fulfill a contract (e.g., to process orders or provide customer support).
– Legitimate interest: For website optimization, fraud prevention, analytics, or security, provided these interests do not override your fundamental rights and freedoms.
– Legal obligation: When processing is required to comply with applicable laws or regulations.
5. Your Rights
As a data subject, you have several rights under applicable data protection laws:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request that your personal data be deleted under certain conditions.
– Right to Restriction: You may request that we limit the processing of your data in specific circumstances.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, and machine-readable format.
– Right to Object: Where processing is based on legitimate interest or direct marketing, you may object to such processing.
To exercise any of these rights, please contact us at [email protected]. We may require verification of your identity to ensure data protection.
6. Security Measures
We implement industry-standard security measures to protect your information from loss, misuse, unauthorized access, disclosure, or alteration. These include:
– Data encryption in transit and at rest
– Internal access controls and role-based permissions
– Regular security audits and vulnerability testing
– Firewalls and intrusion detection systems
– Security awareness training for staff
– Frequent data backups and disaster recovery planning
Despite our efforts, no digital transmission or storage system is completely secure. You are encouraged to use strong passwords and exercise caution when sharing personal data online.
7. International Transfers
Where personal data is transferred outside of the European Economic Area (EEA), we ensure appropriate safeguards, including execution of standard contractual clauses approved by the European Commission or reliance on regulatory frameworks that ensure data protection equivalence. We comply with all regional regulatory requirements governing cross-border data transfers.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy, subject to our legal obligations and legitimate operational needs.
– Usage and Technical Data: up to 24 months
– Account and Profile Data: as long as your account remains active, plus 12 months after termination
– Transaction Data: retained for at least 7 years for tax and compliance purposes
– Communication Data: retained up to 36 months for customer service tracking
– Marketing Preferences: reviewed annually or until consent is withdrawn
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience and ensure proper website operation. These may include:
– Essential Cookies: Enable core functionality such as security, account login, and cart features.
– Functional Cookies: Remember your settings and preferences to improve usability.
– Analytics Cookies: Help us understand user behavior and website performance to optimize our services (e.g., via Google Analytics).
– Performance Cookies: Allow us to monitor uptime, load speed, and other site metrics critical to performance.
10. Cookie Management and Compliance
Upon visiting stoneloot.com, you will be presented with a cookie banner that grants you the choice to accept or reject non-essential cookies. You may update preferences at any time through our cookie settings tool or by adjusting browser settings.
For GDPR compliance, we do not place analytical or performance cookies without prior consent. Under CCPA, California users may opt out of the “sale” of personal data through a designated option on our site (if applicable). We honor Global Privacy Control (GPC) signals wherever applicable.
11. Children’s Data
Our services are not intended for children under the age of 13, and we do not knowingly collect personal data from minors. If you are a parent or guardian and you believe your child has provided us with personal data without your consent, please contact us immediately at [email protected], and we will take appropriate steps to delete such information.
12. Policy Updates and User Notifications
We reserve the right to update this Privacy Policy at our discretion to reflect changes in legal obligations, technology, or business practices. Users will be notified of material changes through a clearly visible notice on stoneloot.com. Continued use of our website following policy modifications constitutes acceptance of the revised terms.
13. Contact Us
If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, please contact our privacy team at:
Email: [email protected]
We are committed to ensuring full compliance with applicable data protection frameworks, including GDPR and CCPA, and we encourage you to reach out should you have any privacy-related concerns or requests.