Privacy Policy for Hemlock Tavern SF
Hemlock Tavern SF (“we,” “our,” or “us”) values your privacy and is committed to protecting your personal data and digital rights. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, hemlocktavernsf.com. We ensure that your personal information is handled in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are firmly dedicated to transparency, user control, and privacy-first practices.
1. Scope of Policy and Data Controller Role
This Privacy Policy applies solely to personal data collected via our website hemlocktavernsf.com and any associated services. We serve as the data controller under the GDPR and CCPA, meaning we determine the purposes and means for processing your data. If you have any concerns regarding how your data is used, you may contact us at [email protected].
2. Categories of Data Processed
We collect various categories of personal data depending on your interaction with hemlocktavernsf.com:
a. Usage Data
Includes browser types, IP addresses, pages visited, geographic location, access times, session durations, and navigation paths.
b. Account Data
When users register or contact us, we may collect names, physical addresses, email addresses, and phone numbers.
c. Profile Data
Includes data relating to purchase history, stated preferences, and behavioral trends on our website.
d. Communication Data
Includes records of customer support requests, feedback submissions, inquiries, or correspondence sent to us.
e. Technical Data
Refers to device identifiers, operating systems, browser plugins, screen resolutions, language settings, and system configurations as transmitted by your device.
f. Transaction Data
Consists of payment details, billing records, order confirmations, and delivery information in cases where transactions are conducted via our services.
g. Preference Data
Includes your preferences concerning marketing communications, newsletter subscriptions, event notifications, and areas of interest related to our services or promotions.
3. Legal Bases for Processing
Under the GDPR and similar regulatory regimes, personal data may only be processed when there is a valid legal basis. We rely on the following:
– Consent: When you explicitly agree to our use of your data for specific purposes (e.g., marketing communications).
– Contractual Necessity: When processing is required to fulfill a contract with you (e.g., processing a ticket purchase).
– Legitimate Interest: For operational purposes that do not infringe on your rights (e.g., analytics and website security monitoring).
– Legal Obligation: When processing is necessary for compliance with legal requirements.
You have the right to withdraw consent at any time where consent has been provided as the lawful basis for processing.
4. Your Rights
Consistent with the GDPR and CCPA, you have the right to:
– Access: Request a copy of the personal data we hold about you.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of your personal data under certain legal conditions.
– Restriction: Request that we limit how we process your personal data.
– Portability: Receive your personal data in a structured, commonly used, and machine-readable format for transfer to another data controller.
– Objection: Object to specific types of data processing, including automated decisions and profiling.
– Non-Discrimination: Exercise your CCPA rights without being denied services or charged different prices.
You may exercise your rights by contacting [email protected].
5. Security Measures
We have implemented appropriate physical, electronic, and managerial measures to safeguard your personal data. These include but are not limited to:
– Encryption protocols for data transmission and storage
– Role-based access control and secure authentication practices
– Routine data backups and disaster recovery systems
– Employee training on data protection principles and confidentiality
Although we employ robust safeguards, no method of transmission over the internet can be guaranteed to be 100% secure.
6. International Data Transfers
Where your personal data is transferred outside your jurisdiction (including transfers from the EU/EEA to the United States), we implement Standard Contractual Clauses (SCCs), adequacy decisions, and other appropriate safeguards to ensure your data remains protected in accordance with applicable laws.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal and regulatory obligations. Specific retention periods include:
– Usage and Technical Data: Up to 12 months
– Communication Data: Up to 24 months, unless legally required to retain longer
– Transaction Data: Up to 7 years for accounting and tax compliance
– Account/Profile Data: Retained for the duration of active user status and removed within 90 days of account closure
– Preference Data: Retained until you update or withdraw your consents
8. Cookie Policy
We use various types of cookies and similar tracking technologies to optimize functionality and assess site performance:
– Essential Cookies: Necessary for basic website features and security
– Functional Cookies: Remember preferences and facilitate a tailored user experience
– Analytics Cookies: Collect anonymized traffic and usage data for performance measurement
– Performance Cookies: Monitor website responsiveness and user behavior analytics
9. Cookie Management and Compliance
By visiting hemlocktavernsf.com for the first time, you will be presented with a cookies banner allowing you to manage your cookie preferences in accordance with GDPR and CCPA requirements.
You can also control cookies via your browser settings or utilize global privacy control tools to signal your opt-out preferences. Opt-out links for third-party tools used for analytics and advertising are provided where applicable.
10. Special Protections for Children
Our website is not intended for children under the age of 13, and we do not knowingly collect or solicit personal data from minors. If we learn that we have inadvertently collected data from a child under the age of 13, we will take prompt steps to delete such data. Parents or legal guardians who believe that their child may have provided us with personal data may contact us at [email protected].
11. Policy Updates and Notifications
We reserve the right to update this Privacy Policy at our discretion. Changes will be communicated through our website or via email if you maintain an account with us. We encourage users to periodically review the policy for modifications to stay informed about how we protect their data.
12. Contact Us
For any privacy-related concerns, inquiries, data access requests, or complaints, please contact our data representative at:
Email: [email protected]
We are committed to resolving privacy issues transparently and in compliance with applicable data protection laws.
This Privacy Policy reflects our commitment to ensuring that your personal data is handled with respect and care. If you have any questions regarding your rights or our data practices, do not hesitate to reach out.