Privacy Policy
TheNeverEndingStories.com (“we,” “us,” or “our”) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, transfer, and store your information when you use our website, www.theneverendingstories.com (“Site”). We are committed to safeguarding the personal data of our users and complying with applicable privacy and data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Commitment to Privacy and Data Protection
Your privacy is of paramount importance to us. We maintain a privacy-first approach in the design and operation of our services and ensure that your personal data is collected, used, and protected with transparency, integrity, and in accordance with prevailing legal standards.
2. Scope of this Policy and Role of Data Controller
This Privacy Policy applies to all users of www.theneverendingstories.com and all related services offered through the Site. For the purposes of data protection law, The Never Ending Stories is the data controller responsible for the processing of your personal data as described in this policy. Any inquiries regarding the use of your data can be directed to us at [email protected].
3. Categories of Personal Data We Collect and Process
We may collect and process the following categories of personal data:
a. Usage Data
Includes information related to your browsing activity such as IP address, browser type and version, time zone setting, device identifiers, access dates and times, and referral URLs. This data helps us analyze how visitors interact with our Site to improve functionality and performance.
b. Account Data
Collected when you create an account or register with us. Includes your full name, email address, physical address, phone number, login credentials, and other identifying information.
c. Profile Data
Includes your interests, browsing patterns, preference settings, purchase history, wishlists, and contributions to any interactive features of the Site.
d. Communication Data
Includes your history of communication with us through support messages, contact forms, customer service records, and our response history with you.
e. Technical Data
Covers details such as device type, operating system, browser plugins and versions, screen resolution, hardware settings, and related system configurations.
f. Transaction Data
Includes billing and shipping addresses, details of products and services purchased from us, payment methods, and transaction identifiers. Payment data is handled securely in compliance with industry standards.
g. Preference Data
Includes your marketing preferences, communication selections, product and content interests, and opt-in or opt-out records for various types of contact.
4. Legal Bases for Processing
We only process your personal data when legally permitted under the following lawful bases:
– Performance of a contract: Where processing is necessary for the performance of agreements entered into with you, such as fulfillment of orders or customer support.
– Consent: Where you have granted explicit permission for specific data use (e.g., marketing communications). Consent may be withdrawn at any time.
– Legal obligation: Where we are required to comply with applicable legal or regulatory requirements.
– Legitimate interests: Where processing is necessary for our business operations and such interests do not override your fundamental rights and freedoms (e.g., fraud prevention, Site analytics, service improvement).
5. Your Rights as a Data Subject
As provided for under GDPR and CCPA, you have the following rights:
– Right of Access: Obtain confirmation and a copy of the personal data we hold about you.
– Right to Rectification: Correct inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under the conditions defined by law.
– Right to Restriction of Processing: Limit how we use your data in certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format and transmit that data to another controller.
– Right to Object: Object to processing based on legitimate interest or direct marketing.
– Right Not to Be Subject to Automated Decision-Making: We do not use automated profiling that significantly affects individuals.
To exercise any of these rights, contact us at [email protected]. We reserve the right to verify your identity before processing any requests.
6. Security Measures
We implement stringent technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These include:
– SSL/TLS encryption of all data in transit.
– Role-based access controls limiting data access to authorized personnel.
– Secure physical and logical storage environments.
– Regular system and security audits.
– Employee training on data privacy and cybersecurity best practices.
7. International Data Transfers
When your personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission or other mechanisms as provided under applicable legislation. We carefully assess the legal and security environment of each country receiving the data.
8. Data Retention
We retain your data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable laws. Retention timelines include:
– Account Data: Retained while your account remains active and up to 6 years after closure.
– Transaction Data: Retained for 7 years for financial and audit compliance purposes.
– Communication Data: Retained for 2 years to manage support and service histories.
– Marketing Preference Data: Retained until withdrawal of consent or 5 years, whichever comes first.
– Technical and Usage Data: Retained for up to 2 years for analytical purposes.
9. Cookie Policy
Our Site uses cookies and similar tracking technologies to enhance your browsing experience. Types of cookies we may use include:
– Essential Cookies: Necessary for core Site functionality.
– Functional Cookies: Enable personalization and enhanced user experience.
– Analytics Cookies: Help us understand visitor behavior to optimize Site design and navigation.
– Performance Cookies: Monitor site performance and usage metrics.
10. Cookie Management
Users are presented with cookie consent options on first visit and may adjust their preferences at any time through the cookie settings on our Site. You may also disable cookies via your browser settings, although this may affect some functionalities of our website. We adhere to GDPR and CCPA standards for cookie disclosures and consent, and we do not sell your personal information to third parties.
11. Children’s Privacy
Our services are not intended for children under the age of 13. We do not knowingly collect, use, or disclose personal information from children under 13. If we learn that we have inadvertently gathered personal data from a child, we will promptly delete it unless legally required to retain such data.
12. Policy Updates
We may update this Privacy Policy to reflect changes in legal, regulatory, or operational requirements. Any material changes will be communicated via a prominent notice on our Site, and where required by law, through other direct means such as email.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal information, you may contact us at:
Email: [email protected]
We remain committed to ensuring that your privacy is protected and that your information is processed in accordance with your rights. Please do not hesitate to reach out with any privacy-related concerns or questions.
This Policy is maintained in full compliance with applicable data protection regulations, including the GDPR and CCPA.