PRIVACY POLICY
1. Introduction
At Appetite Journey (“we”, “us”, or “our”), your privacy is paramount. We are fully committed to protecting your personal data and upholding your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, use, and safeguard your data when you visit our website, appetitejourney.com (the “Site”), and interact with our services, features, and communications. We believe transparency and accountability are crucial to maintaining your trust.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users who access or use the Site and its services, regardless of geographic location. For purposes of the GDPR, Appetite Journey is the Data Controller responsible for the processing of your personal data as described in this document.
If you have any questions about this policy or the handling of your personal data, you may contact us at: [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a) Usage Data
Includes information about how you access and use appetitejourney.com, such as IP address, browser type, domain, pages visited, session duration, and timestamps.
b) Account Data
Includes your name, billing and shipping addresses, email address, telephone number, and login credentials when used to register for an account or place an order.
c) Profile Data
Includes your purchase history, product preferences, interests, dietary choices, and behavioral interactions with the Site.
d) Communication Data
Includes the content and metadata of any inquiries, customer support requests, contact history via email or web forms, and similar communications.
e) Technical Data
Includes device-identifying data such as operating system, mobile device identifiers, browser plug-ins, screen resolution, geographic location, and system configuration information.
f) Transaction Data
Includes billing information, payment card details (processed securely via third-party processors), delivery addresses, and order fulfillment records.
g) Preference Data
Includes marketing preferences, opt-in/opt-out status, newsletter subscriptions, and user interests related to products or content.
4. Legal Bases for Processing Personal Data
We rely on the following lawful bases under applicable data protection laws:
– Consent: For processing where we require your prior approval (e.g., marketing communications).
– Contractual Necessity: When processing is necessary to fulfill obligations under a contract, such as processing orders and delivering services.
– Legal Obligation: To comply with applicable statutory or regulatory obligations.
– Legitimate Interests: Where processing is necessary for our legitimate business objectives (e.g., improving services, securing the Site), provided that your interests and fundamental rights do not override those interests.
5. Your Rights
As a data subject, you are entitled to exercise the following rights with respect to your personal data, subject to applicable legal limitations:
– Access: Request confirmation and a copy of the personal data we hold about you.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of your data where there is no compelling reason for its continued processing (“right to be forgotten”).
– Restriction: Request restriction or suspension of data processing under certain conditions.
– Data Portability: Receive your data in a structured, commonly-used, machine-readable format and transfer it to another controller.
– Objection: Object to data processing based on legitimate interest or for direct marketing purposes.
– Withdraw Consent: When we rely on consent to process your data, you may withdraw it at any time.
These rights may be exercised by contacting [email protected].
6. Security Measures
The security of your personal data is of utmost importance. We have implemented a robust set of organizational and technical measures including:
– End-to-end encryption of data transmissions using TLS/SSL protocols.
– Role-based access controls and authentication procedures for all stored data.
– Regular backups and recovery protocols to protect against data loss.
– Staff training on data protection principles and incident response readiness.
– Ongoing system monitoring for threats, vulnerabilities, and unauthorized access.
7. International Transfers
Where personal data is transferred outside of the European Economic Area (EEA), including to the United States, we ensure that such transfers are conducted in compliance with GDPR, using appropriate safeguards including:
– Standard Contractual Clauses (SCCs) approved by the European Commission.
– Verification of adequate data protection levels in the recipient jurisdiction.
– Implementation of supplementary technical or contractual protections as needed.
Your data protection rights remain intact regardless of where data is processed.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory, or contractual obligations. The retention periods are as follows:
– Usage Data: Retained for up to 12 months for performance analysis and diagnostics.
– Account Data: Retained as long as an account is active, and up to 6 years thereafter where required by law.
– Transaction Data: Retained for 7 years for accounting and compliance purposes.
– Communication Data: Retained for 2 years from the date of last contact.
– Profile and Preference Data: Retained for as long as you maintain an active relationship with us, and deleted upon request.
– Cookie Data: As outlined in our Cookie Policy below.
9. Cookie Policy
Our Site uses cookies and similar technologies to distinguish users, enhance user experience, and analyze Site performance. Cookies may be:
– Essential Cookies: Required for the proper functioning of the Site (e.g., shopping cart management, account login).
– Functional Cookies: Enable enhanced functionality such as remembering preferences and personal settings.
– Analytics Cookies: Collect anonymized statistical data on user interactions with the Site, via tools such as Google Analytics.
– Performance Cookies: Monitor system stability, performance issues, and loading times.
These cookies may be set by us or by third-party service providers.
10. Cookie Management and Compliance
You have the right to manage your cookie preferences in accordance with GDPR and CCPA. On your first visit to appetitejourney.com, a cookie consent banner will prompt you to accept or customize your preferences. You can update these settings at any time via the Site’s cookie management tool or by modifying your browser settings. Where legally required, non-essential cookies are not activated without your explicit consent.
Under CCPA, California residents may also opt out of the “sale” of personal information, where applicable, and may request details on what data is being collected by third parties via cookies and tracking technologies.
11. Protection of Children’s Privacy
We do not knowingly collect personal data from children under the age of 13. If we become aware that such data has been inadvertently collected, we will take appropriate steps to delete it promptly. If you are a parent or guardian and believe that your child has provided personal information, please contact us at [email protected].
12. Policy Updates
We may revise this Privacy Policy periodically to reflect legal changes, best practices, or updates to our processing activities. When significant changes are made, we will notify you through appropriate channels such as email notifications or alerts on the Site. Continued use of the Site after such updates constitutes your acceptance of the revised terms.
13. Contact Us
For questions, concerns, or requests regarding this Privacy Policy or the use of your personal data, please contact our privacy team at:
We are committed to ensuring that your privacy rights are respected, and welcome the opportunity to address your inquiries in a prompt and transparent manner.
This Privacy Policy demonstrates our compliance with all relevant data protection regulations, including the GDPR and CCPA. If you have any further questions about how your personal information is handled, please do not hesitate to reach out to us.