Privacy Policy
At Inner Ear (“we,” “us,” or “our”), accessible at inner-ear.com, we are firmly committed to respecting and protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data when you interact with our website. We recognize the importance of data privacy and are dedicated to processing your personal data in a lawful, fair, and transparent manner in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection legislation.
1. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users and visitors of inner-ear.com. Inner Ear is the data controller of the personal data you provide through our website, and we are responsible for determining the purposes and means of processing such data. The scope encompasses all personal data collected through our website, including data processing related to account creation, contact forms, subscriptions, and purchases.
2. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Includes: IP address, browser type and version, geographical location, referral source, length of visit, page views, and website navigation paths.
Purpose: To analyze site traffic and improve the user experience.
b. Account Data
Includes: Full name, billing and shipping address, email address, and telephone number.
Purpose: To manage user accounts, verify identity, and fulfill orders.
c. Profile Data
Includes: Your preferences, purchase history, engagement patterns, and behavioral interests.
Purpose: To personalize content and offers based on your activity.
d. Communication Data
Includes: Records of any communications with us, including support requests and messages submitted via contact forms.
Purpose: To provide customer service, respond to inquiries, and maintain communication history.
e. Technical Data
Includes: Device information, operating system, browser settings, time zone, and platform details.
Purpose: To ensure system compatibility and enhance security.
f. Transaction Data
Includes: Payment details (limited to necessary non-sensitive payment information), order history, delivery address, and transaction timestamps.
Purpose: To process purchases and fulfill contractual obligations.
g. Preference Data
Includes: Your expressed marketing communication preferences, areas of interest, and cookie consent status.
Purpose: To manage consent and tailor marketing communications.
3. Legal Bases for Processing Your Data
We rely on the following legal bases for processing personal data:
– Consent: For direct marketing communications and cookie usage (where applicable).
– Contractual necessity: Processing essential for the provision of goods or services.
– Legitimate interests: For service improvement, fraud detection, and security enhancement, provided your interests do not override ours.
– Legal obligations: Compliance with lawful requests, tax laws, and other applicable regulations.
4. Your Data Protection Rights
Under GDPR and CCPA, you are entitled to the following rights:
– Right of Access: Obtain confirmation on whether we process your data and access a copy of such data.
– Right of Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data where there is no lawful basis for retention.
– Right to Restrict Processing: Request limitation on the use of your data under certain circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used format and transmit it to another controller.
You may exercise these rights by contacting us at [email protected].
5. Security Measures
We implement comprehensive technical and organizational security measures to protect your personal data, including:
– End-to-end encryption (e.g., SSL/TLS protocols) for data in transit.
– Firewalls and intrusion detection systems.
– Controlled access to data through authentication and authorization.
– Regular data backups and redundancy strategies.
– Ongoing staff training in data privacy compliance and protocols.
6. International Data Transfers
If personal data is transferred outside of the European Economic Area (EEA) or other jurisdictions with similar privacy requirements, we ensure an adequate level of protection via:
– Standard Contractual Clauses approved by the European Commission.
– Transfers to countries recognized as providing an adequate level of data protection.
– Additional technical safeguards, where necessary.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Retention timelines are as follows:
– Usage Data: 12 months after collection unless required longer for analytics.
– Account and Profile Data: Retained until account closure and up to 6 years after for legal compliance.
– Communication Data: 3 years from the last contact.
– Transaction Data: 7 years to comply with tax and accounting obligations.
– Technical and Preference Data: Up to 24 months, unless otherwise required.
8. Cookie Policy
We use cookies and similar technologies to enhance user experience and improve site performance. The categories include:
– Essential Cookies: Required for core website functionality.
– Functional Cookies: Support user preferences and login states.
– Analytics Cookies: Collect anonymized statistical data to understand site usage.
– Performance Cookies: Monitor infrastructure and loading speeds.
These cookies may be set by us or third-party providers that support our services.
9. Cookie Management and Compliance
Visitors from regions governed by GDPR or CCPA may exercise their cookie rights via a consent banner/tool on our site:
– You can accept or deny non-essential cookies.
– You may modify preferences at any time through the “Cookie Settings” interface.
– Browser settings can also be used to block or delete cookies.
– Under CCPA, users may opt out of the “sale” of personal information, if applicable.
10. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have inadvertently collected such information, we will take prompt steps to delete it. Parents or guardians may contact us at [email protected] to request the removal of their child’s data.
11. Policy Updates and Notifications
We may update this Privacy Policy as necessary to remain compliant with legal, technical, or operational changes. When such updates are material, we will notify users via a prominent notice on inner-ear.com or direct communications. Continued use of the website will constitute acknowledgment of any updates.
12. Contact
If you have questions or concerns about this Privacy Policy or our data practices, please contact:
Data Protection Officer
Inner Ear
Email: [email protected]
We are committed to protecting your privacy and ensuring transparency. If you believe your data protection rights have been violated, you also have the right to lodge a complaint with your local supervisory authority.
This Privacy Policy reflects our commitment to upholding the highest standards of data protection in compliance with GDPR, CCPA, and all relevant privacy legislation. For any privacy-related inquiries, please contact us at [email protected].