Privacy Policy for Girton Labs

1. Introduction

At Girton Labs, accessible at girtonlabs.com, we are firmly committed to protecting the privacy and personal data of our users in accordance with the highest standards of data protection and transparency. This Privacy Policy outlines how we collect, process, use, and protect your information when you interact with our website, use our services, or communicate with us. We prioritize your privacy and handle your data in compliance with applicable data protection laws, including the European General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope and Data Controller

This Privacy Policy applies to all personal data processed through your use of girtonlabs.com and any related services. Girton Labs is the data controller responsible for the processing of personal data under this policy. If you have any concerns about how your data is handled, you may contact us directly at [email protected].

3. Categories of Data We Process

We collect and process several categories of personal data to deliver and improve our services:

a) Usage Data:
Includes information about how you interact with girtonlabs.com, such as IP address, browser type, browser version, pages visited, time and date of visits, time spent on pages, and other diagnostic and analytical data.

b) Account Data:
Information provided when you create an account or manage your user profile, including your full name, billing and shipping address, email address, and telephone number.

c) Profile Data:
Details about your purchases, interests, preferences, feedback, and use of our products and services.

d) Communication Data:
Records of your correspondence with us, including queries submitted through contact forms or customer support communications.

e) Technical Data:
Information from the device and systems you use to access our website, including device type, operating system, system configuration, and geolocation data (as applicable and permitted by you).

f) Transaction Data:
Records of transactions you have completed through our website, including payment details (subject to PCI-DSS-compliant processing), delivery address, and order history.

g) Preference Data:
Your marketing and communication preferences, including opt-in consents and selected interests or topics.

4. Legal Bases for Processing Personal Data

We process your personal data under the following legal grounds:

– Performance of a Contract: Where required to deliver our services or fulfill agreements with you.
– Legitimate Interests: For purposes including service optimization, customer support, website analytics, and fraud prevention.
– Legal Obligation: Where necessary to comply with legal or regulatory requirements.
– Consent: Where you have expressly given us permission for a specific purpose, such as receiving marketing communications.

5. Your Rights Under Data Protection Laws

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

– Right of Access – You may request a copy of the data we hold about you.
– Right to Rectification – You may ask us to correct inaccurate or incomplete data.
– Right to Erasure – You may request deletion of your data where permissible by law.
– Right to Restriction – You may request limited processing of your data under certain circumstances.
– Right to Data Portability – You can request that your personal data be transferred to another service provider in a structured, commonly used format.
– Right to Object – You have the right to object to processing based on our legitimate interests or for marketing purposes.

You may exercise your data rights at any time by contacting us at [email protected].

6. Data Security Measures

We implement robust administrative, technical, and physical safeguards to protect your personal data. These include:

– Encryption of data in transit and at rest
– Access controls with least-privilege principles
– Regular system backups and disaster recovery procedures
– Security awareness and compliance training for employees
– Routine monitoring for unauthorized access or vulnerabilities

7. International Data Transfers

If we transfer your data outside the European Economic Area (EEA), United Kingdom, or other jurisdictions with data export requirements, such transfers are made under approved Standard Contractual Clauses or other legally recognized mechanisms to ensure an adequate level of protection.

8. Data Retention

We retain personal data only as long as necessary to fulfill the purpose for which it was collected, to comply with legal obligations, or to resolve disputes. Retention periods vary:

– Usage Data: Up to 12 months
– Account Data: Stored for the duration of your account and up to 6 years thereafter
– Communication Data: Stored for a period of 3 years
– Transaction Data: Retained for at least 6 years to meet financial and tax obligations
– Preference Data: Stored indefinitely unless consent is withdrawn

When data is no longer needed, it is securely deleted or anonymized.

9. Cookie Policy

Our website uses cookies and similar tracking technologies for the following purposes:

a) Essential Cookies:
Required for proper website functionality and to enable secure login, navigation, and access to features.

b) Functional Cookies:
Enhance your experience by remembering your preferences and settings.

c) Analytics Cookies:
Help us understand how visitors use girtonlabs.com through tools such as Google Analytics, enabling us to improve the website experience and performance.

d) Performance Cookies:
Used to analyze system performance and help resolve technical issues.

10. Cookie Management & Compliance

You will be presented with a cookie consent banner when you first access girtonlabs.com. You may manage your cookie preferences at any time through our cookie settings interface. We honor Do Not Track signals and comply with opt-out requirements under the CCPA and the consent requirements under the GDPR.

11. Children’s Data Protection

Our website and services are not intended for children under the age of 13. We do not knowingly collect or process personal data related to children. If we become aware that data from a child under 13 has been inadvertently collected, we will take steps to delete such information immediately. Parents or legal guardians may contact us at [email protected] to exercise rights on behalf of their children.

12. Policy Updates

We may revise this Privacy Policy periodically to reflect legal, regulatory, or operational changes. All updates will be posted on this page. We recommend reviewing this policy regularly to stay informed about how we protect your personal information. Changes that materially affect processing will be communicated prominently through the website or via email.

13. Contact Information

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us at:

Email: [email protected]
Website: https://www.girtonlabs.com

We are committed to full compliance with applicable data protection laws and to resolving any privacy complaints diligently and transparently.