Privacy Policy
1. Introduction
At BMS NoHo, accessible via bmsnoho.com, we are firmly committed to respecting and upholding your privacy. We recognize the importance of transparency, trust, and the protection of your personal information. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of personal data. We process your information in accordance with the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws, with a strong emphasis on your rights and privacy.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of our website, bmsnoho.com, and outlines how we handle personal data collected through our services, communications, and interactions. For the purposes of relevant data protection legislation, the data controller responsible for your personal data is BMS NoHo. If you have any questions regarding this policy or our data processing practices, you may contact us at [email protected].
3. Categories of Data Processed
We collect and process various categories of personal data, whether directly from you or indirectly through automated technologies, as detailed below:
a. Usage Data
Includes information about your interactions with our website, such as browser type, IP address, geographic location, referring URLs, pages viewed, session duration, and website navigation paths.
b. Account Data
Includes your name, email address, physical address, telephone number, and any other details you provide when registering an account or placing an order.
c. Profile Data
Includes demographic information, purchase history, service preferences, and behavioral insights relevant to your usage of bmsnoho.com.
d. Communication Data
Includes your correspondence with us, including customer support inquiries, chat transcripts, and feedback provided to our team.
e. Technical Data
Includes information about the device you use to access bmsnoho.com, such as device type, operating system, device identifiers, browser settings, time zone, and platform specifications.
f. Transaction Data
Includes details about payments to and from you, order history, billing addresses, and delivery information, though we do not store your full credit card number.
g. Preference Data
Includes your communication preferences, marketing opt-ins, interests in specific products, and your responses to promotional content or surveys.
4. Legal Bases for Processing
We only process your personal data when there is a lawful basis to do so. These bases include:
– Consent: When you have given your clear permission for us to process your personal data for a specific purpose, such as subscribing to marketing communications.
– Contractual Necessity: When processing is required to fulfill a contract with you, including account administration, order fulfillment, and customer support.
– Legitimate Interests: When processing is necessary for our legitimate business interests, except where such interests are overridden by your fundamental rights.
– Legal Obligation: When we are required to process your data to comply with a legal duty.
5. Your Rights
Under GDPR and CCPA, you have the following rights in relation to your personal data:
– Right of Access: You can request access to the personal data we hold about you.
– Right to Rectification: You can request correction of inaccurate or incomplete data.
– Right to Erasure: You can request deletion of your personal data, subject to legal retention obligations.
– Right to Restriction: You may request the restriction of processing your data in certain circumstances.
– Right to Data Portability: You can request that we transfer your data to another provider in a structured, machine-readable format.
– Right to Object: Where we rely on legitimate interests, you may object to our use of your personal data.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement appropriate organizational and technical safeguards to protect personal data, including:
– Encryption of sensitive data in transit using SSL/TLS protocols.
– Restricted access to personal data through authentication and role-based controls.
– Regular secure backups and data recovery procedures.
– Ongoing employee training on data handling best practices and privacy awareness.
Although we take every reasonable step to protect your data, no system is completely secure. You are encouraged to protect your own information by using strong passwords and logging out when necessary.
7. International Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA) or California. In such cases, we ensure that appropriate safeguards are in place, such as the use of Standard Contractual Clauses or compliance with applicable adequacy decisions, to guarantee the same level of data protection as within your jurisdiction.
8. Data Retention
We retain personal data only for the duration necessary to fulfill the purposes for which it was collected, including:
– Usage Data: Up to 12 months for analytics and diagnostics.
– Account & Profile Data: Retained while the account remains active and up to 6 years thereafter for legal compliance.
– Communication Data: Up to 3 years from the date of last correspondence.
– Transaction Data: Up to 7 years for compliance with tax and accounting laws.
– Preference Data: Retained for up to 2 years or until you update your consent preferences.
In all cases, data may be retained for longer periods where it is required for legitimate legal or business purposes.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance your experience on bmsnoho.com. These include:
– Essential Cookies: Necessary for the operation of core website functions.
– Functional Cookies: Enable enhanced functionality, such as remembering your preferences.
– Analytics Cookies: Collect aggregate data on user behavior and website performance.
– Performance Cookies: Help identify issues and optimize loading times and responsiveness.
10. Cookie Management and GDPR/CCPA Compliance
You have the right to manage your cookie consent settings. Our website provides a consent management tool that allows you to opt in or out of non-essential cookies. In compliance with GDPR and CCPA:
– We request explicit consent for non-essential cookies.
– Visitors from applicable regions can withdraw or modify consent at any time.
– We honor browser “Do Not Track” signals where applicable.
You can also manage cookies through your browser settings; however, disabling certain cookies may affect website functionality.
11. Special Protections for Children Under 13
Our services are not directed to, and we do not knowingly collect data from, children under the age of 13. If we become aware that we have collected personal data from a child under the age of 13 without verified parental consent, we will take immediate steps to delete such data. Parents or legal guardians who believe their child has submitted personal data are encouraged to contact us at [email protected].
12. Policy Updates and User Notifications
We reserve the right to update this Privacy Policy at our discretion. You are responsible for reviewing the policy periodically. In the event of material changes, we will provide users with reasonable notice through the website, email communications, or other appropriate channels. Continued use of bmsnoho.com following such changes will constitute your acknowledgment of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is processed, please contact us at:
Email: [email protected]
Website: https://bmsnoho.com
We are committed to upholding the highest standards of privacy and will respond to all privacy-related inquiries in a timely and transparent manner.
Thank you for trusting BMS NoHo with your personal data. Your privacy is our priority.