Privacy Policy
At S.F. O’Reilly’s (sforeillys.com), we are firmly committed to respecting and protecting your privacy and personal data. This Privacy Policy is designed to inform you about how we collect, use, disclose, and safeguard information when you visit our website or interact with us online. We uphold the highest standards of data protection and compliance with applicable regulations, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Commitment to Privacy and Data Protection
We prioritize your privacy and are committed to processing your personal information in a transparent, lawful, and fair manner. This policy outlines the principles we follow when handling your data and affirms our obligation to safeguard your rights and freedoms.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of the website sforeillys.com and any associated services made available through it. S.F. O’Reilly’s is the “data controller” as defined under the GDPR and is responsible for determining the purposes and means of processing your personal data. For residents of California, we operate as a “business” under the CCPA framework.
3. Categories of Personal Data We Process
We may collect and process the following categories of data, either directly from you or automatically through your use of our website or services:
a. Usage Data
Includes information such as IP address, browser type, geographic location, internet service provider, pages visited, referring/exit pages, session times, and other diagnostic data collected through cookies and similar technologies.
b. Account Data
Includes details you provide in account creation or correspondence such as your full name, billing/shipping address, email address, and telephone number.
c. Profile Data
Includes your interests, preferences, past purchases, behavioral data, and data generated through your engagement with our site and services.
d. Communication Data
Includes information you provide in contact forms, customer service interactions, email correspondences, and feedback submissions.
e. Technical Data
Includes device model, operating system, screen resolution, browser type, language settings, network type, and other device identifiers.
f. Transaction Data
Includes records of products purchased, billing and delivery addresses, payment methods (tokenized or masked where applicable), and transaction timestamps.
g. Preference Data
Includes your marketing communication preferences, promotional opt-ins, and product category preferences.
4. Legal Bases for Processing Personal Data
We process your personal data only when we have a legal basis to do so, which may include:
– Your explicit consent for specific purposes (e.g., to receive marketing communications).
– Performance of a contract with you (e.g., processing your purchase).
– Compliance with a legal obligation (e.g., tax and accounting records).
– Our legitimate interests (e.g., ensuring website security, preventing fraud, improving customer experience), provided those interests are not overridden by your rights and interests.
5. Your Rights as a Data Subject
Subject to applicable laws, you have the following rights regarding your personal data:
– Right of Access: Request a copy of the data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, where legally permissible.
– Right to Restrict Processing: Request limited processing of your data in specified circumstances.
– Right to Data Portability: Request transfer of your personal data to another controller in a structured, commonly used, and machine-readable format.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
To exercise any of the above rights, please contact us at: [email protected]
6. Security Measures
We implement robust technical and organizational measures to secure your data against unauthorized access, loss, misuse, or alteration. These include:
– Encryption: All transactional areas are secured with SSL/TLS encryption.
– Access Controls: Role-based access systems limit access to sensitive data.
– Backups: Regular, encrypted backups ensure data integrity and recoverability.
– Staff Training: Employees are regularly trained in data privacy standards and security best practices.
7. International Transfers
Where data is transferred outside of the European Economic Area (EEA) or other jurisdictions with adequacy decisions, such transfers are conducted under legally compliant mechanisms, including Standard Contractual Clauses and applicable supplementary measures, ensuring an equivalent level of protection.
8. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected or to comply with legal, regulatory, or contractual requirements. Specific retention periods include:
– Usage Data: Up to 12 months.
– Account and Transaction Data: Retained for 7 years for tax and legal purposes.
– Communication Data: Retained for 3 years post-interaction.
– Preference Data: Stored until user opts out or otherwise updates preferences.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience, analyze site usage, and support marketing efforts. These include:
– Essential Cookies: Necessary for basic website functionality and secure access.
– Functional Cookies: Support personalization and remembering your preferences.
– Analytics Cookies: Help us understand user behavior via tools like Google Analytics.
– Performance Cookies: Improve site performance and load times.
10. Cookie Management and Compliance
Consent to cookie usage is obtained upon your first visit to sforeillys.com via a compliant cookie consent banner. You may manage or withdraw your consent at any time through our cookie settings tool or by adjusting browser settings. Our practices follow both GDPR and CCPA requirements regarding cookie transparency and user control.
11. Children’s Privacy
S.F. O’Reilly’s does not knowingly process personal data of children under the age of 13. If you are a parent or guardian and believe we have collected information about a child without appropriate consent, please contact us immediately at [email protected] so we can take appropriate action.
12. Policy Updates and Notifications
We reserve the right to update this Privacy Policy to reflect changes in legal, technical, or commercial practices. While users are encouraged to review this page periodically, material changes will be communicated via the website interface, email notices, or other reasonable means.
13. Contact Us
For questions, requests, or concerns regarding your personal data or this Privacy Policy, please contact:
Data Privacy Officer
Email: [email protected]
We value your privacy and are fully committed to appropriate data stewardship. For further details or to exercise your rights under applicable law, please do not hesitate to reach out to us.