Privacy Policy
Thank you for visiting Cantoluz (“we”, “us”, or “our”). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection regulations. This Privacy Policy outlines how we collect, use, share, and protect your personal information when you visit or use our website, cantoluz.com, or engage with our services.
1. Commitment to Privacy and Data Protection
We prioritize the privacy and integrity of your personal information. At cantoluz.com, we handle your data with transparency and care. We only collect and process data that is necessary for delivering our services, improving user experience, and meeting our legal obligations. We ensure appropriate controls are in place to safeguard your personal information from unauthorized access, misuse, or disclosure.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all visitors to cantoluz.com and all users of our services, including customers, prospects, and website visitors. For the purposes of applicable data protection legislation, Cantoluz is the designated data controller concerning the personal data you provide on our website or through other means.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data – Information about how you use the website and services, including IP address, browser type, session duration, referring pages, and activity logs.
b. Account Data – Information you provide when creating an account, including name, postal address, email address, and phone number.
c. Profile Data – Data related to your user preferences, purchase history, browsing behavior, and interests in specific products or services.
d. Communication Data – Records of communications with us, including inquiries, support requests, email exchanges, and feedback.
e. Technical Data – Device identification information, operating system version, browser configurations, screen resolution, and other system attributes.
f. Transaction Data – Details relating to purchases made via our platform, including payment card data, billing addresses, shipping preferences, and order details.
g. Preference Data – Consents given for marketing communications, product alerts, newsletters, and noted product interests or categories.
4. Legal Bases for Processing
We process personal data based on one or more of the following lawful bases:
– Consent: Where you have explicitly agreed to our processing of your data for specific purposes (e.g., newsletters).
– Contract: To fulfill contractual obligations where you have signed up for a service or made a purchase.
– Legal obligation: Where processing is required to comply with applicable legal or regulatory obligations.
– Legitimate interest: When processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and freedoms (e.g., website security, fraud prevention, service improvements).
5. Your Rights
You have the following rights under the GDPR and, where applicable, the CCPA:
– Right of Access: Request details of personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal information, subject to legal exceptions.
– Right to Restriction: Request that we limit processing of your data under certain conditions.
– Right to Data Portability: Obtain a copy of your data in a structured, machine-readable format or request its transfer to another service provider.
– Right to Object: Object to processing based on legitimate interest or direct marketing purposes.
– Right to Non-Discrimination (under CCPA): Exercise your rights without being denied goods or services for doing so.
To exercise any of these rights, you may contact us at [email protected].
6. Security Measures
We implement robust administrative, physical, and technical safeguards to protect your data. These include:
– Data encryption during transmission and at rest
– Multi-layered access control to systems handling personal data
– Regular security risk assessments and audits
– Intrusion detection and response mechanisms
– Staff training on privacy and data protection obligations
– Disaster recovery and backup protocols to ensure business continuity
7. International Transfers
Your personal data may be transferred to and processed in countries outside of your jurisdiction, including countries that may not offer the same level of data protections as those in your region. Where such transfers occur, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission or rely on adequacy decisions, to ensure adequate data protection rights.
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this policy, or where we are legally required to retain the data. The retention periods generally consist of:
– Usage and Technical Data: up to 24 months
– Account and Transaction Data: up to 7 years post-transaction
– Communication and Support Data: up to 2 years after last communication
– Preference and Consent Data: while valid consent remains in effect or until withdrawn
Upon expiration of retention periods, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies on cantoluz.com to enhance website functionality and usability. These may include:
– Essential Cookies: Necessary for website performance and core features (e.g., shopping cart, log-in functionality).
– Functional Cookies: Enhance personalization and user preferences.
– Analytical Cookies: Collect anonymous statistics on site use and performance to help us improve services.
– Performance Cookies: Track navigational behavior to optimize loading speed and responsiveness.
10. Cookie Management and Compliance
Under GDPR and CCPA, users have the ability to manage cookie preferences. On accessing cantoluz.com, you will be presented with a cookie banner allowing the selection of cookie categories. You can modify your preferences or withdraw consent at any time via your browser settings or the “Cookie Settings” link on our website.
Users in California may opt-out of the “sale” of personal data as defined under the CCPA.
11. Special Protections for Children
Cantoluz does not knowingly collect or solicit personal data from individuals under the age of 13. If you believe a child under 13 has provided us with personal data without appropriate parental consent, please contact us immediately at [email protected] so we may promptly delete the information.
12. Policy Updates and Notifications
We may update this Privacy Policy from time to time in response to changes in our processing practices, legal requirements, or service offerings. All updates will be posted on cantoluz.com, and where required by law, you will be notified via prominent notice or email communication to registered users.
13. Contact
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, you may contact us by email at:
We are committed to maintaining your trust and ensuring your personal data is handled in a fair, lawful, and transparent manner. For any privacy-related concerns, please do not hesitate to reach out.