PRIVACY POLICY
At A Thinking Sam, accessible via athinkingsam.com, we are deeply committed to protecting your personal data, respecting your privacy, and ensuring transparency in how we collect, use, and protect your information. This Privacy Policy outlines our practices concerning the collection, processing, storage, and sharing of your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction
At A Thinking Sam, we understand the importance of privacy and data integrity. We are committed to safeguarding personal information and processing your data responsibly. Through technical safeguards and a privacy-conscious culture, we aim to provide a safe and trustworthy digital experience.
2. Scope of This Policy & Data Controller Role
This Privacy Policy applies to all personal data we collect through our website (athinkingsam.com), communications, services, and related digital platforms. For the purposes of the GDPR, A Thinking Sam is the data controller of your personal data, meaning we determine the purposes and manner in which your data is processed. If you are a resident of California, this Privacy Policy also serves as your notice at collection under the CCPA.
3. Categories of Personal Data We Process
We collect and process a variety of personal data to deliver, improve, and personalize our services. The categories of data include:
a. Usage Data
Includes information about how you interact with our website, such as your IP address, browser type, geographic location, access time, pages viewed, and system logs.
b. Account Data
Information you provide when creating an account, including your full name, address, email address, and telephone number.
c. Profile Data
Includes your preferences, service usage behavior, product interests, prior purchases, and account settings.
d. Communication Data
Data exchanged when you contact us for support, submit inquiries, or correspond via email or contact forms, including message content and contact history.
e. Technical Data
Device information such as device type, operating system, system configurations, browser specifications, screen resolution, and referring website addresses.
f. Transaction Data
Payment transaction history, delivery addresses, purchase amounts, dates, and limited billing metadata (processed securely via compliant third-party processors).
g. Preference Data
Marketing preferences, newsletter subscriptions, event RSVP responses, and consent records for promotional or non-essential communications.
4. Legal Bases for Processing
We rely on the following lawful bases under the GDPR to collect and process your personal data:
– Consent: Where you have proactively given us permission (e.g., subscribing to a newsletter).
– Performance of a Contract: When processing is necessary for fulfilling our contractual obligations to you.
– Legitimate Interests: For purposes such as improving website functionality, ensuring security, or understanding customer behavior (balanced against your privacy rights).
– Legal Obligation: Where processing is required by law, regulation, or court order.
For California residents, we may collect, use, share, or sell personal information as defined under the CCPA and in accordance with its requirements.
5. Your Rights
Under GDPR and, where applicable, similar legislation such as CCPA, you have the following rights:
– Right of Access: Obtain confirmation and copies of the personal data we hold about you.
– Right to Rectification: Correct inaccurate or incomplete information.
– Right to Erasure: Request the deletion of your data under certain circumstances.
– Right to Restrict Processing: Ask us to pause processing while a dispute or issue is being resolved.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another provider.
– Right to Object: Object to processing that relies on legitimate interests or direct marketing.
– Right to Non-Discrimination: You will not receive discriminatory treatment for exercising your rights under the CCPA.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request.
6. Security Measures
We implement reasonable and appropriate technical and organizational safeguards to protect your data against unauthorized access, loss, alteration, or destruction. These include:
– Encryption of data-in-transit and at-rest
– Multi-factor authentication and strict access control protocols
– Routine backups and data redundancy protocols
– Secure hosting environments with firewalls and intrusion detection systems
– Staff training on security and data confidentiality
7. International Data Transfers
Your data may be transferred to and processed in countries that may not have the same level of data protection as your jurisdiction. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or reliance on service providers certified under recognized international frameworks.
8. Data Retention
We retain your personal data only for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, including to satisfy any legal, accounting, or reporting requirements. Specific retention periods include:
– Usage Data: Up to 2 years
– Account and Profile Data: As long as your account is active plus up to 5 years
– Communication and Support Data: 3 years
– Transaction Data: 7 years (for legal/tax compliance)
– Preference and Consent Records: Until consent is withdrawn or account deletion is requested
9. Cookie Policy
We use cookies and similar technologies to optimize your experience at athinkingsam.com. These include:
– Essential Cookies: Required for website functionality and security
– Functional Cookies: Enable personalization and enhanced features
– Analytics Cookies: Gather usage statistics for service improvement
– Performance Cookies: Monitor performance and detect issues
10. Cookie Management & Compliance
When visiting the site, you will be presented with a cookie banner that allows you to accept or reject non-essential cookies in compliance with GDPR and CCPA standards. You can also manage cookie preferences through your browser settings or update your consent via our website’s cookie settings interface.
11. Children’s Privacy
Our website and services are not directed at children under the age of 13. We do not knowingly collect, use, or disclose personal information from children. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at [email protected] and we will take prompt steps to delete such information.
12. Policy Updates & Notification
We reserve the right to revise or amend this Privacy Policy. Any changes will be posted prominently on athinkingsam.com. Material changes may also be communicated by email or through in-platform notifications. Continued use of the site following such changes constitutes your acceptance of the revised terms.
13. Contact Us
If you have questions about this Privacy Policy, your personal data, or how we handle privacy at A Thinking Sam, please contact our team:
Email: [email protected]
We are firmly committed to maintaining your trust and are fully aligned with current data protection laws, including the GDPR and the CCPA. For any privacy concerns, inquiries, or complaints, we encourage you to contact us directly.