Privacy Policy
1. Introduction
At John Rex (accessible via john-rex.com), we are firmly committed to safeguarding the privacy and personal data of our users. We recognize the importance of protecting individual privacy and ensuring the secure and transparent use of personal information. This Privacy Policy outlines how we collect, use, store, and safeguard your information and explains your rights under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). We adopt a privacy-first approach, implementing industry best practices to uphold data security and user trust.
2. Scope and Data Controller
This Privacy Policy applies to all data collected by or on behalf of john-rex.com. For the purposes of applicable data protection laws, the data controller responsible for your personal data is John Rex, which operates the website john-rex.com. You may contact the data controller at [email protected] for all privacy-related matters.
This Policy governs all personal data collected or processed via the website, including information voluntarily submitted through contact forms, transactions, and user interactions with the site.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a) Usage Data: Information related to your use of the website, including browser type and version, IP address, device type, operating system, time zone setting, session duration, page interactions, and referral sources.
b) Account Data: Information provided when you register or maintain an account on the site, such as your name, billing and shipping address, email address, and telephone number.
c) Profile Data: Details concerning your preferences, previous purchases, activity within user portals, wishlists, and behavioral patterns on the website.
d) Communication Data: Information included in communications sent through contact forms, support channels, or correspondence via email, including feedback and customer service history.
e) Technical Data: Hardware specifications, configuration data, diagnostic reports, log files, and crash reports related to use of the website on different devices and platforms.
f) Transaction Data: Purchase history, payment information (excluding full credit card numbers), delivery information, and order metadata.
g) Preference Data: Marketing and communication preferences, interest areas, and opt-in or opt-out choices regarding newsletters or promotional content.
4. Legal Bases for Processing
We process your personal data only when we have a lawful basis to do so under applicable law:
– Consent: Where you have explicitly given us permission to process your data for a specified purpose (e.g., promotional emails).
– Contractual Necessity: Where processing is necessary to enter into or fulfill a contract with you (e.g., processing orders).
– Legal Obligation: Where we are legally required to process your data (e.g., for accounting or regulatory compliance).
– Legitimate Interest: Where processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and freedoms (e.g., service improvement, fraud prevention).
5. Your Rights
Subject to applicable data protection laws, you have the following rights:
– Right of Access: You may request confirmation as to whether we process your data and access to such data.
– Right of Rectification: You may request correction of inaccurate or incomplete data.
– Right of Erasure: You may request deletion of your personal data, where we are not otherwise legally required to retain it.
– Right to Restrict Processing: You may have the right to restrict how we process your personal data under certain conditions.
– Right to Data Portability: Where legally applicable, you have the right to receive your data in a machine-readable format and to transmit it to another controller.
– Right to Object: You can object to certain types of processing, including marketing-related profiling or when processing is based on our legitimate interests.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement appropriate organizational and technical measures to ensure a high level of security, confidentiality, and integrity of your personal information. Our security measures include, but are not limited to:
– Encryption of data in transit and at rest.
– Secure access protocols for internal systems and staff.
– Routine backups of critical data.
– Security awareness training for staff members.
– Role-based access controls and internal audits.
While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or method of storage is completely secure. Therefore, we cannot guarantee absolute security.
7. International Data Transfers
Personal information collected from users may be transferred to, stored in, or processed in jurisdictions outside of your own, including the United States and other countries that may not have equivalent data protection laws. In such cases, we implement safeguards compliant with applicable law, such as Standard Contractual Clauses approved by the European Commission or reliance on adequacy decisions.
By using john-rex.com and submitting your data, you consent to the transfer of your information as described herein, consistent with applicable data protection legislation.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes it was collected for, including to satisfy legal, accounting, or reporting obligations. Typical retention periods include:
– Usage and Technical Data: 12–18 months
– Transaction and Account Data: 7 years (in accordance with legal and tax requirements)
– Communication Data: 3 years after last contact
– Marketing Preference Data: Until opt-out or withdrawal of consent
After the expiration of the applicable retention period, personal data is irreversibly deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to provide essential functionality, enhance user experience, and analyze traffic. Categories include:
a) Essential Cookies: These are necessary for the core functioning of the website, such as navigation and access to secure areas.
b) Functional Cookies: Enable enhanced features such as remembering your preferences or settings.
c) Performance Cookies: Collect aggregated, anonymous data on how users interact with the website to improve performance.
d) Analytics Cookies: Provided by third parties such as Google Analytics, these track user behavior to help us optimize content and marketing effectiveness.
10. Cookie Management and Compliance
In accordance with GDPR and CCPA directives:
– Upon your first visit, we present a cookie consent banner that allows you to control non-essential cookies.
– You may manage your preferences at any time through our Cookie Settings tool available at the footer of john-rex.com.
– Users from jurisdictions where data protection laws apply are given opt-in or opt-out options as required for non-essential cookies.
You can also disable cookies at the browser level, although this may impact functionality.
11. Children’s Privacy
The website john-rex.com is not intended for or directed to children under the age of 13. We do not knowingly collect personal information from anyone under 13 years of age. If we become aware that we have inadvertently collected information from a child under this age, we will promptly delete such data. If you believe we may have collected such data, please contact us at [email protected].
12. Policy Updates
We reserve the right to update or modify this Privacy Policy at any time, to reflect changes in legal requirements, our business practices, or technology. Significant changes will be communicated to users via the website or through other appropriate channels. We encourage you to periodically review this page to remain informed of how we protect your data.
13. Contact Us
For any inquiries, concerns, or requests related to this Privacy Policy or your personal data rights, please contact our data protection representative at:
Email: [email protected]
We are fully committed to complying with the requirements of the GDPR and CCPA and are available to address any concerns regarding your personal information.