Privacy Policy
1. Introduction
At TwentyFour20 (“we”, “our”, “us”), accessible via https://twentyfour20.com (“Website”), we are committed to respecting and protecting your privacy and personal data. We prioritize transparency and accountability in how we collect, use, store, and share your personal information. This Privacy Policy outlines how we process personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and others who access or use our Website and services. For the purposes of the GDPR, TwentyFour20 is the data controller of your personal data. If you have any questions about this policy or our handling of personal data, you may contact us at [email protected].
3. Categories of Data We Process
In the course of operating our Website and services, we collect and process the following categories of personal data:
a. Usage Data:
Includes information such as your browser type, IP address, referring/exit pages, device identifiers, session duration, time zone settings, and other diagnostic data gathered through web analytics tools (e.g., cookies and server logs).
b. Account Data:
Comprises information you provide upon creating an account or registering for our services, such as your full name, billing/shipping addresses, email address, and telephone number.
c. Profile Data:
Includes preferences, purchase history, feedback, browsing behavior, and interests indicated on the Website, such as saved items or areas of engagement.
d. Communication Data:
Encompasses any correspondence or messages sent via our contact forms, customer support requests, email communication, or live chat history.
e. Technical Data:
Covers device type, operating system, mobile network information, screen resolution, and other configurations that support the operation and functionality of the Website.
f. Transaction Data:
Relates to purchases or booking records, including payment amounts, billing records, delivery and fulfillment details, and purchase confirmations. Payment processing is handled by authorized third-party providers and we do not store credit card numbers or banking credentials.
g. Preference Data:
Includes your consent to receive marketing communications, response to promotions, and details provided for customizing your experience on the Website.
4. Legal Bases for Processing
We only process personal data where a lawful basis exists under data protection law. These include:
– Consent: Where you have clearly agreed to the use of your data for specific purposes (e.g., marketing communications).
– Contractual Necessity: To fulfill our obligations under a contract with you (e.g., processing your orders).
– Legal Obligation: Where required by law or regulatory obligations (e.g., fraud prevention, tax records).
– Legitimate Interests: When processing is necessary for our legitimate business interests, provided these interests are not overridden by your own rights and freedoms (e.g., improving Website performance, conduct analytics).
5. Your Rights
As a data subject under GDPR and CCPA, you may have the following rights:
– Right of Access: Request access to personal data we hold about you.
– Right of Rectification: Correct inaccuracies or complete incomplete data.
– Right to Erasure: Request deletion of your data when no longer necessary or when consent is withdrawn.
– Right to Restrict Processing: Request limitation of your data processing in certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interest and direct marketing.
– Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of your rights, please contact us at [email protected].
6. Security Measures
We implement robust technical and organizational measures to ensure the confidentiality, integrity, and availability of your personal data. These include:
– Secure encryption of personal and transactional data during transmission and storage
– Role-based access controls and administrative safeguards to limit unauthorized access
– Routine backups and data restoration procedures
– Security-focused staff training and strict internal guidelines for data handling
7. International Data Transfers
Your data may be transferred and maintained on servers located outside your country or the European Economic Area (EEA), where data protection regulations may differ. When data is transferred internationally, we apply appropriate safeguards, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission or other valid legal mechanisms, to ensure your personal information is afforded a level of protection consistent with EU and international data protection standards.
8. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this Policy. Retention periods vary depending on the type of data:
– Usage and Technical Data: Retained for up to 14 months for analytics and security purposes.
– Account and Profile Data: Retained as long as the user account is active and for up to 2 years after inactivity.
– Transaction Data: Retained for 6 years to comply with financial and legal obligations.
– Communication Data: Retained for up to 3 years for service quality and dispute resolution.
– Preference Data: Retained for up to 2 years or until consent is withdrawn.
9. Cookie Policy
Cookies and similar technologies are used on twentyfour20.com to enhance user experience, provide essential functionality, and gather insights into user behavior. We categorize our cookies as follows:
– Essential Cookies: Necessary for website functionality and security.
– Functional Cookies: Enable preference settings and personalized content.
– Analytics Cookies: Help us understand how visitors interact with our Website (e.g., Google Analytics).
– Performance Cookies: Support website performance optimization and usability testing.
10. Cookie Management and Compliance
Upon your first visit to our Website, we present a cookie banner enabling you to accept, reject, or customize your cookie preferences in accordance with GDPR and CCPA. You can modify or revoke your cookie choices at any time via your browser settings or the Cookie Settings panel on our Website.
Under the CCPA, California residents have the right to opt out of the “sale” of personal information. We do not sell personal data in the conventional sense but honor “Do Not Sell My Personal Information” requests to align with CCPA definitions. To exercise this right, contact us at [email protected].
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If you believe that a child under 13 has provided us with personal information without parental consent, please contact us immediately. We will promptly delete such data in compliance with the Children’s Online Privacy Protection Act (COPPA) and other applicable laws.
12. Policy Updates & Notifications
We reserve the right to update or modify this Privacy Policy at our discretion and at any time in response to changes in legal requirements, technology, or business operations. In the event of material changes, we will notify you via email (where appropriate), prominent notice on our Website, or other reasonable means, and invite you to review the updated Privacy Policy.
13. Contact Us
If you have any questions, concerns, or requests related to this Privacy Policy or our handling of your personal data, please contact:
Email: [email protected]
Website: https://twentyfour20.com
We strive to maintain full compliance with applicable data protection laws and are committed to resolving any privacy-related issues transparently and promptly. Please reach out if you have any concerns about your privacy or how we process your personal data.