Privacy Policy for CoreLoot

CoreLoot (“we,” “our,” or “us”) is committed to safeguarding your privacy and the protection of your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website coreloot.com. We adhere to applicable data protection regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), to ensure your rights are respected and your data is properly protected.

1. Commitment to Privacy and Data Protection

We take your privacy seriously. Our data practices are designed to limit data collection to only that which is necessary, use your information in lawful, transparent ways, and maintain the integrity and confidentiality of the data we process. We continually review and update our policies and systems to reflect best practices in data privacy and security.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all visitors, users, and others who access coreloot.com. CoreLoot, as the data controller, is responsible for determining the purposes and means of processing your personal data. This policy covers data collected both directly and indirectly when you use our website and services.

For any inquiries or requests concerning your personal data, you may contact us at: [email protected]

3. Categories of Personal Data Collected

We may collect and process the following types of personal data:

a. Usage Data
This includes information about how you use coreloot.com. It may include your IP address, browser type and version, time zone settings, operating system, pages visited, session duration, and navigation paths.

b. Account Data
When you register an account, we collect your name, email address, postal address, phone number, and any other information you voluntarily provide.

c. Profile Data
We collect details related to your interests, purchasing behavior, and preferences when you interact with our services, such as product views, wish list items, and order history.

d. Communication Data
Includes records of correspondence when you contact us with support requests, inquiries, or feedback. This may involve emails, chat logs, or forms submitted via our website.

e. Technical Data
We gather data about the devices and technologies you use to access the site, such as device identifiers, operating system type and version, browser plugins, and system configurations.

f. Transaction Data
In processing orders or services, we collect billing and payment information, purchase history, delivery details, and relevant financial details necessary to complete the transaction (via secure third-party processors).

g. Preference Data
We record your marketing and communication preferences, including opt-ins or opt-outs from newsletters, promotional emails, surveys, and product offerings.

4. Legal Bases for Processing Personal Data

We process your data under the following legal bases, as required by GDPR:

– Contractual necessity: to fulfill obligations arising from contracts entered into with you (e.g., processing your purchases).
– Legitimate interests: for the improvement of our services, fraud prevention, and ensuring website functionality, provided those interests do not override your fundamental rights and freedoms.
– Consent: for sending marketing communications and using certain cookies, where consent is required.
– Legal obligation: to comply with applicable legal and regulatory requirements.

5. Your Rights Under GDPR and CCPA

As a data subject, you have the following rights:

– Right of Access: Obtain confirmation on whether we process your personal data and access a copy.
– Right to Rectification: Request correction of any inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your personal information, subject to our legal obligations.
– Right to Restriction: Restrict processing where you contest data accuracy or object to processing.
– Right to Data Portability: Obtain your personal data in a structured, machine-readable format for transmission to another controller.
– Right to Object (GDPR) or Opt-Out (CCPA): Object to processing for direct marketing or profiling purposes.
– Right Not to Be Subjected to Automated Decision-Making: In cases where automated processing produces legal effects, you have the right to human intervention.
– Right to Non-Discrimination (CCPA): We will not deny services, charge different prices, or provide a different level of service for exercising your rights.

To exercise any of these rights, contact us at [email protected].

6. Security Measures

We implement robust technical and organizational measures to secure your personal data, including but not limited to:

– SSL encryption for data transmission
– Role-based access control
– Secure servers and firewalls
– Regular backups and redundancy
– Employee privacy training and access governance
– Security audits and penetration testing

While we take every reasonable precaution, no transmission method or storage system is completely secure. We encourage you to also take personal precautions such as using strong passwords and regularly updating your devices.

7. International Data Transfers

Where data is transferred outside the European Economic Area or other jurisdictions with comprehensive data protection laws, we ensure that such transfers comply with applicable requirements by leveraging appropriate safeguards such as:

– Standard Contractual Clauses approved by the European Commission
– Transfer adequacy decisions
– Binding Corporate Rules (where applicable)

We take proactive steps to ensure your data receives a level of protection consistent with the applicable laws in your jurisdiction.

8. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected:

– Account Data: retained for the duration of the user’s account and a maximum of 5 years afterward unless legally required to retain longer.
– Transaction Data: retained for at least 7 years to fulfill tax and accounting obligations.
– Marketing Preferences: retained until a user revokes consent or unsubscribes.
– Communication Records: retained up to 3 years to review support history and improve services.
– Technical and Usage Data: retained for 12 to 24 months in anonymized or aggregated form for analytics and optimization.

9. Cookie Policy

CoreLoot uses cookies and similar tracking technologies to enhance user experience and analyze site performance. Cookies include:

– Strictly Necessary Cookies: Essential for navigation and accessing secure areas.
– Functional Cookies: Enable personalization features such as remembering login details.
– Performance Cookies: Collect aggregated statistics (e.g., Google Analytics) to measure traffic and behavior.
– Analytics Cookies: Help understand how users engage with the content and site functionality.

10. Cookie Management and Compliance with GDPR & CCPA

You will be presented with a cookie consent banner when you first visit coreloot.com. You can manage your consent settings and opt-out of non-essential cookies at any time via the “Cookie Preferences” link in the website footer.

Most browsers also allow you to manage cookie settings manually, including blocking or deleting cookies. Note, however, that disabling certain cookies may limit functionality.

In compliance with CCPA and GDPR, we honor “Do Not Track” signals and provide options to withdraw your cookie consent at any time.

11. Children’s Privacy

Our services are not directed at children under the age of 13, and we do not knowingly collect personal data from minors. If we learn that we have inadvertently collected personal data from a child without verifiable parental consent, we will take steps to delete such data.

Parents or guardians who believe their child has submitted personal information to us may contact us at [email protected].

12. Policy Updates & User Notifications

We reserve the right to amend this Privacy Policy as necessary to reflect changes in the law or our services. Substantial changes will be communicated through clear and conspicuous notices on our website or, where appropriate, directly via email or platform notifications.

Continued use of coreloot.com indicates your acceptance of the Privacy Policy in its current revision.

13. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

Email: [email protected]
Website: www.coreloot.com

—

CoreLoot is committed to maintaining full compliance with relevant data privacy laws, including GDPR and CCPA. If you have privacy concerns or wish to assert your rights under this policy, please reach out to us at [email protected].