Welcome to thechoceur.com, home of Choceur® Chocolate! We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you about how we collect, use, and protect your personal information when you visit our website.
What Personal Data We Collect
When you visit thechoceur.com, we may collect the following types of personal data:
- Contact Data: Information you provide when you contact us via email, online forms, or social media channels. This may include your name, email address, phone number, and any message content.
- Account Data: Information you provide when creating an account on our website. This may include your name, email address, phone number, login credentials, and any other information required to manage your account.
- Transaction Data: Details about payments or orders you make on our website, which may include payment card details and billing/shipping addresses.
- Technical Data: Information about your visits to our website and your device, including your IP address, browser type, operating system, referral sources, length of visit, page views, and website navigation paths.
- Marketing Data: Your preferences for receiving our marketing communications and newsletters.
- Social Media Data: Any information you share publicly on our social media channels, including likes, comments, and profile images.
How We Use Your Personal Data
We take privacy very seriously, and will never sell your personal data. We use the data we collect in the following ways:
- Provide products and services: Process orders, deliver packages, communicate about orders, and provide customer service.
- Improve our website: Analyze how users interact with our site to optimize performance, convenience, and customer experience.
- Marketing communications: With your consent, send marketing emails about new products, special offers, and other updates we think you’ll find valuable.
- Comply with legal obligations: Enforce our terms, comply with all applicable laws and regulations, and protect the safety of our customers.
Our Lawful Basis for Processing Data
We will only collect and process personal data when we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary to fulfill a contract with you), legal obligation (where processing is necessary to comply with the law), vital interests (where processing is necessary to protect your vital interests or someone else’s), or legitimate interests.
Where we rely on legitimate interests as a basis for processing data, we will carry out a thorough legitimate interests assessment to ensure that the processing is necessary and in your interests. Our legitimate interests include:
- Providing excellent customer service
- Protecting customers, employees, and property
- Analyzing how customers use our services to improve and optimize our website
- Determining the effectiveness of promotional campaigns and advertising
- Ensuring network and information security for our business
How We Share Your Personal Data
We will never sell your personal data to third parties. The circumstances in which we may share the personal data we collect include:
- Service Providers: Trusted third party service providers who perform services on our behalf, such as payment processors, shipping companies, marketing providers, analytics providers, website hosting, IT services, auditors, lawyers, and other consultants.
- Business Transfers: Personal data may be transferred to a third party in the event of a merger, acquisition, bankruptcy or other sale or transfer of all or part of our assets. You will be notified if any such transfer occurs.
- Legal Obligations: We may share information to comply with laws, respond to lawful requests and legal process, or to protect and defend our rights, users, systems, and community.
- Protect Health and Safety: We may share information to prevent harm or financial loss, report spam, abuse, or illegal activity, or protect health and safety.
Transfer of Personal Data Outside Your Country
Some of our service providers are based outside your country of residence, so processing and storing your personal data will involve transferring it to, and storing it in, other countries.
Whenever we transfer data internationally, we take legally required steps to ensure adequate safeguards are in place to protect your personal data as outlined in applicable data protection laws. Appropriate safeguards we use include:
- EU Standard Contractual Clauses: Contracts approved by the European Commission for transferring personal data outside the EU and EEA areas.
- Privacy Shield: A framework for transferring data between the EU/EEA and the United States, which requires certified US-based organizations to implement strong personal data protection measures.
- Binding Corporate Rules: Rules within corporate groups governing transfers of personal data outside the EU and EEA areas.
If no approved safeguard can be implemented, we may request your explicit consent to continue with the transfer of data outside your country of residence.
Data Retention Period
We retain personal data only for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required by law. When determining retention periods, we take into account factors including legal obligations under applicable laws, the nature and sensitivity of the personal data, and necessity of the processing.
Some retention periods we use are:
- Account information: Retained for as long as your account is active.
- Marketing data: Retained for a maximum of 3 years from the date you last interacted with us.
- Purchase transactions: Retained for 7 years from the transaction date for tax and accounting purposes.
- Technical logs: Retained for a maximum of 12 months.
Your Data Protection Rights
You have the following rights with regard to your personal data:
- Right of access: You have the right to request a copy of the personal data we hold about you.
- Right of rectification: You have the right to correct any inaccurate or incomplete personal data we hold about you.
- Right to erasure: You have the right to request that we delete your personal data in certain circumstances.
- Right to restrict processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
- Right to object to processing: You have the right to object to the processing of your personal data for direct marketing purposes.
- Right to data portability: You have the right to request we transfer your personal data to another organization in certain circumstances.
To make a request regarding your rights, please contact us using the contact details in the Contact Us section below. We will respond to requests as soon as possible, generally within one month.
Your Choices and Opt-Outs
You have choices when it comes to how we use your personal data:
Marketing Communications. You can opt out of marketing communications at any time through unsubscribe links in emails, changing your preferences in your account, or by contacting us.
Cookies and Analytics. Most web browsers allow you to customize and control cookies and web analytics tracking. You can review your browser settings to decline or delete cookies and clear locally stored data.
Targeted Online Advertising. Some advertising providers offer you the ability to opt out of targeted ads. If you would like more personalized ads, you can manage your preferences within application settings on your device.
Mobile Push Notifications. With your consent, we may send promotional and non-promotional push notifications or alerts to your mobile device. You can opt out by changing your preferences any time in your account settings or through your mobile device settings.
While opting out will stop that particular processing activity, it will not delete data already collected and will not necessarily stop all processing activities.
Security of Your Personal Data
We take all reasonable technical and organizational precautions to protect your personal data from misuse, interference, loss, unauthorized access, unwanted alteration, or destruction. Measures include:
- Encryption of data transmitted online using SSL/TLS protocols
- Access controls for networks, operating systems, and databases
- Data backup and disaster recovery systems
- Ongoing employee privacy and security training
- Up-to-date cybersecurity tools, antivirus, firewalls
- Regular vulnerability testing and risk assessments
While we follow best practices reasonably designed to protect your personal data, security risks cannot be eliminated completely. You can help by using common sense security practices such as choosing a strong password during account registration, not sharing your password, and notifying us immediately of any suspected unauthorized access to your account or personal data.
Updates to Privacy Policy
We may occasionally update our privacy policy to reflect changes in law, our data collection and use practices, the features of our services, or advances in technology. You should check this page periodically for updates. Significant changes will be communicated through our website or to your email address if we have it on file.
Lodging a Complaint
You have the right to lodge a complaint with your local supervisory authority for data protection at any time regarding our processing of your personal data. We would appreciate the chance to address any concerns you have before you lodge a complaint, so please contact us in the first instance.
Last Updated
This privacy policy was last updated on January 1, 2023.
