1. Purpose:
Sacatelle Holdings LLC ("Sacatelle," “merch.com,” "we," "us," or "our") is dedicated to the responsible management and protection of personal data. This Data Policy outlines our practices concerning the collection, storage, processing, and protection of data under our care, ensuring compliance with applicable data protection laws and regulations.
2. Data Collection:
We collect the following categories of data:
- Business Data: Information related to business entities, including names, addresses, and contact details of officers or representatives.
- Personal Data: Information related to individuals, such as names, email addresses, and phone numbers.
- Order Data: Information necessary for processing and fulfilling orders, such as product selections, billing, and shipping addresses.
Note: We do not collect sensitive personal data, such as health information, biometric data, or financial details beyond what is necessary for payment processing. We also do not track behavioral data unless explicitly required for security or legal purposes.
3. Data Storage :
Your data is stored securely using the following methods:
- Cloud Storage: Personal data is stored on secure cloud platforms located within the United States. These platforms comply with industry-standard security protocols.
- Encryption: We employ encryption techniques for data both during transmission and at rest, ensuring that your data remains confidential and protected against unauthorized access.
- Access Contro: Strict access control measures are enforced, allowing only authorized personnel with a legitimate need to access personal data. Regular audits are conducted to ensure compliance with access policies.
4. Data Processing:
We process your data for the following purposes:
- Order Fulfillment: To manage, process, and deliver orders placed through our websites and services.
- Customer Relationship Management (CRM): To maintain and enhance our relationships with customers, ensuring personalized service and effective communication.
- Marketing: To send promotional materials to users who have opted in to receive such communications. You may opt out at any time
- Legal and Regulatory Compliance: To comply with our legal obligations, resolve disputes, enforce our agreements, and comply with governmental requests.
5. Data Retention:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Upon the expiration of the retention period, we will securely delete or anonymize the data to prevent unauthorized access or misuse.
6. Data Subject Rights:
Individuals whose data we process have the following rights:
- Access: You have the right to request access to the personal data we hold about you.
- Correction: You have the right to request corrections to any inaccuracies or incomplete data we hold about you.
- Deletion: You may request the deletion of your personal data, subject to any legal or regulatory obligations that require us to retain it.
- Restriction: You may request restrictions on how we process your data, particularly if you believe the data is inaccurate or unlawfully processed.
- Portability: You have the right to request that we provide your data in a structured, commonly used, and machine-readable format for transfer to another data controller.
To exercise any of these rights, please contact us at [email protected]. We will respond to your request in accordance with applicable laws.
7. Data Breach Response:
In the event of a data breach, Sacatelle will take the following actions:
- Containment and Assessment: Immediately take steps to contain the breach and assess the extent and impact of the breach on our data systems.
- Notification: Notify affected individuals and relevant authorities as required by law, including details of the breach, the potential impact, and the steps we are taking to address the breach.
- Mitigation: Implement measures to mitigate any potential harm and to prevent future breaches, including reviewing and enhancing our data protection measures as necessary.
8. International Data Transfers:
If we transfer personal data to countries outside of the one in which it was originally collected, we will ensure that appropriate safeguards are in place to protect your data. This may include standard contractual clauses, binding corporate rules, or other legally recognized mechanisms.
9. Data Protection Officer (DPO)
Jasmine Verduzco serves as our Data Protection Officer (DPO), responsible for overseeing our data protection strategy and compliance. For any inquiries or concerns regarding our data practices, please contact:
10. Policy Review and Updates
This Data Policy is regularly reviewed and updated to reflect changes in our data management practices or legal requirements. Any significant changes will be communicated to our stakeholders through appropriate channels.