Privacy Policy
At iTooAmHarvard, accessible at itooamharvard.com, we are deeply committed to protecting your personal data and safeguarding your privacy. This Privacy Policy outlines the nature of the data we collect, the purposes for which we process it, the legal bases on which we rely, and your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We recognize the importance of transparency, user control, and responsible data handling practices.
1. Introduction
We respect your privacy and are committed to maintaining the confidentiality, integrity, and security of your personal information. This Privacy Policy sets out how we collect, use, disclose, and protect information through itooamharvard.com. We encourage you to read this Policy carefully to understand your rights and how your data is treated.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of itooamharvard.com and associated digital services. iTooAmHarvard operates as the data controller for all personal data collected via our website and assumes responsibility for the handling and protection of this data in accordance with applicable data protection laws.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
Includes information about how you use our website, such as browser type and version, IP address, general location, pages visited, session duration, referral paths, and crash logs. This helps us analyze website performance and improve user experience.
b. Account Data
Includes personal identifiers provided during account creation, purchases, or engagement, such as your full name, email address, physical address, and phone number. This information is essential to provide core services.
c. Profile Data
Includes any personal preferences, historical purchase behavior, viewed content, user-generated content, and survey responses. This data allows us to personalize your experience.
d. Communication Data
Includes records of your contact with us, such as emails, support tickets, feedback, chatbot conversations, or other inquiries. This supports efficient customer communications and issue resolution.
e. Technical Data
Includes information about your device and system environment, including device type, operating system, device identifiers, browser settings, screen resolution, time zone, and language preferences.
f. Transaction Data
Includes payment and billing information, order history, delivery address, and merchant-related information. Financial details are processed securely through third-party processors and are not retained by us except as necessary for fulfilment and compliance.
g. Preference Data
Includes your consents regarding marketing communications, newsletter subscriptions, cookie preferences, and product interests.
4. Legal Bases for Processing
We process personal data based on one or more of the following legal grounds:
– Consent: Where you have explicitly agreed to the processing of your personal data for specific purposes (e.g., subscribing to newsletters).
– Contractual Necessity: Where processing is required to fulfill a contract with you or respond to pre-contractual requests.
– Legitimate Interest: Where processing is necessary for the operation or improvement of our services and does not override your fundamental rights (e.g., usage analytics, fraud prevention).
– Legal Obligation: Where required by applicable laws or authorities (e.g., tax compliance, consumer protection).
5. Your Rights
Under GDPR, CCPA, and other data protection frameworks, you have the following rights:
– Right of Access: You can request access to personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: In certain circumstances, you can request deletion of your personal data (“right to be forgotten”).
– Right to Restriction: You may request limitations on how we process your data in specific contexts.
– Right to Data Portability: You can request your data in a structured, commonly used, and machine-readable format and transfer it to another data controller.
– Right to Object: Where we rely on legitimate interests, you may object to our processing of your data.
– Right to Withdraw Consent: You may withdraw consent at any time where consent is the lawful basis for processing.
– Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights under CCPA.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We maintain a robust data security program employing appropriate technical and organizational safeguards to protect your personal data. These include encryption of data in transit and at rest, role-based access control, regular data backups, staff privacy training, and vulnerability assessments. In the event of a security breach, we will notify affected parties and regulators as required by law.
7. International Transfers
As a U.S.-based organization, we may transfer your data to and store it in countries outside of your jurisdiction, including countries that may not provide the same level of data protection. In such cases, we ensure appropriate safeguards are in place, including reliance on Standard Contractual Clauses approved by the European Commission or similar legal mechanisms to guarantee lawful cross-border data transfers.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:
– Usage Data: 24 months from collection
– Account Data: Stored while your account is active and deleted within 60 days of closure
– Profile Data: Retained for up to 24 months of inactivity
– Communication Data: Retained for 36 months for support and legal auditing
– Technical Data: Retained for 24 months
– Transaction Data: Retained for 7 years for tax and accounting compliance
– Preference Data: Retained until consent is withdrawn or updated
Upon expiry of the relevant retention period, your data will be securely deleted or anonymized.
9. Cookie Policy
We use cookies and tracking technologies to support essential site functionality and enhance your experience on itooamharvard.com. These include:
– Essential Cookies: Required for website operation, such as authentication and security features
– Functional Cookies: Enable personalized features like saved preferences
– Analytics Cookies: Gather statistical information, such as site usage trends, via tools like Google Analytics
– Performance Cookies: Monitor site responsiveness and performance metrics
10. Cookie Management and User Control
We honor your preferences regarding cookie usage. Upon your first visit to itooamharvard.com, you will be presented with options to manage cookie categories via our cookie banner. You may modify your settings or withdraw consent at any time through your browser or our cookie settings panel. CCPA-compliant mechanisms allow California residents to opt out of the “sale” or “sharing” of personal data, if such activity occurs.
11. Children’s Privacy
Our website and services are not directed to or intended for children under the age of 13. We do not knowingly collect personal information from individuals under 13. If we learn that we have collected such information without verifiable parental consent, we will delete it promptly. If you become aware of such collection, please contact us at [email protected].
12. Policy Updates and Notification
We may revise this Privacy Policy periodically to reflect changes in legal requirements, operational practices, or technology changes. Material changes will be communicated via notifications on itooamharvard.com or via email if you are a registered user. Your continued use of the website after such updates constitutes your acknowledgment and acceptance of the updated Policy.
13. Contact Us
If you have any questions, requests, or concerns regarding this Privacy Policy or how we process your personal data, please contact:
Email: [email protected]
Website: https://itooamharvard.com
We are committed to full compliance with global privacy laws and welcome your inquiries or feedback related to data protection matters.