Privacy Policy
1. Introduction
At Jonesy the Band (“we,” “us,” or “our”), accessible via jonesytheband.com (the “Website”), we are deeply committed to safeguarding the privacy and personal data of our users. We recognize the importance of protecting your information and being transparent about how we collect, use, and share it. This Privacy Policy outlines the ways in which we fulfill our obligations under the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), ensuring that your personal data is handled with integrity, confidentiality, and respect.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected or processed through your interaction with jonesytheband.com, including when you browse the Website, make a purchase, contact us, or otherwise engage with our content and services.
Jonesy the Band is the data controller with respect to the processing of your personal data under applicable data protection laws, and determines the purposes and means of processing such data.
3. Categories of Data Processed
We collect and process the following categories of personal data:
Usage Data
Includes information about how you use our Website, such as IP address, browser type, referring/exit pages, time zone settings, and other diagnostic data related to interaction and navigation patterns.
Account Data
Includes identifying information if you create an account with us, such as your full name, billing and shipping address, email address, and phone number.
Profile Data
Includes your music preferences, user behavior, listening patterns, purchase history, and participation in promotions or events offered through the Website.
Communication Data
Includes content of your communications with us, such as email inquiries, customer support messages, and records of correspondence.
Technical Data
Includes device type, operating system, browser version, screen resolution, and other system configuration details obtained through your use of the Website.
Transaction Data
Includes details related to purchases and financial transactions, such as payment method, billing details, purchase date, delivery method, and fulfillment status. We do not store full payment card details; these are processed securely by our third-party payment providers.
Preference Data
Includes your preferences for receiving marketing from us, product interests, and other selections made on our Website or through forms and campaigns.
4. Legal Bases for Processing Personal Data
We rely on the following legal bases when processing your data:
– Consent: Where you provide clear, affirmative consent for processing your data for specific purposes (e.g., email newsletters, marketing preferences).
– Contractual Necessity: Where processing is necessary to perform a contract with you or pre-contractual steps at your request (e.g., fulfilling orders).
– Legal Obligation: Where processing is required for compliance with a legal requirement.
– Legitimate Interest: Where processing is necessary for our legitimate interests in operating the Website and providing services, balanced against your rights and freedoms.
5. Your Data Protection Rights
Subject to applicable laws and regulations, you have the following rights concerning your personal data:
Right of Access
You may request access to your personal data and obtain a copy of the information we hold about you.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal information.
Right to Erasure (‘Right to Be Forgotten’)
You may request the deletion of your personal data when it is no longer necessary or when you withdraw your consent.
Right to Restriction of Processing
You have the right to limit the processing of your personal data in certain situations.
Right to Data Portability
You may request to receive your data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request.
6. Security Measures
We implement appropriate technical and organizational measures to safeguard your personal data, including:
– Encryption of data in transit and at rest using industry-standard protocols
– Restricted access to personal data based on role and necessity
– Routine backups and disaster recovery protocols
– Regular staff training on data protection best practices
While we strive to use commercially acceptable means to protect your information, no method of transmission over the internet or method of storage is completely secure. We therefore encourage careful handling of your own data and secure use of the Website.
7. International Data Transfers
Where we transfer your personal data to third countries outside the European Economic Area (EEA) or other applicable jurisdictions, we ensure that appropriate safeguards are in place, such as:
– Standard Contractual Clauses approved by the European Commission
– Adequacy decisions by relevant authorities
– Binding corporate rules or certified frameworks such as the EU-U.S. Data Privacy Framework (if applicable)
8. Data Retention
We retain your personal data for only as long as necessary for the purposes for which it was collected. This includes:
– Account Data and Communication Data: retained while your account remains active and for up to 12 months following closure unless longer retention is required by law
– Transaction Data: maintained for 7 years in accordance with accounting and tax obligations
– Technical and Usage Data: retained for up to 24 months for statistical and operational improvement
– Preference and Marketing Data: retained until you withdraw your consent or for up to 24 months from the last interaction
After the applicable retention period ends, data is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience, analyze traffic, and personalize content. The types of cookies used on jonesytheband.com include:
Essential Cookies
Necessary for Website functionality and security. These cannot be disabled.
Functional Cookies
Allow the Website to remember user settings and preferences (e.g., language, location).
Analytics Cookies
Help us understand how users interact with our Website (e.g., Google Analytics) to improve performance.
Performance Cookies
Collect aggregated data to monitor system health and optimize delivery times and feature responsiveness.
10. Cookie Management and Compliance
Upon your first visit to jonesytheband.com, you are presented with a cookie consent banner in compliance with GDPR and CCPA requirements. You can manage your cookie preferences at any time via the consent tool or through your browser settings.
Under the CCPA, California residents may opt out of the sale of their personal data. We do not sell user data within the meaning of “sale” under CCPA, but if this changes, we will update our practices and provide clear opt-out mechanisms.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will take prompt action to delete such data from our systems.
12. Changes to This Policy
This Privacy Policy may be updated or revised at our discretion. Any substantial changes that affect your rights will be communicated to you through the Website or via email when appropriate. Your continued use of jonesytheband.com constitutes your acknowledgment of such modifications.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how your personal data is handled, you may contact us via:
Email: [email protected]
We are committed to maintaining compliance with applicable data protection laws and promoting transparency, accountability, and user empowerment. Please reach out should you wish to exercise your rights or require further clarity on our data handling practices.