Privacy Policy
Luke & Jose Privacy Policy
1. Introduction
At Luke & Jose (“we,” “our,” or “us”), we take your privacy seriously and are committed to protecting the personal data of our users and visitors to our website (lukeandjose.com). This Privacy Policy has been crafted to uphold your rights and outline how we collect, use, store, and disclose your information. Our approach is grounded in transparency and compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to information collected through your use of the website lukeandjose.com, including any interactions you have with us via our digital channels.
Luke & Jose acts as the Data Controller for the purposes of the GDPR and as a Business under CCPA when processing your personal information. For any inquiries regarding your data or this policy, you may contact us at: [email protected].
3. Categories of Personal Data Processed
We may collect, use, store, or transfer various categories of personal data:
a) Usage Data
Collected automatically about how you interact with lukeandjose.com, including browser type, IP address, pages visited, time spent, clickstream data, referring URLs, and other diagnostic data.
b) Account Data
Provided by you during registration or profile setup, including your full name, billing/shipping addresses, email address, and telephone number.
c) Profile Data
Includes information about your preferences, purchase history, loyalty activity, interests, and other behavioral identifiers that inform how you use our services.
d) Communication Data
Records of inquiries, customer support tickets, complaint resolutions, correspondence exchanged with us, and contact history.
e) Technical Data
Information on devices you use to access our services, such as operating system, screen resolution, device identifiers, browser plug-in types, and network information.
f) Transaction Data
Details concerning online payments made via our platform, including items purchased, delivery information, transaction timestamps, and billing records (excluding full credit/debit card numbers, which are processed securely by third-party providers).
g) Preference Data
Consent records related to receiving marketing communications, product or content categories of interest, notification preferences, and opt-in/out logs.
4. Legal Bases for Processing Personal Data
We process personal data in accordance with permitted legal bases under GDPR:
– Consent: Where you have given explicit permission to process your data.
– Contract: Where processing is necessary for the performance of a contract to which you are party.
– Legal Obligation: To comply with a legal obligation.
– Legitimate Interests: Where processing is reasonably necessary to pursue our legitimate interests, provided those interests do not outweigh your rights or freedoms (e.g., analytics, improving our site, fraud prevention).
Under CCPA, we ensure transparency regarding data collection practices and provide avenues to opt-out of “sale” or “sharing” of personal data, where applicable.
5. Your Rights
As a data subject, you are entitled to exercise the following rights:
– Right to Access: You may request a copy of personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You may request deletion of your personal data, where legally permissible.
– Right to Restrict Processing: You may limit how your data is used under certain conditions.
– Right to Data Portability: You may request a machine-readable copy of your personal data.
– Right to Object: You may object to the processing of your personal data under legitimate interests or direct marketing.
For California residents under CCPA, you also have the right to:
– Know what personal data is being collected and whether it is sold or shared.
– Request the deletion of personal data.
– Opt-out of the sale of personal data.
– Non-discrimination for exercising any CCPA rights.
To exercise any of the above rights, please email us at [email protected].
6. Security Measures
We employ industry-standard technical and organizational safeguards to ensure the security, confidentiality, and integrity of your data, including:
– End-to-end encryption of personal and transaction data
– Role-based access control for our employees and service providers
– Regular security audits and data backups
– Staff training focused on data protection and privacy compliance
Though no system is 100% secure, we take all reasonable steps to mitigate risks associated with unauthorized access or disclosure.
7. International Transfers
Some of our service providers and partners may process your data outside the United Kingdom, European Union, or California. Where applicable, we utilize approved Standard Contractual Clauses and ensure appropriate safeguards in accordance with the GDPR and other regional data protection frameworks.
By using our services or submitting data, you consent to such international data transfers, solely in accordance with this Policy and applicable law.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal, accounting, or reporting requirements.
The retention periods may vary by category:
– Account and Profile Data: Retained for up to 7 years post-account closure for auditing and legal compliance.
– Transaction Data: Retained for a minimum of 6 years in accordance with applicable tax laws.
– Communication Data: Retained for up to 3 years.
– Usage and Technical Data: Usually anonymized or deleted within 2 years.
– Preference Data: Retained as long as consent remains active or until it is withdrawn.
9. Cookie Policy
Cookies are small data files placed on your device to improve your experience and analyze web traffic. We use the following types of cookies on lukeandjose.com:
– Essential Cookies: Required for navigation and access to key site features.
– Functional Cookies: Enable customized site behavior and user settings.
– Performance Cookies: Collect anonymous data on site performance to improve functionality.
– Analytics Cookies: Help us understand visitor interaction to optimize performance and monitor usage patterns.
10. Cookie Management and Compliance
Upon your first visit, you will be presented with a clear cookie banner giving you control over cookie preferences in accordance with GDPR Article 7 and the ePrivacy Directive.
You may adjust cookie settings at any time via your browser or through our cookie consent tool. For California residents, our site honors browser-based “Do Not Sell My Personal Information” signals where possible.
11. Protection of Children’s Data
We do not knowingly collect or solicit personal data from anyone under the age of 13. If you believe that a child under 13 has provided us with personal data, please contact us immediately at [email protected] so we may promptly delete the information.
12. Policy Updates
From time to time, we may revise this Privacy Policy to reflect changes in operational, legal, or regulatory requirements. Where material modifications are made, we will provide clear notice on our website (lukeandjose.com) or directly via email to account holders.
We encourage users to check this page periodically to remain informed on how we protect your data.
13. Contact
If you have any questions regarding this Privacy Policy, wish to exercise your data rights, or have concerns about how your information is handled, please contact us via:
Email: [email protected]
In our commitment to transparency, security, and compliance with applicable data protection laws, we remain available to address any privacy-related query or request.
