Privacy Policy
1. Introduction
At CanHeadStuff (accessible via canheadstuff.com), we are fully committed to protecting your privacy and ensuring the security of your personal data. We understand that the confidentiality of your information is paramount, and we process all personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant regulations. This Privacy Policy explains how we collect, use, disclose, and protect your information, as well as your rights with respect to your personal data.
2. Scope of this Policy and Data Controller Role
This Privacy Policy applies to personal data collected through our website (canheadstuff.com), services, communications, and any associated digital platforms. CanHeadStuff acts as the Data Controller for all personal data processed in connection with your use of our website and services. If you have any questions about this policy or the manner in which we process your data, you may contact us at [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data:
– Usage Data: This includes information about how you interact with our website, such as your IP address, browser type, device identifiers, operating system, referring URLs, pages visited, and session duration.
– Account Data: When you create an account or engage with our services, we may collect your full name, email address, postal address, and phone number.
– Profile Data: Includes your content preferences, language settings, purchase history, browsing behavior, and account personalization settings.
– Communication Data: Encompasses any information you provide through contact forms, support queries, chat, email communications, or other forms of correspondence. This may include the content, metadata, and nature of the communication.
– Technical Data: Refers to your device information, browser configuration, ISP data, regional settings, and diagnostic logs.
– Transaction Data: Includes payment details (processed through secure third-party providers), order history, delivery and billing addresses, and transaction timestamps.
– Preference Data: Includes marketing communication preferences, newsletter opt-ins, event participation interests, and expressed consent for promotions or product offerings.
4. Legal Bases for Processing Personal Data
In accordance with the GDPR and other applicable laws, we rely on the following legal bases to lawfully process your personal data:
– Consent: Where you have explicitly provided informed and unambiguous consent (e.g., for marketing communications).
– Contractual necessity: Where processing is essential for the performance of a contract to which you are a party or to take steps at your request before entering such a contract.
– Legitimate interests: Where processing is necessary for our legitimate business purposes, provided such interests are not overridden by your data protection rights.
– Legal obligation: Where processing is required in order to meet a legal or regulatory obligation.
5. Your Rights
You have the right to exercise control over your personal data, and subject to applicable law, you are entitled to:
– Access your personal data and request a copy of the data we hold about you
– Request rectification of inaccurate or incomplete personal data
– Request erasure of your data (“right to be forgotten”) where there is no overriding legitimate reason for its continued processing
– Restrict our processing where you contest the accuracy or lawfulness of our use
– Object to processing based on legitimate interests, direct marketing, or for statistical purposes
– Request portability of your data in a structured, machine-readable format where technically feasible
– Withdraw consent at any time, without affecting the lawfulness of processing undertaken before such withdrawal
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement robust security protocols to ensure your data remains protected:
– Data encryption at rest and in transit using industry-standard technologies
– Access controls and user-level permissions to restrict unauthorized access
– Regular security audits, vulnerability scanning, and monitoring
– Secure backup systems ensuring integrity and availability of data
– Staff training programs on privacy compliance and data security best practices
7. International Data Transfers
Personal data may be transferred to and processed in countries outside your jurisdiction, including countries that may not provide the same level of data protection as your home jurisdiction. Where such transfers occur, we ensure appropriate safeguards are in place, including the use of EU Standard Contractual Clauses (SCCs), UK Addendum/IDTA, or other legally recognized mechanisms.
8. Data Retention
We retain personal data only for as long as it is necessary to fulfill the purpose for which it was collected, or to comply with legal, regulatory, or contractual obligations. Broadly, our retention schedules are as follows:
– Usage Data: up to 24 months
– Account Data: active account duration + up to 6 years
– Profile Data: as long as the account is active
– Communication Data: up to 3 years after last contact
– Technical Data: 12–24 months
– Transaction Data: 7 years (accounting and tax purposes)
– Preference Data: until consent is withdrawn or data is outdated
Once the relevant retention period expires, we securely delete or anonymize data.
9. Cookie Policy
We use cookies and similar tracking technologies on canheadstuff.com to enhance user experience, analyze trends, and perform essential functions. We categorize cookies as follows:
– Essential Cookies: Necessary for site functionality and account security; cannot be disabled.
– Functional Cookies: Support personalized features (e.g., remembering user preferences).
– Analytics Cookies: Help us understand user engagement and page performance.
– Performance Cookies: Optimize page load times and user interface behavior.
10. Cookie Management and Compliance with GDPR & CCPA
Upon your first visit, you are presented with a cookie consent banner allowing you to manage your preferences in compliance with the GDPR and CCPA. You may modify your consent settings or withdraw consent at any time via our Cookie Settings tool or your browser preferences. We honor Do Not Track (DNT) and opt-out requests where technically feasible.
California residents may also exercise specific CCPA rights, including:
– Right to know what personal data is being collected
– Right to request deletion of personal data
– Right to opt out of the sale of personal information (if applicable)
– Right to non-discrimination in exercising privacy rights
We do not sell your personal information as defined under the CCPA.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If you are a parent or guardian and become aware that a child has provided us with information, please contact us at [email protected], and we will take appropriate measures to delete such data.
12. Updates to This Policy
We reserve the right to update or amend this Privacy Policy at any time in order to comply with legal changes or evolving service requirements. Where material changes are made to the way we process your personal data, we will notify users through appropriate mechanisms, such as an on-site banner or direct communication, where required by applicable laws.
13. Contact Us
If you have questions or concerns regarding this Privacy Policy, or wish to exercise your rights under applicable privacy laws, please contact us at:
Email: [email protected]
We are committed to ensuring compliance with all data protection obligations and upholding your rights with transparency, fairness, and security.