Privacy Policy

1. Introduction

At diy9.org, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information, and outlines your rights under applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are dedicated to enforcing strong data protections and maintaining transparency regarding how we handle your data.

2. Scope and Data Controller

This Privacy Policy applies to all personal data collected through diy9.org and related communications or services, including customer inquiries and account management. For the purposes of the GDPR, diy9.org acts as the Data Controller of the information you provide. Our contact for data protection matters is [email protected].

3. Categories of Data Processed

We collect and process the following categories of personal data, depending on how you interact with diy9.org:

a. Usage Data: Includes your IP address, browser type and version, device information, date and time of access, session identifiers, referring URLs, and other diagnostic data that help monitor and improve the performance of our website.

b. Account Data: Includes your full name, billing and shipping address, email address, phone number, and any other details provided in creating and maintaining an account.

c. Profile Data: Comprises your interests, preferences, feedback, browsing behavior on diy9.org, shopping history, and responses to surveys.

d. Communication Data: Includes records of correspondence, support requests, emails sent to or received from [email protected], call transcripts (if applicable), and contact form submissions.

e. Technical Data: Includes data related to the devices and systems you use to access our services, such as hardware model, operating system, browser plugins, screen resolution, and language settings.

f. Transaction Data: Consists of payment details (processed in compliance with PCI DSS standards), order history, delivery information, and invoices.

g. Preference Data: Encompasses your consents to receive marketing communications, newsletter subscription status, product and content preferences, and settings for notifications.

4. Legal Bases for Processing

We process personal data only when there is a lawful basis to do so. These bases include:

– Legitimate Interests: To ensure the effectiveness, security, and functionality of our website, improve our services, prevent fraud, and provide customer support.
– Contractual Necessity: To process transactions and fulfill obligations under agreements with you.
– Consent: For marketing communications, use of analytics and performance-enhancing cookies, and certain personal data collection. You may withdraw consent at any time.
– Legal Obligation: To comply with applicable laws, regulatory obligations, and lawful requests from authorities.

5. Your Rights

Subject to certain legal restrictions, you may exercise the following rights regarding your personal data:

– Right of Access: You may request access to your personal data we hold.
– Right to Rectification: You may correct or update your personal data.
– Right to Erasure (“Right to be Forgotten”): You can request deletion of your data when it is no longer necessary or if you withdraw consent.
– Right to Restriction: You may request that we limit the processing of your data in certain circumstances.
– Right to Data Portability: You may receive your provided data in a structured, commonly used format and have it transferred to another controller.
To exercise any of these rights, please contact us at [email protected].

6. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

– Encryption of personal data during transmission and storage
– Role-based access controls and authentication mechanisms
– Routine penetration testing and system logs monitoring
– Scheduled backups and secure storage methods
– Staff training on data privacy and security procedures

7. International Data Transfers

Some of your information may be transferred to, stored in, or accessed from locations outside your country, including countries outside the European Economic Area (EEA). Where this occurs, we utilize Standard Contractual Clauses approved by the European Commission and adhere to equivalent legal safeguards under applicable regional regulations to ensure adequate protection of your personal data.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy.

– Usage Data: Retained for 12 months for performance and analytics.
– Account Data: Retained for the life of your account and up to 6 years thereafter for legal compliance.
– Profile and Preference Data: Retained until you update or delete your profile or withdraw related consents.
– Transaction Data: Retained for 7 years to fulfill accounting and tax obligations.
– Communication Data: Retained for 5 years to provide ongoing customer support and service evaluation.

9. Cookie Policy

We use cookies and similar tracking technologies on diy9.org. Cookies serve various purposes:

– Essential Cookies: Necessary for website operation (e.g., session authentication, account security).
– Functional Cookies: Enhance functionality (e.g., remember preferences).
– Analytical Cookies: Provide insights into user behavior, website performance, and usage trends.
– Performance Cookies: Optimize loading speed and service delivery.

You may reject non-essential cookies at any time.

10. Cookie Management & Compliance

Upon your first visit to diy9.org, a cookie banner allows you to manage your consent preferences in accordance with GDPR and CCPA requirements. You may also adjust cookie settings via your browser or the site’s Cookie Preferences center. Do Not Track (DNT) signals are honored where technically feasible.

Residents of California may also use their CCPA rights to opt out of the sale or sharing of their personal information using the mechanisms we provide, including by contacting [email protected].

11. Children’s Privacy

Our services are not directed to individuals under 13, and we do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child under 13 without verifiable parental consent, we will take reasonable steps to delete such data promptly. If you believe we may have unknowingly collected data from a child, please contact us at [email protected].

12. Updates to this Policy

We may revise this Privacy Policy as required by legal developments or to reflect changes in our data practices. Where material changes are made, we will provide appropriate notice via the website through prominent banners, or via email when possible. Continued use of diy9.org after changes are posted constitutes your acceptance of such changes.

13. Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:

Email: [email protected]

We are fully committed to respecting your privacy rights and complying with all applicable data protection laws and standards. Please reach out if you have questions or require further information regarding how your personal data is handled.