Privacy Policy

Privacy Policy for OjonHairCare.com

1. Introduction

At Ojon Hair Care (“we,” “our,” or “us”), accessible via ojonhaircare.com, your privacy is of paramount importance to us. We are firmly committed to protecting and respecting your personal data in accordance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We endeavor to process your information lawfully, transparently, and with the highest standards of security and integrity.

2. Scope of Policy and Data Controller Responsibility

This Privacy Policy applies to all personal data collected through the ojonhaircare.com website and associated services. Ojon Hair Care is the data controller for purposes of GDPR and is responsible for determining the purposes and means of processing your personal data. By using our website, you acknowledge that you have read and understood the practices described in this Policy.

For any queries regarding this Privacy Policy or your personal data, please contact us at: [email protected].

3. Categories of Data We Process

We collect and process data categorized as follows:

a) Usage Data
Information about your interaction with our website, such as IP addresses, browser type and version, time zone setting, device settings, pages visited, session durations, and referral URLs.

b) Account Data
Data provided during registration or checkout, including your name, mailing address, email address, and phone number.

c) Profile Data
Purchase history, saved preferences, wishlists, browsing habits, and other data related to your behavior and preferences within our site.

d) Communication Data
Records of your communications with us, including customer service inquiries, email correspondence, live chats, and internal notes related to those interactions.

e) Technical Data
Details about the device and software you use to access our services, such as operating systems, device identifiers, and screen resolution.

f) Transaction Data
Payment and billing details such as partial credit card information (through PCI-DSS compliant providers), delivery addresses, transaction timestamps, and order history.

g) Preference Data
Information regarding your permissions for marketing communications, product and service interests, newsletter subscriptions, and customer feedback.

4. Legal Bases for Processing

In accordance with GDPR and other applicable laws, the legal bases upon which we rely to process your data include:

– Consent: For collecting non-essential cookies, marketing preferences, or other voluntary data.
– Contractual Obligation: Where processing is necessary to fulfill a contract with you (e.g., order fulfillment).
– Legitimate Interests: To improve website functionality, prevent fraud, or enhance customer service, provided those interests are not overridden by your rights.
– Legal Compliance: Where processing is required to comply with legal obligations.

5. Your Rights

Under applicable data protection laws, you have the following rights:

– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You have the right to request deletion of certain personal data (“right to be forgotten”).
– Right to Restrict Processing: Under certain conditions, you may request that we restrict the processing of your data.
– Right to Data Portability: You may request to receive your data in a structured, commonly used, machine-readable format and transmit it to another controller.
– Right to Object: You may object to processing carried out under legitimate interests or for direct marketing purposes.

These rights can be exercised by contacting us at [email protected]. We reserve the right to verify your identity prior to processing such requests, in line with legal obligations.

6. Security Measures

We implement appropriate technical and organizational measures to maintain the confidentiality, integrity, and availability of your data. These include:

– Industry-grade data encryption both in transit (e.g., TLS) and at rest.
– Strict access controls and role-based permissions.
– Regular security audits and penetration testing.
– Secure backup procedures to prevent data loss.
– Routine staff training on privacy and data handling best practices.

7. International Data Transfers

We may process your data outside your country of residence, including in jurisdictions that may not provide the same level of data protection. When transferring data internationally, we implement standard contractual clauses approved by the European Commission or other approved safeguards as appropriate under GDPR and similar global standards.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. General timeframes include:

– Account Data: Retained for the life of the account and up to 7 years thereafter for legal compliance.
– Transaction Data: Retained for at least 7 years for accounting and audit purposes.
– Communication Data: Retained for up to 3 years for customer service purposes.
– Usage and Technical Data: Retained for 12–24 months for analytics and security monitoring.
– Preference and Marketing Data: Retained until consent is withdrawn or the data becomes obsolete.

9. Cookie Policy

We use cookies and similar technologies to enhance user experience, analyze web traffic, and personalize content and marketing communications. The types of cookies used include:

– Essential Cookies: Necessary for the operation of our website (e.g., shopping cart functionality).
– Functional Cookies: Enhance user interface features, language preferences, and remembered settings.
– Analytics Cookies: Provide insights into website usage and performance (e.g., Google Analytics).
– Performance Cookies: Help us optimize site speed, error tracking, and navigation paths.

Cookies may be set by us (first-party) or by third parties (third-party cookies) performing services on our behalf.

10. Cookie Management and Compliance

You may manage your cookie preferences at any time via our Cookie Consent Manager or your browser settings. Where applicable, ojonhaircare.com utilizes a GDPR- and CCPA-compliant consent mechanism that allows you to opt in to or opt out of non-essential cookies. Users in California may also exercise “Do Not Sell or Share My Personal Information” rights where applicable.

11. Children’s Privacy

Our services are not intended for individuals under the age of 13. We do not knowingly collect data from children without verifiable parental consent. If we become aware that we have collected data contrary to this provision, we will delete such information promptly.

12. Policy Updates & Notifications

We may update this Privacy Policy to reflect legal, regulatory, or operational changes. When changes are material, we will take appropriate measures to inform users either via the website or by direct email to registered users. Continued use of ojonhaircare.com will signify acceptance of any modifications to this Policy.

13. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

Email: [email protected]

We are fully committed to operating within the bounds of applicable privacy legislation, including GDPR and CCPA. For any concerns regarding our handling of your information, we encourage you to reach out so we can promptly address your inquiry.