Privacy Policy
1. Introduction
At Desert Advocate, accessible via desertadvocate.org, we are committed to safeguarding your personal information and upholding your rights under applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), as amended. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data and affirms our ongoing commitment to transparency, fairness, and accountability.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data processed by Desert Advocate in connection with your use of our website and related services. Desert Advocate operates as the data controller within the meaning of the GDPR and is responsible for determining the purposes and means of processing your personal data. For inquiries regarding how your data is handled, you may contact us at [email protected].
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data
Information about your interactions with our website, including IP address, browser type and version, pages visited, session duration, unique device identifiers, date/time stamps, and referral URLs.
b. Account Data
Personal details you provide when creating or managing an account, such as your full name, billing and shipping addresses, email address, and telephone number.
c. Profile Data
Information regarding your interests, preferences, purchase history, demographic details, and online behavior that helps us tailor your experience.
d. Communication Data
Records of communications with us, including support queries, emails, messages, feedback, and other correspondence.
e. Technical Data
Details regarding your device and system configurations, including device type, operating system, screen resolution, language settings, and browser plug-ins.
f. Transaction Data
Information associated with purchases or donations, including credit/debit card details (processed through secure third-party providers), billing addresses, and delivery confirmations.
g. Preference Data
Data about your consents for marketing communications, newsletter sign-ups, areas of interest, and opt-out indicators.
4. Legal Bases for Processing
We process your personal data pursuant to one or more of the following legal bases defined under the GDPR:
– Consent: Where you have provided clear permission for us to process your data (e.g., subscribing to a newsletter).
– Contractual Obligation: Where processing is necessary for the performance of a contract with you or to take steps prior to entering into a contract.
– Legitimate Interests: Where processing is necessary for our legitimate interests, provided those interests are not overridden by your fundamental rights and freedoms (e.g., improving user experience, fraud prevention).
– Legal Obligation: Where processing is required to comply with a legal duty, such as record-keeping or regulatory compliance.
5. Your Rights
Subject to applicable law, you may exercise the following rights regarding your personal data:
– Right of Access: Request details about the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data where a legal basis for retaining does not apply.
– Right to Restriction: Request restricted processing in certain circumstances.
– Right to Data Portability: Request a transferable, machine-readable copy of your data or have it transmitted to another controller.
– Right to Object: Object to the processing of your data where we rely on legitimate interests or direct marketing as the basis.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure the security of your personal data. These include but are not limited to:
– Data encryption during transmission and storage;
– Role-based access control and multi-factor authentication;
– Regular system backups and integrity audits; and
– Privacy and security training for authorized personnel.
Despite these efforts, no method of transmission or storage is entirely secure; as such, we cannot guarantee absolute security.
7. International Transfers
Where applicable, your personal data may be transferred and processed outside your jurisdiction, including to countries that may not provide the same level of protection as your local laws. In such cases, we will ensure appropriate safeguards are in place, including the implementation of standard contractual clauses approved by the European Commission or reliance on certification schemes or binding corporate rules, where necessary.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Examples include:
– Account Data: Retained for the duration of your account and seven (7) years thereafter.
– Transaction Data: Retained for up to seven (7) years to comply with financial and audit obligations.
– Communication and Support Logs: Retained for up to three (3) years after the last interaction.
– Usage and Technical Data: Retained for analytics purposes for up to two (2) years.
Upon expiration of the applicable retention period, personal data will be securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies to enhance user experience and analyze performance. The types of cookies we use include:
– Essential Cookies: Necessary for core website functionality and security.
– Functional Cookies: Enable personalization and remember your settings.
– Analytics Cookies: Gather anonymized data to understand website usage patterns and improve services.
– Performance Cookies: Help measure responsiveness and user experience enhancements.
For more information, please refer to our dedicated Cookie Section below.
10. Cookie Management and Compliance with GDPR & CCPA
We provide cookie consent mechanisms that comply with GDPR requirements for prior consent, especially for non-essential cookies. Users located in California can exercise their CCPA rights by using the “Do Not Sell or Share My Personal Information” link, where applicable. At any time, you may manage your cookie preferences via your browser settings or the website’s cookie banner.
11. Protection of Children’s Privacy
Desert Advocate does not knowingly collect personal data from children under the age of 13. In the event we become aware that such information has been unintentionally collected, we will take immediate steps to delete it. Parents or legal guardians who believe that we may have collected information about a child under 13 may contact us at [email protected] to request deletion.
12. Policy Updates
We reserve the right to modify or update this Privacy Policy at our discretion. If material changes are made, we will notify users via prominent website notice or direct communication where applicable. Continued use of desertadvocate.org constitutes your acceptance of any updated terms.
13. Contact
If you have any questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, you can contact our privacy team at:
Email: [email protected]
Website: https://desertadvocate.org
We are fully committed to complying with global data privacy laws, including the GDPR and CCPA. We encourage users to reach out with any privacy-related inquiries or concerns to ensure transparency and accountability in all our data handling practices.
Thank you for entrusting Desert Advocate with your personal information.