Privacy Policy for Nowhay.com

1. Introduction

At Nowhay.com, we are firmly committed to preserving and protecting your privacy. We recognize the importance of safeguarding personal data and ensuring that all data processing activities are carried out transparently, lawfully, and with full accountability. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in compliance with applicable data protection laws, including the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

2. Scope and Data Controller Role

This Privacy Policy applies to personal data collected through your use of the Nowhay.com website and any related services, communications, or transactions. The data controller responsible for personal data processing is Nowhay.com. If you have any questions, concerns, or requests regarding your data, you may contact us at [email protected].

By accessing or using Nowhay.com, you acknowledge and agree that your data may be processed in accordance with this Privacy Policy.

3. Categories of Data We Process

We process the following categories of personal data for the purposes described in this Policy:

a. Usage Data
Information generated through your interaction with our website, such as IP addresses, browser type and version, pages visited, session durations, referral URLs, and device identifiers.

b. Account Data
Personal identification and contact information you provide while creating an account, including your name, email address, phone number, billing and shipping address.

c. Profile Data
Details connected to your preferences, purchase history, website behavior, account settings, user-generated content, and interests tied to product usage.

d. Communication Data
Information arising from correspondence or other communications with us, including customer support inquiries and contact history.

e. Technical Data
Device and system-level information such as operating system, device type, screen resolution, mobile network data, system configurations, browser settings, and crash logs.

f. Transaction Data
Details of billing and payment, including order history, purchased products or services, payment method data (e.g., last four digits of a card), delivery confirmations, and any returns/refunds.

g. Preference Data
Information about your marketing and communication preferences, including consent to receive promotional messages, interests selected during account registration or in user settings, or inferred interests based on browsing habits.

4. Legal Bases for Processing Personal Data

We rely on multiple legal grounds to collect and process your data, consistent with GDPR where applicable:

– Consent: Where you have explicitly agreed to our use of your data for specific purposes such as marketing communications or non-essential cookies.
– Contractual Necessity: When processing is needed to fulfill our contract with you, such as delivering a product or managing your account.
– Legitimate Interests: When data processing is essential for our legitimate business operations, such as improving the user experience, detecting fraud, or conducting analytics, and provided that such interests are not outweighed by your rights.
– Legal Obligation: Where required to comply with legal or regulatory obligations.

5. Your Rights as a Data Subject

Subject to local laws, you may have the following rights in connection with your personal data:

– Right of Access: You may request confirmation as to whether we process your personal data and obtain a copy of such data.
– Right to Rectification: You may request the correction of inaccurate or incomplete personal data.
– Right to Erasure: You may request the deletion of your personal data, subject to any legal obligations we may have to retain it.
– Right to Restriction: You may request the restriction of processing where specific conditions apply.
– Right to Data Portability: Where applicable, you may request to receive your personal data in a structured, commonly used, machine-readable format for transmission to another controller.
– Right to Object: You may object to processing based on legitimate interests or direct marketing.

You may exercise your rights by contacting us at [email protected]. We take such requests seriously and will respond in accordance with applicable data laws.

6. Security Measures

We implement a layered approach to data protection, designed to preserve the confidentiality, integrity, and availability of personal data:

– Data encryption (in transit and at rest)
– Role-based access control with audit trails
– Regular backups and system redundancy
– Malware detection and prevention software
– Mandatory privacy and security training for all personnel
– Secure software development and vulnerability assessments

Despite our efforts, no method of transmission or storage is completely secure. Accordingly, you use our services at your own risk.

7. International Transfers

Where personal data is transferred from within the European Economic Area (EEA), United Kingdom, or other jurisdictions with protective regulations to recipients in countries that do not offer equivalent safeguards, we ensure adequate protection is in place. Such measures include the use of Standard Contractual Clauses approved by the European Commission or other appropriate legal mechanisms.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as well as to comply with legal, accounting, or regulatory requirements:

– Usage Data: Up to 14 months for analytics and diagnostics
– Account Data: Retained as long as the account is active and up to 6 years after closure
– Communication Data: 3 years following the final interaction
– Transaction Data: Retained for 7 years for accounting and dispute resolution
– Preference Data and Cookie Consent: Retained for 12 months unless consent is withdrawn earlier

After the expiration of retention periods, data is securely deleted or anonymized.

9. Cookie Policy

Nowhay.com uses cookies and similar tracking technologies to enhance functionality and analyze user interaction. Cookies used include:

– Essential Cookies: Necessary for website operation and security
– Functional Cookies: Enhance site usability and personalization
– Analytics Cookies: Collect aggregated statistics on website usage, allowing us to improve user experience
– Performance Cookies: Monitor performance metrics, such as page load times or responsiveness

Cookie use is governed in compliance with GDPR and CCPA standards.

10. Cookie Management and Compliance

Upon your first visit to Nowhay.com, you will be presented with a cookie consent banner allowing you to accept or manage your preferences. You may withdraw or modify your consent at any time via the “Cookie Settings” link on our website footer or by configuring your browser settings.

California residents may exercise their rights regarding cookie-based data sharing, including opting out of the “sale” or “sharing” of personal information as defined under the CCPA.

11. Children’s Privacy

Nowhay.com is not intended for use by children under the age of 13. We do not knowingly collect personal data from children under 13. If we learn that personal data from a child under 13 has been collected, we will delete such information immediately. If you believe a child has provided us with personal data, please contact us at [email protected].

12. Policy Updates

We reserve the right to update this Privacy Policy at any time to reflect changes in legal requirements, functionality, or practices. Material updates will be clearly communicated through our website or via email where required by law. Continued use of Nowhay.com after such changes constitutes your acknowledgment and acceptance of the revised Policy.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise any of your data rights, or have concerns regarding your personal information, please contact us at:

Email: [email protected]

At Nowhay.com, we are committed to full compliance with all privacy regulations and will address your requests with the care and transparency you deserve.