Privacy Policy for Stephens & Sandstrom
1. Introduction
Stephens & Sandstrom (“we,” “our,” or “us”) is committed to safeguarding the privacy and personal data of visitors and users of our website, stephensandstrom.com (“Website”). We prioritize responsible data handling practices and aim to process personal information in a transparent and lawful manner. This Privacy Policy outlines how we collect, use, store, and protect your personal data, in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
2. Scope and Data Controller
This Privacy Policy applies to all users who interact with the Website and governs the processing of personal data collected through stephensandstrom.com. For the purposes of applicable data protection laws, Stephens & Sandstrom is the “data controller” of your personal information processed through the Website. As a data controller, we determine the purposes and means of processing such information.
3. Categories of Data We Process
We may collect and process the following categories of personal data, either directly from you, automatically through your interaction with our Website, or from third-party service providers:
a. Usage Data
Includes information about your interactions with the Website, such as pages visited, session duration, browser type, IP address, time zone, and date/time stamps.
b. Account Data
Includes your name, email address, home or business address, telephone number, and other information you may provide when creating an account or otherwise interacting with us.
c. Profile Data
Encompasses your purchase history, preferences, feedback forms, behavioral interactions, and any settings saved on your profile.
d. Communication Data
Covers records of your interactions with us, including support requests, email correspondence, contact form submissions, and chat logs.
e. Technical Data
Includes device identifiers, system configuration data, operating system, screen resolution, network type, browser settings, and crash diagnostic data.
f. Transaction Data
Involves billing details, purchase and order history, payment confirmations, and shipping details, collected where applicable through secure payment processing systems.
g. Preference Data
Incorporates marketing consents, language preferences, product interests and preferences as indicated by your interactions with our Website and communications.
4. Legal Bases for Processing
We collect and process your personal information under the following legal bases:
– Consent: Where you have provided explicit permission for us to process your personal data for specific purposes (e.g., marketing).
– Contractual Necessity: To fulfill a contract with you or in order to take steps at your request before entering into a contract.
– Legal Obligation: Where processing is required to comply with applicable legal requirements.
– Legitimate Interests: For purposes that are reasonably necessary to achieve our business objectives, such as improving our services or preventing fraud, provided those interests are not overridden by your rights and freedoms.
5. Your Data Protection Rights
In accordance with GDPR, CCPA, and applicable privacy laws, you have the following rights:
– Right of Access: Obtain confirmation as to whether your personal data is being processed and receive a copy of that data.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Request deletion of your personal data, subject to legal limitations.
– Right to Restrict Processing: Ask us to suspend the processing of your personal information under specified circumstances.
– Right to Data Portability: Receive a structured, commonly used format of your personal data and request its transfer to another controller.
– Right to Object: Object to the processing of your data where we are relying on legitimate interest or for direct marketing purposes.
– Right to Non-Discrimination (CCPA): You have the right not to be discriminated against for exercising your data rights.
Requests related to these rights can be made by contacting [email protected].
6. Security Measures
Stephens & Sandstrom implements appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, or destruction. These measures include but are not limited to:
– Encryption of data in transit and at rest
– Role-based access controls for personnel
– Regular data backups and system audits
– Staff training on data privacy and security protocols
While no transmission or storage system is completely secure, we strive to use best practices to safeguard your information.
7. International Data Transfers
Your data may be transferred outside your country of residence, including to jurisdictions that may not provide the same level of data protection as your home country. We ensure all such transfers comply with applicable laws by relying on appropriate safeguards such as Standard Contractual Clauses, adequacy determinations by data protection authorities, or your explicit consent where necessary.
8. Data Retention
We retain personal data only for as long as is necessary for the purposes specified in this Privacy Policy. The retention periods vary depending on the type of data:
– Usage and Technical Data: up to 24 months for analytics and security review
– Account and Profile Data: for the duration of your active relationship with us, and up to 5 years thereafter for auditing and legal compliance
– Transaction Data: retained for 7 years for financial reporting and compliance
– Communication Data: up to 3 years following last contact
– Preference Data: until marketing consent is withdrawn or data is no longer relevant
Once your data is no longer needed, it is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar tracking technologies on stephensandstrom.com to enhance user experience, provide functionalities, and analyze performance. Types of cookies include:
– Essential Cookies: Required for the operation of our Website and services
– Functional Cookies: Enhance functionality and personalization
– Performance and Analytics Cookies: Collect information on how visitors interact with the Website to improve usability
– Marketing Cookies: Track browsing behavior to deliver targeted advertisements
10. Cookie Management and Compliance
Upon your first visit to stephensandstrom.com, and periodically thereafter, you will be presented with a cookie consent banner. You can manage and modify your cookie preferences at any time via the settings in your browser or through our cookie preference tool. In compliance with the GDPR and CCPA, we honor do-not-track signals and allow you to opt in or out of non-essential cookies.
11. Children’s Privacy
Our Website and services are not intended for children under the age of 13. We do not knowingly collect or solicit personal data from children under 13. If we become aware that personal data has been collected from a child without verifiable parental consent, we will take immediate steps to delete such information. Parents or guardians who believe their child may have submitted data to us should contact [email protected].
12. Policy Updates
We may revise this Privacy Policy from time to time due to legal, technical, or business developments. Changes will be reflected on this page. Where required by law, we will notify you of material changes and, if necessary, obtain consent. You are encouraged to review this Privacy Policy periodically to stay informed of our data practices.
13. Contact
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:
Email: [email protected]
Website: https://stephensandstrom.com
We are committed to upholding your privacy rights and ensuring compliant, secure data processing across all our operations.