At X Premium Hookah, we are committed to protecting your privacy and ensuring that your personal data is handled securely and in compliance with the General Data Protection Regulation (GDPR). This policy outlines how we collect, use, and protect your personal information.
1. Data We Collect
We may collect the following personal data when you interact with our website, make a purchase, or contact us:
- Name, email address, phone number
- Billing and shipping address
- Order history and transaction details
- IP address and device information
- Customer support inquiries
2. How We Use Your Data
We process your data for the following purposes:
- To fulfill and manage your orders
- To provide customer support and respond to inquiries
- To improve our website and services
- To send promotional emails (only with your consent)
- To comply with legal and regulatory requirements
3. Legal Basis for Processing
Under GDPR, we process your personal data based on:
- Contractual necessity (e.g., processing orders and payments)
- Legitimate interests (e.g., improving services and preventing fraud)
- Consent (e.g., marketing communications)
- Legal compliance (e.g., tax and accounting obligations)
4. Data Retention
We retain personal data only as long as necessary for the purposes outlined in this policy. After this period, your data will be securely deleted or anonymized.
5. Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
- Right to Access – Request a copy of the personal data we hold about you.
- Right to Rectification – Request corrections to any inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”) – Request deletion of your personal data under certain circumstances.
- Right to Restrict Processing – Request to limit how we process your data.
- Right to Data Portability – Request to receive your data in a structured format.
- Right to Object – Object to processing based on legitimate interests or for direct marketing purposes.
6. Data Security
We implement appropriate technical and organizational measures to protect your data from unauthorized access, loss, or misuse. These include secure servers, encryption, and access controls.
7. Sharing Your Data
We do not sell or trade your personal data. However, we may share data with:
- Service providers (e.g., payment processors, shipping companies)
- Legal authorities when required by law
- Marketing platforms (only with your consent)
8. Cookies and Tracking Technologies
Our website may use cookies to enhance user experience and analyze website performance. You can manage cookie preferences through your browser settings.
9. Contacting Us
If you have any questions or wish to exercise your GDPR rights, please contact us through our official communication channels.
10. Policy Updates
We may update this GDPR Policy from time to time. Any significant changes will be communicated through our website or other official channels.