GDPR COMPLIANCE

GDPR Compliance Policy
Effective Date: 1/1/2025
Company Name: Conchel, LLC
Location: United States
Contact: info@conchel

1. Purpose

This GDPR Compliance Policy outlines how Conchel, LLC (“we,” “our,” or “us”) collects, uses, processes, and protects the personal data of individuals in the European Union (EU) in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

Even though we are based in the United States, we recognize that the GDPR applies to businesses offering goods or services to individuals located in the EU. We are committed to handling personal data with care, transparency, and accountability.

2. Scope

This policy applies to all personal data collected from EU customers through our website, sales, customer service, marketing activities, or any other interaction involving data subject to GDPR protections.

3. Lawful Basis for Processing

We only process personal data when we have a legal basis to do so under GDPR. These may include:

  • Consent (e.g., subscribing to our newsletter)

  • Performance of a contract (e.g., processing orders and shipping products)

  • Legal obligation (e.g., tax or financial regulations)

  • Legitimate interests (e.g., fraud prevention, service improvements)

4. Data We Collect

We may collect the following personal data:

  • Full name

  • Shipping and billing addresses

  • Email address

  • Phone number

  • Payment information (processed securely via third-party providers)

  • Order history and purchase behavior

  • IP address, browser type, device information (for analytics)

5. How We Use Your Data

We use personal data to:

  • Process and fulfill your orders

  • Provide customer support

  • Send transactional and promotional communications

  • Improve website functionality and user experience

  • Comply with legal and regulatory requirements

6. Data Sharing and Transfers

We may share your data with trusted third-party service providers who help us:

  • Process payments (e.g., PayPal, Stripe)

  • Ship products (e.g., USPS, DHL, UPS)

  • Manage marketing campaigns (e.g., Mailchimp, Klaviyo)

  • Analyze website usage (e.g., Google Analytics)

Some of these third parties may be located outside the EU, including in the U.S. In such cases, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or the provider's participation in the EU-U.S. Data Privacy Framework (where applicable).

7. Your Rights Under GDPR

If you are an EU resident, you have the following rights:

  • Right to access – You can request a copy of your personal data.

  • Right to rectification – You can ask us to correct inaccurate or incomplete data.

  • Right to erasure – You can request deletion of your personal data, subject to legal retention requirements.

  • Right to restrict processing – You can request limited use of your data.

  • Right to data portability – You can ask to receive your data in a structured format.

  • Right to object – You can object to data processing based on legitimate interests or direct marketing.

  • Right to withdraw consent – You can withdraw consent at any time where processing is based on consent.

To exercise these rights, please contact us at [Insert Email Address].

8. Data Retention

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting obligations. When data is no longer needed, it will be securely deleted or anonymized.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or misuse. These include:

  • Encrypted website traffic (HTTPS)

  • Secure payment processing via third parties

  • Access controls and role-based data access

  • Routine system updates and monitoring

10. Cookies and Tracking

We use cookies and similar technologies for website functionality, analytics, and marketing. Visitors from the EU will see a cookie consent banner and can manage their preferences at any time. For more information, see our [Cookie Policy].

11. Contact and Complaints

If you have any questions or concerns about your personal data or this policy, please contact us at:
📧 [Insert Privacy Email]
📍 Conchel, LLC – [Insert Address]

EU residents also have the right to lodge a complaint with their local Data Protection Authority (DPA).

12. Policy Updates

We may update this GDPR Compliance Policy periodically. Any changes will be posted on this page with the revised effective date.