Privacy Policy
At Ishango House, accessible at ishangohouse.com, we are committed to safeguarding your privacy and ensuring the security and integrity of your personal data. This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal information. Our practices comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.
1. Our Commitment to Privacy and Data Protection
We recognize the importance of protecting personal data and are dedicated to maintaining the confidentiality, integrity, and availability of the information entrusted to us. This Privacy Policy reflects our dedication to privacy-first principles, transparency, and user empowerment.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all individuals who access or use our website, services, or engage with us in any capacity through ishangohouse.com. Ishango House acts as the “Data Controller” as defined under GDPR, meaning we determine the purposes and means of processing your personal data.
If you are a resident of California, this policy also provides disclosures required by the CCPA for understanding, accessing, and exercising your rights.
3. Categories of Data We Process
We process various categories of personal data, either directly provided by you or automatically collected as part of your use of our website:
a. Usage Data
Includes information automatically collected through your interaction with our website such as browser type and version, IP address, time zone setting, sessions, referral URLs, pages viewed, and site interaction events.
b. Account Data
Includes personal information you provide when creating an account or signing up for a service, including your full name, postal address, email address, and telephone number.
c. Profile Data
Encompasses details such as your preferences, browsing behavior, purchase history, product interests, and interaction patterns across our services.
d. Communication Data
Covers content derived from correspondence with our team, such as customer support queries, submitted forms, service reviews, and communication logs.
e. Technical Data
Consists of device type, system configuration details (e.g., operating system, screen resolution), device identifiers, and network connection attributes.
f. Transaction Data
Includes order details, payment methods used (excluding full credit card numbers), shipping/billing information, and logistics preferences.
g. Preference Data
Captures your marketing preferences, notification settings, product interest indicators, and consent responses related to promotional communications.
4. Legal Bases for Processing
Ishango House processes personal data under one or more of the following legal bases, in accordance with GDPR:
– Performance of a Contract: When processing is necessary to fulfill a service or transaction requested by you.
– Legitimate Interests: For the purposes of operating and improving our business, safeguarding users, detecting fraud, and enhancing experience—where such interests do not override your fundamental rights.
– Consent: When we rely on your explicit permission to process certain data, such as for marketing.
– Legal Obligation: When processing is required to comply with legal or regulatory obligations, such as tax or lawful requests from public authorities.
Where CCPA applies, we do not “sell” your personal information as defined under CCPA and only share it with service providers under strict confidentiality.
5. Your Rights Under Data Protection Laws
If you are located in the European Union or California, you are entitled to the following rights regarding your personal data:
– Right of Access: You may request access to the data we hold about you.
– Right of Rectification: You may request correction of inaccurate or incomplete data.
– Right of Erasure: You may request deletion of your data where it is no longer necessary, or processing is based on your consent.
– Right to Restrict Processing: You may request that we limit how your data is processed.
– Right to Data Portability: You may request a copy of your data in a commonly used, machine-readable format.
– Right to Object: You may object to processing that is based on our legitimate interests.
California residents may additionally request:
– Disclosure of categories and specific pieces of personal information we collect.
– Deletion of personal information.
– The right to opt out of certain sharing practices.
To exercise your rights, contact our Privacy Team at [email protected]. We will respond in accordance with applicable data protection laws.
6. Security Measures
We implement robust technical and organizational measures to protect the personal data we process. These include but are not limited to:
– Data encryption in transit and at rest
– Multi-factor access controls
– Secure backup architectures
– Staff training on data privacy and accountability
– Regular auditing and system hardening practices
These controls are designed to prevent accidental loss, unauthorized access, misuse, or disclosure of your data.
7. International Data Transfers
Where data is transferred outside of your jurisdiction, including to countries outside the European Economic Area, we use legally approved mechanisms such as Standard Contractual Clauses (SCCs) and ensure enforceable data subject rights and effective legal remedies are accessible. We align all cross-border processing with GDPR and CCPA requirements.
8. Data Retention Policy
We retain your personal data only for as long as necessary for the purposes for which it was collected:
– Usage Data: 12 months from collection
– Account Data: For the duration of your active relationship with us, plus 36 months
– Profile and Preference Data: Lifespan of your account, or until withdrawal of consent
– Transaction Data: Retained for at least 7 years for legal and tax obligations
– Communication Data: Kept for a maximum of 48 months
– Technical Data: 12 months
Once the retention period expires, data is permanently deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to optimize functionality and improve performance. These may include:
– Essential Cookies: Necessary for core services and security (e.g., login session IDs)
– Functional Cookies: Enhance usability by remembering preferences and settings
– Analytics Cookies: Help us understand how users navigate ishangohouse.com
– Performance Cookies: Track website performance and error for diagnostics
10. Cookie Management (GDPR and CCPA Compliance)
You will be presented with a cookie consent banner upon your first visit. You may opt in or customize your preferences for cookies that are not strictly essential.
Additionally, cookie settings can be managed via your browser settings at any time. European and California residents can also request “Do Not Track” accommodations and configure opt-out requests in compliance with regulatory requirements.
11. Children’s Privacy
Ishango House does not knowingly collect or solicit personal data from children under the age of 13. If we learn that such data has been collected without verified parental consent, we will promptly delete the data. Parents or guardians who believe their child may have provided us with information should contact us at [email protected].
12. Policy Updates & User Notification
We may update this Privacy Policy periodically to reflect changes in legal, regulatory, or operational practices. When significant updates occur, we will notify users through appropriate channels, including notices on ishangohouse.com or direct communications where applicable.
13. Contact
For questions regarding this Privacy Policy, exercises of your rights, or any data protection inquiries, please contact us at:
Email: [email protected]
We are committed to full compliance with all applicable privacy regulations and welcome your inquiries to ensure your data is handled in accordance with the highest standards.