1. Introduction
We are committed to complete transparency about how we handle your data and aim to maintain your trust through responsible practices and compliance with relevant privacy regulations like GDPR, CCPA, and CPRA.
2. Who We Are
Duffinity Enterprises Inc. is a global holding company encompassing multiple ventures. Our mission is to build innovative brands that prioritize user privacy and ethical data use at their core.
3. Information We Collect
3.1 Identity and Contact Information: Name, email, address, phone number.
3.2 Financial Information: Encrypted payment data (cards, transactions).
3.3 Technical Data: IP addresses, device details, cookies, analytics.
3.4 Location: Derived from IP or user consent.
3.5 Usage Data: Clicks, page visits, time spent, interactions.
4. How We Collect Information
4.1 Direct Input: Signup forms, checkouts, messages.
4.2 Automatic: Cookies, analytics tools (e.g., Google Analytics).
4.3 Third-Party: Payment processors, ad platforms.
4.4 Offline: Phone orders or event participation.
5. Why We Collect It
5.1 Order Fulfillment: Processing and delivering your orders.
5.2 Customer Service: To assist, resolve issues, and contact you.
5.3 Personalization: Showing relevant content and suggestions.
5.4 Marketing: Providing updates, offers (with your consent).
5.5 Security: Fraud prevention and legal compliance.
6. Legal Basis
6.1 Consent: You have given clear permission.
6.2 Contract: Data required to fulfill a contract with you.
6.3 Legal Obligation: Required by law.
6.4 Legitimate Interest: Needed for operations and safety.
7. Your Rights
7.1 Access: View the data we hold on you.
7.2 Rectification: Fix inaccurate or incomplete data.
7.3 Erasure: Request data deletion ("right to be forgotten").
7.4 Restriction: Limit the way we use your data.
7.5 Portability: Download and reuse your data.
7.6 Objection: Object to data processing under certain grounds.
7.7 Withdraw Consent: If processing was based on consent, you can withdraw it anytime.
8. Data Security
8.1 Encryption: AES-256 encryption for data in transit and at rest.
8.2 Access Control: Role-based access with MFA.
8.3 Monitoring: Vulnerability scans and penetration testing.
8.4 Backups: Redundant encrypted backups maintained regularly.
8.5 Staff Training: Privacy best practices and accountability.
9. Sharing Information
9.1 With Trusted Third Parties: Payment gateways, logistics, email platforms.
9.2 Legal Requests: When required to comply with legal obligations.
9.3 Business Transfers: In case of merger, sale, or acquisition.
9.4 Emergency Use: To protect safety or vital interests.
10. International Transfers
10.1 GDPR Safeguards: Standard Contractual Clauses and adequacy decisions.
10.2 Consent-Based Transfers: Where explicitly allowed.
10.3 Security Measures: Data encrypted, pseudonymized, or anonymized.
11. Cookies
11.1 Use of Cookies: To enhance user experience and personalization.
11.2 Management: You can control cookies via your browser or in-site settings.
11.3 Types: Essential, performance, targeting, and analytical cookies.
12. Changes to This Policy
12.1 Notifications: Any major changes will be clearly notified.
12.2 Effective Date: Changes take effect once posted.
12.3 Feedback: If you have questions, contact our support team.
