Privacy Policy
At Elbo Room SF (“we,” “our,” or “us”), accessible via elboroomsf.com, we are committed to upholding the highest standards of privacy and data protection. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal data when you interact with our website, digital services, and communications. We respect your privacy and are dedicated to protecting your personal data in accordance with applicable global privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
We recognize the importance of privacy and the right to control one’s personal information. This Privacy Policy reflects our ongoing commitment to maintaining the confidentiality, integrity, and security of data collected from users of elboroomsf.com. Our policies and practices are designed to protect users against unauthorized access, loss, misuse, or alteration of your data.
2. Scope of Policy and Role of the Data Controller
This Privacy Policy applies to all personal data collected through elboroomsf.com and related services, regardless of the device used to access our website or interact with us. Elbo Room SF, operating as the data controller, determines the purposes and methods for processing your personal information.
3. Categories of Data We Process
We may process the following categories of personal data:
A. Usage Data: Information about your interactions with our website, such as IP addresses, browser types, browsing times, referral URLs, session durations, and pages visited.
B. Account Data: Information provided when creating an account or making a reservation, such as your full name, mailing address, email address, and telephone number.
C. Profile Data: Preferences, purchase history, user behavior on elboroomsf.com, reservations made, and other data associated with your user profile.
D. Communication Data: Data associated with your interactions with our support or contact team, including the content and metadata of messages, contact forms, and email histories.
E. Technical Data: Device type, operating system, screen resolution, browser plug-ins, language settings, and other relevant technical configurations.
F. Transaction Data: Records of payments made, credit/debit card information (processed and stored securely by third-party processors), transaction IDs, and delivery details.
G. Preference Data: Marketing preferences, newsletter sign-ups, event interests, product interactions, and consent settings for commercial communication.
4. Legal Bases for Processing Personal Data
We process your personal data under various legal bases, including:
– Consent: Where you have explicitly agreed to our use of your data (e.g., for receiving marketing emails).
– Contractual Necessity: Where processing is necessary to fulfill a contract or provide services (e.g., booking a reservation).
– Legal Obligation: When we are legally required to process data (e.g., for tax reporting purposes).
– Legitimate Interests: For purposes that support our business operations (e.g., analytics, service improvement), provided these interests do not override your data protection rights.
5. Your Rights
Subject to applicable data protection laws, you may exercise the following rights:
– Right of Access: Obtain a copy of personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data in certain situations.
– Right to Restrict Processing: Request limited use of your data under specific conditions.
– Right to Data Portability: Obtain and transfer your data in a structured, commonly used format.
– Right to Object: Object to processing based on legitimate interests or for direct marketing.
– Right to Withdraw Consent: Any time you have given consent, you may withdraw it.
To exercise any of the above rights, contact us at [email protected].
6. Data Security Measures
We implement appropriate technical and organizational measures to protect your personal data, including:
– Encryption of data in transit and at rest
– Role-based access controls and secure authentication methods
– Regular system and infrastructure audits
– Secure data backup and disaster recovery systems
– Staff training on privacy and information security
While no system is fully immune to cyber risks, we take reasonable steps to prevent and mitigate potential breaches.
7. International Data Transfers
In cases where data is transferred outside of your jurisdiction (including the European Economic Area), such transfers are conducted in accordance with applicable international data protection laws. We utilize Standard Contractual Clauses (SCCs) and verify that receiving parties maintain adequate data protection safeguards as required under GDPR and other regional legislation.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, including:
– Usage and Technical Data: Retained for 12 months for analytical and performance purposes
– Account and Communication Data: Retained while you maintain an active relationship with us, and for up to 36 months thereafter
– Transaction Data: Retained for up to 7 years to comply with financial and legal obligations
– Preference and Marketing Data: Retained until withdrawn or for a maximum of 24 months after your last engagement
After retention periods, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies for the following purposes:
– Essential Cookies: Necessary for functionality, secure log-in, and proper website performance.
– Functional Cookies: Remember your preferences to provide a more personalized experience.
– Analytics Cookies: Collect aggregated data on site usage to enhance usability.
– Performance Cookies: Monitor performance metrics to improve speed, reliability, and user experience.
10. Cookie Management and Regulatory Compliance
In line with GDPR and CCPA requirements:
– Users are notified about cookie usage upon first visit and may consent or adjust preferences via our cookie banner or settings.
– You may withdraw or change consent through your browser settings or our cookie management interface.
– Do Not Track (DNT) signals and privacy control settings are honored where technically feasible.
11. Protection of Children’s Privacy
We do not knowingly collect or request personal information from children under the age of 13. If we discover that we have collected data from a child without verified parental consent, we will promptly delete that information.
12. Policy Updates and Notification of Changes
We may amend this Privacy Policy from time to time to reflect regulatory updates, technological changes, or modifications in our data practices. All updates will be posted at elboroomsf.com. Where material changes occur, we will provide notice via prominent site banners or direct communication channels.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, you may reach us via:
Email: [email protected]
We are committed to ensuring privacy rights are respected and welcome your inquiries.
Compliance Statement
Elbo Room SF is committed to full compliance with applicable privacy regulations, including GDPR, CCPA, and related frameworks. For detailed information or assistance regarding your data, please contact us at [email protected].
