Privacy Policy
1. Introduction
At The Mayan Express (available at themayanexpress.com), we are deeply committed to safeguarding your privacy and ensuring the highest standards of data protection. We recognize the importance of your personal data and are dedicated to handling it with care, transparency, and in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
This Privacy Policy describes our practices regarding the collection, use, disclosure, and protection of your personal information when you interact with our website or services.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of themayanexpress.com, including users who access our website, create accounts, make purchases, or engage with us through customer support or marketing communications.
The Mayan Express is the data controller for purposes of this Privacy Policy, meaning we are responsible for determining the purposes and methods of processing your personal data. For any privacy-related inquiries, you may contact us at [email protected].
3. Categories of Data Processed
We collect and process various types of personal data to provide and improve our services. This includes:
– Usage Data: Includes information such as IP address, browser type, device identifiers, referring/exit pages, page views, and session data.
– Account Data: Includes your name, billing and shipping addresses, email address, phone number, and account credentials.
– Profile Data: Includes user preferences, purchase history, browsing behavior, wishlists, and interest categories.
– Communication Data: Includes records of communications between you and The Mayan Express, including customer service inquiries, live chats, and email correspondence.
– Technical Data: Includes device type, operating system, internet connection details, language settings, and metadata.
– Transaction Data: Includes details of orders placed through themayanexpress.com, including payment transaction references, delivery information, and order status.
– Preference Data: Includes marketing consent status, newsletter subscriptions, and information on product and content preferences.
4. Legal Bases for Processing
We process your personal data only where we have a lawful basis to do so under applicable laws. These bases include:
– Performance of a Contract: When processing is necessary to fulfill an agreement with you (e.g., delivering purchases, managing your account).
– Legitimate Interests: For business purposes, such as improving website functionality, detecting fraud, or enhancing customer experience, where such interests are not overridden by your privacy rights.
– Consent: For voluntary disclosures and marketing communications where consent is legally required.
– Legal Obligation: When necessary to comply with legal or regulatory obligations.
5. Your Rights
As a data subject, you have the following rights with respect to your personal data:
– Right of Access: You may request confirmation of whether your data is being processed and access to the personal data we hold about you.
– Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
– Right to Erasure: You may request the deletion of your personal data, subject to statutory retention requirements.
– Right to Restriction: You may request restricted processing of your personal data in defined circumstances.
– Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement robust technical and organizational safeguards to protect personal data. Our security measures include:
– Data Encryption (in transit and at rest)
– Role-based Access Control (RBAC) to limit access to personal data
– Regular system backups and secure data storage protocols
– Staff training on data protection and internal access monitoring procedures
Despite our efforts, no method of transmission over the internet is entirely secure, and we cannot guarantee absolute security.
7. International Transfers
Your personal data may be transferred to and processed outside your jurisdiction, including in countries that may not provide the same level of data protection as your own. In such cases, we implement appropriate safeguards, including:
– Standard Contractual Clauses approved by the European Commission
– Compliance with data protection frameworks applicable in destination jurisdictions
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes described in this Policy or as required by law. The general retention periods are:
– Account and Profile Data: Retained for the duration of your account and up to 5 years thereafter
– Transaction Data: Retained for at least 7 years for legal and tax purposes
– Communication Data: Retained for 3 years following your last interaction
– Preference Data: Revisable annually or upon user request
9. Cookie Policy
We use cookies and similar technologies on themayanexpress.com to enhance your browsing experience. These include:
– Essential Cookies: Necessary for the operation of our website (e.g., session management, cart functions)
– Functional Cookies: Enhance site usability (e.g., remembering your preferences or login state)
– Analytics Cookies: Collect aggregated data regarding website usage and performance
– Performance Cookies: Improve website responsiveness and loading times
10. Cookie Management and Compliance
You can manage your cookie preferences via the cookie banner displayed upon your first visit or through your browser settings. Under GDPR and CCPA, you have the right to:
– Opt-out of non-essential cookies
– Revoke previously granted consent
– Request information on cookies and analytics used
We honor “Do Not Track” signals and comply with CCPA opt-out requirements for California residents, including the right to opt out of the sale or sharing of personal data, where applicable.
11. Children’s Data
The Mayan Express does not knowingly collect or solicit personal data from individuals under the age of 13. If we become aware that information from a child under 13 was inadvertently collected without verified parental consent, we will delete such data promptly. Parents or guardians who believe their child has provided us with personal information may contact us at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. When changes are significant, we will notify users through themayanexpress.com or via email communication using contact information provided. Continued use of our services after such updates constitutes acceptance of the revised policy.
13. Contact
If you have any questions about this Privacy Policy, your personal data, or wish to exercise any privacy rights, please contact our Privacy Team at:
Email: [email protected]
Website: https://themayanexpress.com
We are committed to upholding your privacy rights and ensuring compliance with all applicable data protection regulations, including GDPR and CCPA. Your trust is of utmost importance to us.