Privacy Policy
1. Introduction
At The Mayan Express (themayanexpress.com), we are fully committed to protecting the privacy and personal data of our users, customers, and partners. We respect your right to privacy and recognize the importance of safeguarding all information that you entrust to us. This Privacy Policy outlines how we collect, process, store, disclose, and protect your personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all individuals who access or use our website, services, or interact with us in any form. For all such interactions, The Mayan Express acts as the “Data Controller,” responsible for determining the purposes and methods of the processing of personal data. This Policy extends to all personal data collected via themayanexpress.com, affiliated platforms, and communication channels.
Individuals located in the European Economic Area (EEA) or covered under the GDPR, as well as residents of California under the CCPA, may have certain additional rights and protections as outlined herein.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
a. Usage Data: Includes information regarding your browser type, IP address, time zone, browsing actions, pages visited, session duration, referring websites, and other diagnostic data collected through cookies and similar technologies.
b. Account Data: Information provided during account registration or checkout, such as your full name, billing and shipping address, email address, and phone number.
c. Profile Data: Comprises your preferences, purchase history, browsing behavior, saved items, wish lists, ratings, and other user-generated settings on your account.
d. Communication Data: Includes any information provided when you contact customer support, submit forms, engage in live chats, or correspond with us via email or other channels.
e. Technical Data: Contains data associated with the device you use to access our website, including device model, operating system, language, time zone settings, and other system configuration details.
f. Transaction Data: Covers details of orders, payments, payment method (excluding full credit card details where not required), delivery tracking, and fulfillment data.
g. Preference Data: Encompasses your consent to receive promotional communications, product and service interests, newsletter subscriptions, and marketing or survey responses.
4. Legal Bases for Processing
We process your personal data under the following lawful bases, as permitted by the GDPR:
– Contract: Where processing is necessary to enter into or fulfill a contract with you (e.g., to process transactions, fulfill orders).
– Consent: Where you have provided clear and affirmative consent for particular data use purposes (e.g., marketing emails).
– Legitimate Interest: Where processing is necessary for our legitimate interests—such as improving our website, preventing fraud, and understanding customer behavior—provided these interests are not overridden by your rights.
– Legal Obligation: Where we are required to process data to comply with applicable law or regulation.
For individuals covered under the CCPA, we do not sell your personal data and only share it in compliance with the purposes set forth in this policy.
5. Your Data Protection Rights
You are entitled to exercise the following rights regarding your personal data, consistent with applicable laws:
– Right of Access: You may request access to the personal data we hold about you and to obtain a copy of such data.
– Right to Rectification: You have the right to correct inaccurate or incomplete personal data.
– Right to Erasure: You may request the deletion of your personal data subject to certain exceptions.
– Right to Restriction: You may request that we restrict the processing of your personal data in specific cases.
– Right to Data Portability: You may request to receive your personal data in a structured, machine-readable format or to have it transmitted to another data controller.
– Right to Object: You may object to data processing where we rely on legitimate interests or engage in direct marketing.
– Right to Non-Discrimination (under CCPA): You will not receive discriminatory treatment for exercising your data rights.
To exercise your rights, please contact us at [email protected].
6. Security Measures
We employ comprehensive organizational, administrative, and technical safeguards to protect your personal data. These security measures include:
– Data encryption during transit and at rest
– User access controls based on need-to-know principles
– Firewalls and secure server configurations
– Routine data backup and recovery systems
– Continuous monitoring and threat detection tools
– Employee data protection training and confidentiality agreements
While we take reasonable steps to protect your personal data, no method of transmission or storage is entirely secure. If you have reason to believe your interaction with us is no longer secure, please notify us immediately.
7. International Data Transfers
As a globally accessible website, your personal data may be transferred to and maintained on servers located outside your country of residence. When we transfer personal data internationally, especially from the EEA, we ensure proper safeguards such as:
– The use of Standard Contractual Clauses approved by the European Commission
– Compliance with regional adequacy decisions
– Additional contractual, technical, and organizational protections
Users in jurisdictions with differing data protection regulations will retain all rights established by local law.
8. Data Retention
We retain personal data for no longer than necessary based on the purpose for which it is processed. Generally, our data retention periods are:
– Account Data: Retained as long as the account is active and for up to 5 years after closure
– Transaction Data: Retained for a minimum of 7 years to comply with tax and financial regulations
– Communication & Support Records: Retained for 3 years following last contact
– Profile & Preference Data: Retained while active or until preferences are updated or withdrawn
– Technical and Usage Data: Retained for up to 24 months unless required longer for security purposes
Upon expiry, personal data is either securely deleted or anonymized for analytic purposes.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience, analyze performance, deliver personalized content, and maintain website security. Categories of cookies we use include:
– Essential Cookies: Required for core functionality, such as session management and order processing.
– Functional Cookies: Enable enhanced features like account preferences, saved settings, and support chat.
– Analytics Cookies: Collect aggregated data on website performance, traffic, and user engagement (e.g., Google Analytics).
– Performance Cookies: Monitor system health, page load speed, and responsiveness to identify user experience improvements.
10. Cookie Management and Compliance
Upon first access to our website, users are presented with a cookie banner to manage their consent according to GDPR and CCPA standards. You may update or withdraw your consent at any time through the “Cookie Settings” link located in the website footer.
Most browsers also allow you to set preferences for cookie usage, including blocking or deleting cookies. However, disabling certain cookies may impact your experience on themayanexpress.com.
11. Children’s Privacy
Our website is not intended for use by children under the age of 13, and we do not knowingly collect personal data from minors without verifiable parental consent. If we become aware that we have collected information from a child under 13 without proper authorization, we will promptly delete it. If you believe a child has provided us with personal data, please contact us immediately at [email protected].
12. Policy Updates
We may update this Privacy Policy from time to time as necessary to reflect changes in our services, legal requirements, or data practices. We will notify users as appropriate, including through prominent notices on themayanexpress.com or via direct communication. Continued use of the website following such changes constitutes your acknowledgment of the revised policy.
13. Contact Us
If you have any questions about this Privacy Policy, our data handling practices, or wish to exercise your rights, please contact us at:
Email: [email protected]
We are committed to full compliance with the GDPR, CCPA, and all applicable privacy regulations. Your trust and data security are of paramount importance to us. Please do not hesitate to reach out with any concerns or requests regarding your privacy.