Privacy Policy for Tulloch Group
1. Introduction
At Tulloch Group, accessible at tullochgroup.com, we are committed to safeguarding the privacy, confidentiality, and security of the personal data of our website visitors, clients, and stakeholders. This Privacy Policy outlines how and why we collect, process, and protect your data in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA). Tulloch Group places the utmost importance on transparency, user control, and responsible data practices.
2. Scope of Policy and Role as Data Controller
This Privacy Policy applies to all personal data collected through tullochgroup.com and associated communications. Tulloch Group acts as the data controller for all processing activities described herein. This means we determine the purposes and means of processing your personal data.
3. Categories of Personal Data We Process
We process the following categories of personal data, either directly from you or through your interaction with our website and services:
a. Usage Data
Information about how you use our website and services, including IP address, browser type, operating system, referral source, pages viewed, time spent on site, and browsing behavior.
b. Account Data
Data provided when you create an account, submit forms, or register interest in our services, including name, residential or business address, email address, and phone number.
c. Profile Data
Details related to your preferences, service usage, purchase history, behavioral data, and interests relevant to Tulloch Group’s offerings.
d. Communication Data
Records of communications between you and Tulloch Group, including customer support inquiries, chat logs, call transcripts, and feedback.
e. Technical Data
Device-related information such as device type, operating system version, device identifiers, system configurations, and mobile network information.
f. Transaction Data
Information related to payments and service interactions, including billing addresses, delivery details, order history, payment methods (excluding full payment card details, which are managed by secure third parties), and transaction identifiers.
g. Preference Data
Marketing and communication preferences, including consent status, newsletter subscriptions, selected communication channels, and service interest data.
4. Legal Bases for Processing
We rely on the following legal grounds to process your personal data:
– Consent: Where you have explicitly agreed to processing, such as subscribing to newsletters or accepting cookies.
– Contract: Where data processing is necessary to provide services or fulfill contractual obligations.
– Legal Obligation: Where processing is required to comply with applicable legal duties.
– Legitimate Interest: Where processing is necessary for our legitimate interests (e.g., improving service delivery, maintaining security, direct marketing), provided those interests are not overridden by your fundamental rights and freedoms.
5. Your Rights Under GDPR and CCPA
In accordance with applicable data protection laws, you are entitled to the following rights in relation to your personal data:
– Right of Access: Obtain confirmation and a copy of the data we process about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data, subject to legal and contractual limitations.
– Right to Restrict Processing: Limit processing in specific cases, such as while a dispute regarding accuracy is resolved.
– Right to Data Portability: Receive your data in a structured, commonly used format and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interests, or for marketing purposes.
– Right to Non-Discrimination: You will not face discrimination for exercising your rights under the CCPA.
– Opt-Out of Sale (CCPA): Tulloch Group does not sell your personal data to third parties. Should this change, we will provide clear opt-out mechanisms.
Requests to exercise these rights may be submitted by contacting us at [email protected].
6. Security Measures
Tulloch Group employs a robust range of technical and organizational measures to assure the confidentiality, integrity, and availability of personal data. These include:
– Data encryption in transit and at rest
– Role-based access controls and multi-factor authentication
– System firewalls and network monitoring
– Regular security audits and vulnerability assessments
– Staff training and awareness on data protection
– Resilient backup and disaster recovery protocols
While no system is infallible, we proactively mitigate risks and strive to maintain industry-standard security.
7. International Data Transfers
Where personal data is transferred outside the European Economic Area (EEA) or the United States, Tulloch Group ensures all recipients adhere to adequate levels of data protection. This may include the use of:
– Standard Contractual Clauses approved by the European Commission
– Data transfer agreements with appropriate safeguards
– Certification schemes or legal adequacy findings by governing authorities
We take all necessary steps to ensure that your personal data is treated securely and in compliance with applicable laws.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes outlined in this policy. The specific retention timeframes include:
– Account and Transaction Data: Retained for up to 7 years to comply with tax, contractual, and legal obligations.
– Communication Records: Maintained for 2 years for customer service and audit purposes.
– Marketing Preference Data: Stored until you withdraw consent or update your preferences.
– Usage Data: Retained up to 26 months for analytics and service optimization.
Upon expiration of retention periods, data is securely deleted or anonymized in compliance with best practices.
9. Cookie Policy
Tulloch Group uses cookies and similar technologies to enhance user experience, analyze traffic, and support functionality. Our cookies fall into the following categories:
– Essential Cookies: Necessary for core functionalities such as login, navigation, and security.
– Functional Cookies: Enable personalization and enhanced site behavior (e.g., saving preferences).
– Analytics Cookies: Gather anonymized data to understand usage patterns and improve site performance.
– Performance Cookies: Support load balancing and resource optimization.
All non-essential cookies require your explicit consent under GDPR and CCPA.
10. Cookie Management and Compliance
You can manage your cookie preferences at any time through the cookie consent banner when you visit tullochgroup.com or via the browser settings on your device. We honor all global privacy control signals and comply with GDPR and CCPA requirements by:
– Providing clear consent mechanisms
– Offering opt-out facilities for targeted advertising
– Responding promptly to do-not-sell requests (where applicable)
11. Children’s Privacy
Tulloch Group does not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have inadvertently collected such data, we will promptly delete it. Parents or guardians who believe we may have collected data from a child under 13 should contact us at [email protected].
12. Updates to This Privacy Policy
We may revise this Privacy Policy from time to time to reflect changes in legislation, technologies, or business practices. When changes are made, we will update the Privacy Policy on tullochgroup.com and, where the changes are material, notify users through appropriate channels.
Continued use of our services after changes are published constitutes your acceptance of the updated terms.
13. Contact
Should you have any questions, requests, or concerns regarding this Privacy Policy or how Tulloch Group handles your data, please contact us at:
Tulloch Group
Email: [email protected]
Website: https://tullochgroup.com
—
Tulloch Group is committed to full compliance with all applicable privacy regulations and upholding the rights and freedoms of all individuals whose data we process. If you have concerns about how your personal data is handled, we encourage you to contact us using the information provided above.