Privacy Policy
1. Introduction
This Privacy Policy outlines the principles and practices of Double or Nothing (“we”, “us”, or “our”) with respect to the processing of personal data, and reflects our commitment to protecting your privacy and safeguarding your information. At https://double-or-nothing.com, we recognize the fundamental importance of privacy and transparency. We are dedicated to complying with all relevant data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), ensuring your personal data is handled responsibly, lawfully, and securely.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users and visitors of double-or-nothing.com, and to all personal data collected through the website, associated services, products, and interactions. For the purposes of the GDPR and other applicable data protection laws, the data controller responsible for your personal information is Double or Nothing, which can be contacted at [email protected].
3. Categories of Personal Data Processed
We process several categories of personal data depending on your interaction with our website and services:
a) Usage Data
Includes information about how you interact with our website, such as browser type, IP address, pages visited, dates and times of access, referring/exit pages, and session durations.
b) Account Data
Includes personal information such as your full name, email address, postal address, phone number, and any other data provided during account registration or updates.
c) Profile Data
Comprises transactional preferences, service usage patterns, historical purchases, interests, and behavioral activities on double-or-nothing.com.
d) Communication Data
Includes queries submitted via contact forms, email communications, customer support tickets, and communication logs.
e) Technical Data
Encompasses device identifiers, system configuration information, time zone settings, operating system type and version, hardware model, and related metadata.
f) Transaction Data
Includes information related to payments and purchases, billing addresses, delivery details, and order histories.
g) Preference Data
Covers marketing communications preferences, opt-in/opt-out statuses, personalization settings, and product or service interests.
4. Legal Bases for Processing
We rely on the following lawful bases for processing personal data in accordance with Article 6 of the GDPR:
– Consent: When you have explicitly granted us permission to process your data for specific purposes, such as marketing communications.
– Contractual Necessity: Where data processing is required for the performance of a contract with you, or to take steps at your request prior to entering into a contract.
– Legitimate Interest: Includes processing for improving website functionality, fraud prevention, analytics, and service optimization, except where overridden by your rights and interests.
– Legal Obligation: Where we must comply with legal or regulatory requirements.
5. Your Rights Under Data Protection Law
As a data subject, you are entitled to exercise the following rights:
– Right of Access – You may request confirmation of whether your personal data is being processed and obtain a copy of such data.
– Right to Rectification – You can request the correction of inaccurate or incomplete personal information.
– Right to Erasure (“Right to be Forgotten”) – Subject to specific conditions, you may request the deletion of your personal data from our systems.
– Right to Restrict Processing – You may request limited processing of your data under certain circumstances.
– Right to Data Portability – You can request to receive your personal data in a structured, machine-readable format and request transfer to another data controller.
– Right to Object – You may object to the processing of your data where we rely on legitimate interests, including profiling.
– Right to Withdraw Consent – Where processing is based on your consent, you may withdraw this consent at any time.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We have implemented robust technical and organizational measures to ensure the security and confidentiality of your personal data. These include:
– Data encryption at rest and in transit
– Role-based access control and user authentication protocols
– Routine system backups and secure data storage
– Regular security audits and vulnerability assessments
– Employee data privacy training and awareness programs
These measures are designed to prevent unauthorized access, disclosure, alteration, or destruction of data.
7. International Data Transfers
Where applicable, data may be transferred to and processed in countries outside of your jurisdiction, including countries outside of the European Economic Area (EEA). In such cases, we ensure adequate safeguards are in place, including the use of European Commission-approved Standard Contractual Clauses, and implementation of additional technical and organizational protections, in accordance with GDPR requirements.
8. Data Retention
We retain personal data only as long as is necessary for the purposes described in this policy:
– Usage and Technical Data — retained up to 12 months for analytics purposes
– Account and Profile Data — retained while the account is active and for 6 years after termination for legal and recordkeeping purposes
– Transaction Data — retained for 7 years to meet tax and accounting obligations
– Communication and Preference Data — retained for 24 months after the last user contact or consent action
– Cookie Data — retention aligned with cookie categories; see our Cookie Policy below
When data is no longer required, we securely delete or anonymize it.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience, provide analytics, and support functionality. The types of cookies used on double-or-nothing.com include:
– Essential Cookies: Necessary for core website functionality and secure operation
– Functional Cookies: Preserve user preferences and support site customization
– Analytics Cookies: Help us aggregate and analyze usage stats to improve the website
– Performance Cookies: Enhance speed and responsiveness based on usage behavior
10. Cookie Management and Legal Compliance
Upon first visit, you are presented with a cookie consent notice in compliance with GDPR and CCPA. You may modify or withdraw your consent at any time using our Cookie Settings interface accessible via website footer links or your browser settings.
Under CCPA, California residents have the right to opt out of the “sale” of personal information. Although we do not sell data in the traditional sense, some data sharing via cookies may constitute “sale” under CCPA terminology. You may opt out via the “Do Not Sell My Information” link provided on our website.
11. Children’s Privacy
Our services are not directed toward individuals under the age of 13. We do not knowingly collect or solicit personal data from children under 13. If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately at [email protected] for prompt removal.
12. Policy Updates and Changes
We reserve the right to amend or update this Privacy Policy periodically to reflect changes in legal, technical, or operational practices. Where material changes impact your rights, we will provide appropriate notice via website banners, emails, or other communication channels.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our handling of personal data, please contact our Data Privacy Manager at:
Email: [email protected]
We are fully committed to abiding by applicable data protection laws and to maintaining your trust. Please reach out to us with any privacy-related inquiries or issues.