‌CECESS PRIVACY POLICY‌

‌Last Updated: July 22, 2025‌

‌1. DATA COLLECTION SCOPE‌

We collect through cecss.com:

• ‌Identity Data‌: Name, contact details during registration
• ‌Behavioral Data‌: Browsing history, cart contents (via encrypted browser cookies)
• ‌Payment Data‌: Processed by PCI-DSS certified gateways; we only receive transaction status
• ‌Technical Data‌: IP address, device type (for fraud detection analytics)

‌2. LEGAL BASIS & PURPOSES‌

Processing under GDPR Article 6(1):

• Order fulfillment (Art. 6(1)(b))
• Personalized recommendations (Art. 6(1)(a) explicit consent)
• Security auditing (Art. 6(1)(f) legitimate interests)

‌3. THIRD-PARTY DATA SHARING‌

Strictly limited scenarios:

• ‌Logistics Partners‌: Minimal necessary dataset for delivery
• ‌Cloud Providers‌: AWS/GCP with signed Data Processing Agreements (DPA)
• ‌Legal Compliance‌: Requires valid judicial documentation

‌4. YOUR RIGHTS‌

You may:
✅ Export data via account dashboard
✅ Request deletion within 72 business hours
✅ Exercise CCPA opt-out rights at privacy@cecess.com

‌5. SECURITY PROTOCOLS‌

• TLS 1.3 encryption sitewide
• Annual penetration testing by Qualys
• ISO 27001-certified staff training

‌6. POLICY UPDATES‌

Material changes will:
① Trigger 30-day website banner notifications
② Deliver summaries to registered emails
③ Archive previous versions at /legal/archive