Privacy Notice
Effective date: 19 August 2025
Who we are: [Twin Peaks Café] (“we”, “us”, “our”) operates [https://www.twinpeakscafe.com] (the “Site”).
We care about your privacy. This notice explains what personal data we collect, why we collect it, how long we keep it, who receives it, and the rights you have under the GDPR and related laws.
1) Who is the controller?
Controller: [Twin Peaks Café
Contact: [chapterly.yours@gmail.com]
If you have questions about this notice or your data, email us at [chapterly.yours@gmail.com]. We aim to respond within 30 days.
2) What data we collect and why (purposes & legal bases)
| Activity | Data we process | Purpose | Legal basis |
|---|---|---|---|
| Site operation & security (hosting, performance, preventing abuse) | IP address, device/browser info, pages viewed, timestamps, basic logs | Keep the site running, secure, and debug issues | Legitimate interests (Art. 6(1)(f)) in operating a safe, reliable website |
| Cookies that are strictly necessary | Technical cookies only | Load pages, remember choices essential for the site | Legitimate interests / Performance of a contract (Art. 6(1)(f)/(b)) |
| Analytics (optional) | Pseudonymous usage data (page views, session length, referrers) | Understand content performance and improve the site | Consent (Art. 6(1)(a)) via our cookie banner |
| Marketing cookies (optional) | Cross-site identifiers, ad interactions | Personalize or measure marketing | Consent (Art. 6(1)(a)) |
| Comments (if enabled) | Name, email, comment content, IP (anti-spam) | Publish your comment and prevent spam/abuse | Legitimate interests (Art. 6(1)(f)) and/or Consent if required |
| Contact form / Email | Name, email, message content | Respond to your inquiry | Legitimate interests (Art. 6(1)(f)) or Contract if your request is service-related |
| Newsletter (if offered) | Name, email, subscription preferences | Send you updates you asked for | Consent (Art. 6(1)(a)); you can unsubscribe anytime |
| Social embeds (e.g., YouTube, Instagram) | May set third-party cookies/collect usage | Display embedded content | Consent (Art. 6(1)(a)) via cookie banner before loading non-essential embeds |
We do not sell your personal data.
3) Cookies & similar technologies
When you first visit, we ask for your consent to place non-essential cookies (analytics/marketing). You can change or withdraw your consent anytime via the “Cookie Settings” link in the footer.
Categories we use:
- Essential: required for core site features; no personal info for marketing purposes.
- Analytics (optional): help us understand traffic and improve content.
- Marketing (optional): personalize or measure ads/embeds.
[Add or link your cookie list if your banner generates one.]
4) Where data comes from
- Directly from you: forms, comments, subscriptions, emails you send us.
- Automatically: your browser/device when you use the Site.
- Third parties (optional): e.g., if a friend shares a referral or if we receive aggregated analytics.
We do not engage in automated decision-making that produces legal or similarly significant effects.
5) Who we share data with (recipients)
We use trusted service providers (“processors”) to host, maintain, and improve the Site. They process data only under our instructions.
Typical providers (edit to your setup):
- Hosting/CDN & security: [Your host/CDN].
- Website platform/plugins: WordPress, Anti-spam.
- Analytics (if used): Google Analytics 4.
- Embedded content: YouTube, Instagram, Facebook—only after you consent.
We require appropriate safeguards and data protection commitments in our contracts with providers.
6) International transfers
If data is transferred outside the EEA/UK (for example, to the US by some providers), we rely on adequacy decisions, standard contractual clauses (SCCs), and/or the provider’s Data Privacy Framework certification (where applicable) to protect your data.
7) How long we keep your data
We keep personal data only as long as necessary for the purposes above, then delete or irreversibly anonymize it.
Typical periods (adjust to your setup):
- Server logs & security events: up to 12 months.
- Contact form emails: up to 12 months after we close your inquiry.
- Newsletter data: until you unsubscribe or your account becomes inactive for 24 months.
- Comments: kept while published (you can request deletion).
- Analytics data (if used): retention configured to [e.g., 14 months].
8) Your rights
Under the GDPR, you can:
- Access your data and obtain a copy
- Rectify inaccurate or incomplete data
- Erase data in certain cases (“right to be forgotten”)
- Restrict processing in certain cases
- Object to processing based on legitimate interests or to direct marketing
- Data portability for data you provided to us, where technically feasible
- Withdraw consent at any time where processing is based on consent (this does not affect past processing)
To exercise your rights, email [chapterly.yours@gmail.com]. We may need to verify your identity. You also have the right to lodge a complaint with your local supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).
9) Children’s privacy
Our Site is not directed to children under 16. If you believe a child has provided us personal data, contact us and we will delete it.
10) Security
We use appropriate technical and organizational measures to protect your data, including HTTPS encryption, access controls, and least-privilege practices. No system can be 100% secure, but we work to safeguard your information.
11) Do you have to provide data?
You don’t have to provide personal data, but some features (e.g., leaving a comment or subscribing) won’t work without it. Essential cookies are required for the Site to function; non-essential cookies are optional.
12) Changes to this notice
We may update this notice from time to time. We’ll post the new version here and adjust the effective date above. If changes are material, we’ll provide a more prominent notice.