Effective Date: October 14, 2024

1. Introduction
At Brewfolk, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website [https://brewfolk.webflow.io/] or interact with our services, in accordance with the General Data Protection Regulation (GDPR).

By accessing our website, you consent to the terms outlined in this policy.

2. Data Controller Information
For the purposes of GDPR, Brewfolk is the data controller of your personal data. If you have any questions or concerns about this privacy policy, you may contact me at hello@hannahfox.co.  

3. Information We Collect
We may collect the following types of information:
- Personal Data: Any information that relates to an identified or identifiable individual, such as your name, email address, phone number, IP address, and other details provided voluntarily through forms or account registrations.
- Usage Data: Information automatically collected when you interact with our website, such as IP address, browser type, access times, and website activity.
‍
4. Legal Bases for Processing Personal Data
We process your personal data based on the following legal grounds:
- Consent: When you provide clear consent for us to process your personal data for specific purposes (e.g., marketing communications).
- Contractual Necessity: To perform the services you request (e.g., processing a contact form submission).
-Legitimate Interest: For purposes such as improving our website or preventing fraud, unless your rights override these interests.
- Compliance with Legal Obligations: When we are required to process your personal data to comply with legal regulations.

5. How We Use Your Personal Data: We use your personal data to:
- Provide and maintain our services.
- Improve website functionality and user experience.
- Respond to customer service inquiries and support requests.
- Send updates, marketing communications, or other information you have consented to receive.
- Comply with legal and regulatory obligations.

6. Data Sharing
We do not sell, rent, or trade your personal data. However, we may share information with:
- Service Providers: Third parties that assist in operating our website and services, such as hosting providers, analytics services, or email marketing platforms, only as necessary for the provision of their services.
- Legal Authorities: If required by law or to respond to valid requests from public authorities.

7. International Data Transfers
If we transfer your personal data outside of the European Economic Area (EEA), we will ensure that the data is protected in a manner that is consistent with the GDPR. This may involve ensuring that transfers are made to countries deemed to have adequate data protection laws or through the use of contracts approved by the European Commission.

8. Data Retention
We will retain your personal data only for as long as is necessary for the purposes outlined in this privacy policy or as required by law. Once the retention period expires, we will securely delete or anonymize your data.

9. Your GDPR Rights
Under GDPR, you have the following rights:
- Right to Access: You can request access to the personal data we hold about you.
- Right to Rectification: You have the right to request that we correct inaccurate or incomplete personal data.
- Right to Erasure: You can request that we delete your personal data in certain circumstances, such as when it is no longer needed for the purposes for which it was collected.
- Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain situations.
- Right to Data Portability: You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format.
- Right to Object: You can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: If we process your data based on your consent, you have the right to withdraw it at any time.

To exercise any of these rights, please contact me at hello@hannahfox.co.

10. Security of Your Data
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data. However, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security.

11. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of such external sites.

12. Changes to This Policy
We reserve the right to modify this Privacy Policy at any time. We will notify users of any changes by updating the effective date at the top of this policy. Continued use of the website after any modifications constitutes your acceptance of the updated policy.

13. Contact Us
If you have any questions about this Privacy Policy, or if you wish to exercise your rights, please contact hello@hannahfox.co

This version is GDPR-compliant, addressing data controller information, legal bases for processing data, international data transfers, and GDPR-specific rights. Make sure to update the contact information and address details accordingly.