Privacy Policy

1. Introduction and Scope

Mornelle ("we," "us," or "our") is committed to protecting the privacy and personal data of every individual who interacts with our website located at https://queflornfrzit.world (the "Website"). This Privacy Policy explains in detail how we collect, use, store, share, and protect your personal information, and describes your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA), and other relevant United States federal and state privacy regulations.

This Policy applies to all visitors, users, and individuals who access our Website or submit information through our contact form. By using our Website, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of the Website.

This Policy does not apply to third-party websites, services, or applications that may be linked from our Website. We encourage you to review the privacy policies of any third-party services you access through links on our Website.

2. Identity and Contact Details of the Data Controller

The data controller responsible for the processing of your personal data is:

• Business Name: Mornelle
• Registered Address: 8350 W Grandridge Blvd Ste 200, Kennewick, WA 99336, United States
• Telephone: +1 (425) 977-5165
• Email: support@queflornfrzit.world
• Website: https://queflornfrzit.world

For all privacy-related inquiries, data subject requests, or concerns, please contact us using the details above. We aim to respond to all privacy-related communications within 30 days.

3. Personal Data We Collect

We collect personal data only to the extent necessary to provide our services and respond to your inquiries. The categories of personal data we may collect include:

3.1 Data You Provide Directly

• Contact Form Submissions: When you complete and submit our contact form, we collect your full name, email address, and the content of your message.
• GDPR Consent Record: When you submit the contact form, we record your explicit consent to the processing of your personal data for the purpose of responding to your inquiry, including the date and time of consent.

3.2 Data Collected Automatically

• Technical Data: When you visit our Website, our servers may automatically record certain technical information, including your IP address (in anonymized or truncated form where possible), browser type and version, operating system, referring URL, pages visited, time and date of visit, and time spent on pages.
• Cookie Data: We use cookies and similar tracking technologies to collect information about your browsing behavior on our Website. Please refer to our Cookie Policy for full details.

3.3 Data We Do Not Collect

We do not collect special categories of personal data (also known as sensitive data), including but not limited to data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a person's sex life or sexual orientation. We do not knowingly collect personal data from children under the age of 16.

4. Legal Bases for Processing Personal Data

We process your personal data only where we have a valid legal basis to do so. The legal bases we rely on are:

• Consent (Article 6(1)(a) GDPR): Where you have given us your explicit consent to process your personal data for a specific purpose, such as when you submit our contact form and tick the GDPR consent checkbox. You may withdraw your consent at any time by contacting us.
• Legitimate Interests (Article 6(1)(f) GDPR): Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. This includes processing technical data for website security, fraud prevention, and improving the performance and usability of our Website.
• Legal Obligation (Article 6(1)(c) GDPR): Where processing is necessary to comply with a legal obligation to which we are subject, such as retaining records for tax, accounting, or regulatory compliance purposes.

5. Purposes of Data Processing

We use the personal data we collect for the following specific purposes:

• Responding to Inquiries: To read, process, and respond to messages submitted through our contact form.
• Website Operation and Security: To maintain the technical operation of our Website, detect and prevent fraudulent or malicious activity, and ensure the security of our systems.
• Analytics and Improvement: To understand how visitors use our Website, identify areas for improvement, and optimize content and user experience. This processing is conducted only where you have consented to analytics cookies or where it falls within our legitimate interests using anonymized data.
• Legal Compliance: To comply with applicable laws, regulations, court orders, or legal processes, and to establish, exercise, or defend legal claims.
• Consent Records: To maintain records of consents provided, as required by data protection law.

6. Data Retention Periods

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law. Our specific retention periods are:

• Contact Form Data (name, email, message): Retained for a maximum of 24 months from the date of submission, or until the inquiry is fully resolved and no further follow-up is anticipated, whichever is shorter. After this period, data is securely deleted or anonymized.
• Consent Records: Retained for a period of 3 years from the date of consent, to demonstrate compliance with our legal obligations under GDPR.
• Technical/Log Data: Server log data is typically retained for a maximum of 90 days for security and diagnostic purposes, after which it is automatically deleted or anonymized.
• Cookie Data: Retention periods for cookies vary by cookie type. Please refer to our Cookie Policy for specific cookie lifespans.

Where we are required by law to retain data for a longer period (for example, for tax or accounting purposes), we will retain it for the legally required period and then securely delete it.

7. Data Sharing and Third-Party Disclosure

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data in the following limited circumstances:

• Service Providers (Data Processors): We may share data with trusted third-party service providers who assist us in operating our Website and providing our services (for example, web hosting providers, email service providers, and analytics platforms). These providers are contractually bound to process your data only on our instructions and in accordance with applicable data protection law. They may not use your data for their own purposes.
• Legal Requirements: We may disclose your personal data if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
• Business Transfers: In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your personal data may be transferred as part of that transaction. We will notify you via a prominent notice on our Website before your data is transferred and becomes subject to a different privacy policy.

Any third parties with whom we share data are required to implement appropriate technical and organizational security measures and to comply with applicable data protection laws.

8. International Data Transfers

Our Website is operated from the United States. If you are located outside the United States, please be aware that your personal data may be transferred to and processed in the United States, where data protection laws may differ from those in your country.

Where we transfer personal data from the European Economic Area (EEA), the United Kingdom, or Switzerland to countries that do not provide an equivalent level of data protection, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms. You may request a copy of the relevant safeguards by contacting us.

9. Your Rights Under Data Protection Law

Depending on your location and applicable law, you may have the following rights in relation to your personal data:

9.1 Rights Under GDPR (EEA/UK Residents)

• Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you and information about how we process it.
• Right to Rectification (Article 16): You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, where you withdraw consent, where you object to processing and there are no overriding legitimate grounds, or where the data has been unlawfully processed.
• Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested.
• Right to Data Portability (Article 20): Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
• Right to Object (Article 21): You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
• Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
• Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. In the US, you may contact the Federal Trade Commission (FTC). In the EU, you may contact your national Data Protection Authority.

9.2 Rights Under US Privacy Laws (California and Other States)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, disclose, and sell.
• The right to delete personal information we have collected from you, subject to certain exceptions.
• The right to opt out of the sale or sharing of your personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.
• The right to correct inaccurate personal information.
• The right to limit the use and disclosure of sensitive personal information.

To exercise any of your rights, please contact us using the details in Section 2. We will respond to your request within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

10. Security Measures

We take the security of your personal data seriously and implement appropriate technical and organizational measures to protect it against unauthorized access, accidental loss, destruction, or damage. Our security measures include:

• HTTPS encryption for all data transmitted between your browser and our Website.
• Access controls limiting access to personal data to authorized personnel only, on a need-to-know basis.
• Regular review of our data collection, storage, and processing practices.
• Contractual requirements for all third-party processors to maintain appropriate security standards.
• Procedures to deal with any suspected personal data breach, including notifying you and the relevant supervisory authority where legally required.

While we take all reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our Website is not directed at children under the age of 16, and we do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately using the details in Section 2. If we become aware that we have collected personal data from a child under 16 without verified parental consent, we will take steps to delete that information promptly.

12. Links to Third-Party Websites

Our Website may contain links to third-party websites, including Google Maps (embedded via iframe). These websites have their own privacy policies, and we do not accept any responsibility or liability for those policies or for the content of those websites. We encourage you to review the privacy policy of any website you visit. The inclusion of a link does not imply our endorsement of the linked website.

Google Maps is subject to Google's Privacy Policy, available at https://policies.google.com/privacy.

13. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our Website. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please refer to our Cookie Policy.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or by a prominent notice on our Website. We encourage you to review this Policy periodically to stay informed about how we protect your information.

Your continued use of our Website after any changes to this Privacy Policy constitutes your acceptance of the updated Policy.

15. Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on individuals. No decisions about you are made solely on the basis of automated processing of your personal data.

16. Data Protection Officer

We have not appointed a formal Data Protection Officer (DPO) as we do not meet the thresholds requiring mandatory DPO appointment under GDPR. However, all privacy-related inquiries should be directed to us using the contact details provided in Section 2, and we will ensure that a responsible person addresses your concerns promptly.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

• By mail: Mornelle, 8350 W Grandridge Blvd Ste 200, Kennewick, WA 99336, United States
• By phone: +1 (425) 977-5165
• By email: support@queflornfrzit.world

We are committed to working with you to resolve any privacy concerns you may have. If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.