Privacy Policy – Your Data Protection & Rights

Welcome to Trump Legacy Box. We are committed to protecting your personal information and your right to privacy. This Privacy Policy applies to all information collected through our website trumplegacybox.com, our products and services, and any related services, sales, marketing, or events (collectively referred to as the "Services").

This Privacy Policy describes how we collect, use, store, share, and protect your personal information, as well as your rights regarding that information. By using our Services, you acknowledge that you have read and understood this Privacy Policy.

Trump Legacy Box operates from Colorado, United States, and serves customers across all 50 states and internationally.

We collect several types of information from and about users of our Services. The categories of personal information we may collect include:

• Account Information: Name, email address, phone number, and password when you create an account.
• Order Information: Billing address, shipping address, payment information (processed securely through third-party payment processors), and purchase history.
• Communication Data: Information you provide when you contact customer support, subscribe to newsletters, or participate in surveys and promotions.
• User Content: Reviews, testimonials, comments, or other content you submit to our website.

• Device Information: IP address, browser type and version, operating system, device identifiers, and mobile network information.
• Usage Data: Pages visited, time spent on pages, links clicked, referring website addresses, and other usage statistics.
• Location Information: Approximate geographic location based on IP address.
• Cookies and Tracking Technologies: We use cookies, web beacons, pixels, and similar technologies to track activity and store certain information (see Section 8 for details).

• Payment Processors: Transaction confirmation and fraud prevention information from payment service providers.
• Shipping Carriers: Delivery status and tracking information from shipping partners.
• Marketing Partners: Aggregate demographic information from advertising platforms (Facebook, Google Ads).
• Social Media: Public profile information if you interact with our social media accounts.

We use the information we collect for various legitimate business purposes, including:

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your information for an unrelated purpose, we will notify you and explain the legal basis for doing so.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information based on the following legal grounds:

Legal Basis	Purpose
Contract Performance	Processing necessary to fulfill your order, provide services, and maintain your account.
Consent	Marketing communications, cookies (non-essential), and optional data processing activities.
Legitimate Interests	Fraud prevention, security, service improvement, and business operations (balanced against your rights).
Legal Obligation	Compliance with tax laws, accounting requirements, and legal processes.

We do not sell your personal information to third parties. We may share your information with the following categories of recipients:

We share information with trusted third-party service providers who assist us in operating our business:

• Payment Processors: To process credit card transactions and handle payments securely.
• Shipping Carriers: To deliver your orders (USPS, UPS, FedEx, DHL).
• Email Service Providers: To send transactional and marketing emails.
• Cloud Storage Providers: To securely store data and host our website.
• Analytics Providers: To analyze website traffic and user behavior (Google Analytics).
• Customer Support Tools: To manage customer inquiries and support tickets.

These service providers are contractually obligated to use your information only for the purposes we specify and to maintain appropriate security measures.

We may disclose your information when required by law or in response to:

• Valid legal processes (subpoenas, court orders, search warrants)
• Governmental or regulatory requests
• Protection of our legal rights or property
• Investigation of fraud, security threats, or illegal activity
• Protection of the safety of our users or the public

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of the business transaction. We will notify you of any such change and the choices you may have regarding your information.

We may share your information with third parties when you have given us explicit consent to do so.

Depending on your location, you may have certain rights regarding your personal information:

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
• Right to Delete: Request deletion of your personal information (subject to certain exceptions).
• Right to Opt-Out: Opt-out of the "sale" or "sharing" of your personal information (we do not sell personal information).
• Right to Correct: Request correction of inaccurate personal information.
• Right to Limit Use of Sensitive Information: Limit the use and disclosure of sensitive personal information.
• Right to Non-Discrimination: Exercise your privacy rights without discriminatory treatment.

Verification Process: To protect your privacy, we will verify your identity before responding to rights requests. This may require you to provide additional information to confirm your identity.

Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide written authorization or power of attorney.

To exercise any of your privacy rights, please contact us at:

• Email: [email protected]
• Subject Line: "Privacy Rights Request"
• Include: Your full name, email address, order number (if applicable), and specific request

We will respond to verified requests within 30 days (45 days for complex requests). There is no fee to exercise your rights, except in cases of excessive or repetitive requests.

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Data Type	Retention Period	Reason
Account Information	Duration of account + 30 days after deletion	Account management and legal obligations
Order History	7 years	Tax compliance and warranty support
Payment Information	Not stored (processed by third parties)	Security and PCI compliance
Marketing Communications	Until unsubscribe + 30 days	Compliance with unsubscribe requests
Website Analytics	26 months	Service improvement and trend analysis
Customer Support Tickets	3 years	Quality assurance and dispute resolution

When personal information is no longer needed, we securely delete or anonymize it in accordance with our data retention and disposal policies.

We use cookies and similar tracking technologies to collect and track information about your browsing activity on our website.

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, improve functionality, and provide analytics.

Cookie Type	Purpose	Duration
Essential Cookies	Required for website functionality (shopping cart, account login, security)	Session or up to 1 year
Performance Cookies	Collect anonymous data about website usage and performance	Up to 2 years
Functionality Cookies	Remember your preferences and settings (language, region)	Up to 1 year
Marketing Cookies	Track visitors across websites for advertising purposes	Up to 2 years

We may allow third-party service providers to place cookies on your device for analytics and advertising purposes:

• Google Analytics: Website traffic analysis and user behavior tracking
• Facebook Pixel: Advertising effectiveness and audience targeting
• Payment Processors: Fraud prevention and transaction security

You can control and manage cookies through your browser settings:

• Block All Cookies: Prevent all cookies from being set (may affect website functionality)
• Delete Cookies: Remove existing cookies from your device
• Third-Party Cookies: Block only third-party tracking cookies

For more information about managing cookies, visit your browser's help section or www.allaboutcookies.org.

Some browsers transmit "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals. We do not alter our data collection practices in response to DNT signals at this time.

We implement appropriate technical and organizational security measures to protect your personal information from unauthorized access, alteration, disclosure, or destruction.

Important: While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

Data Breach Notification: In the event of a data breach affecting your personal information, we will notify you and relevant authorities in accordance with applicable laws (within 72 hours for GDPR; without unreasonable delay for CCPA).

Trump Legacy Box operates from the United States. If you are located outside the United States, please be aware that information we collect will be transferred to, processed, and stored in the United States.

The United States may have data protection laws that differ from those in your country. By using our Services, you consent to the transfer of your information to the United States.

For data transfers from the European Economic Area to the United States, we rely on:

• Standard Contractual Clauses (SCCs): EU-approved model contracts for data transfers
• Adequacy Decisions: Where applicable, recognition of equivalent data protection standards
• Additional Safeguards: Supplementary measures to ensure data protection (encryption, access controls)

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18 years of age.

If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us immediately at [email protected]. We will promptly delete such information from our systems.

By making a purchase, you represent that you are at least 18 years old or have the consent of a parent or legal guardian.

Our website may contain links to third-party websites, social media platforms, or services that are not operated by us. This Privacy Policy applies only to our Services.

We are not responsible for the privacy practices or content of third-party websites. We encourage you to review the privacy policies of any third-party sites you visit.

When you interact with third-party services (such as payment processors or social media), their own terms and privacy policies will apply to that interaction.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make changes, we will:

• Update the "Last Updated" date at the top of this policy
• Post the revised policy on our website
• Notify you of material changes via email or prominent notice on our website (where required by law)

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information. Your continued use of our Services after changes are posted constitutes acceptance of the updated Privacy Policy.

California residents have the right to request information about personal information we have shared with third parties for their direct marketing purposes during the preceding calendar year.

Important: We do not share personal information with third parties for their direct marketing purposes. Therefore, we are not required to maintain or disclose such information under California Civil Code Section 1798.83.

Nevada residents have the right to opt-out of the sale of certain personal information to third parties who intend to license or sell that information.

We do not sell your personal information as defined under Nevada law. However, if you are a Nevada resident and wish to exercise this right, you may contact us at [email protected] with the subject line "Nevada Privacy Rights Request."

If you are located in the European Economic Area and believe we have not adequately addressed your privacy concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

For a list of EU data protection authorities, visit: https://edpb.europa.eu/about-edpb/board/members_en

We are committed to ensuring this Privacy Policy is accessible to all users. If you have difficulty accessing or understanding any part of this policy, please contact us at [email protected] and we will provide assistance or alternative formats.