Privacy Policy
At Hearthroots Haven, accessible via https://hearthrootshaven.com, we are committed to protecting your personal data and respecting your privacy. This Privacy Policy outlines our practices concerning the collection, use, and disclosure of personal information when you visit or interact with our website and services. By using our website, you acknowledge and agree to the terms set forth herein.
1. Commitment to Privacy and Data Protection
Hearthroots Haven values transparency and integrity in handling your personal information. We process data with a privacy-first approach, ensuring compliance with international data protection laws including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our goal is to provide a secure, trusted environment for all users.
2. Scope of This Policy and Our Role as Data Controller
This Privacy Policy applies to all personal data collected through hearthrootshaven.com and related services. For the purposes of data protection laws, Hearthroots Haven acts as the Data Controller, determining the purposes and means by which your personal data is processed. If you have any questions regarding this policy or our data practices, you may contact us at [email protected].
3. Categories of Data We Process
We collect and process the following types of personal data:
a. Usage Data
Includes information automatically collected when using our website such as IP addresses, browser types and versions, access times, pages visited, time spent on each page, referring URLs, and session identifiers.
b. Account Data
Includes identifiers you provide when creating an account with us, such as your name, billing/shipping address, email address, and telephone number.
c. Profile Data
Includes data relating to your preferences, order history, account activity, and behavioral patterns when interacting with our website.
d. Communication Data
Encompasses your interactions with our support and contact channels, including email exchanges, submitted forms, chat messages, and service feedback.
e. Technical Data
Covers information on the devices and technical environment you use to access our services, such as device types, operating systems, browser configurations, screen resolutions, and mobile information.
f. Transaction Data
Includes details of your purchases, payment status, payment methods used (excluding full payment details which are handled by PCI-compliant payment processors), and delivery tracking information.
g. Preference Data
Comprises information you voluntarily provide regarding communication preferences, newsletter subscriptions, marketing consent, and product interests.
4. Legal Bases for Processing Personal Data
We process your personal data under the following lawful bases:
– Contractual Necessity: To fulfill our obligations when providing services or completing transactions you request.
– Legitimate Interests: To improve user experience, manage security, analyze engagement, and prevent fraud where such interests are not overridden by your rights.
– Consent: For sending promotional materials, managing cookies, or other processing where your explicit consent is legally required.
– Legal Obligation: To comply with tax, regulatory, anti-fraud, or consumer protection laws.
5. Your Rights Under Data Protection Laws
Depending on your jurisdiction, you may have the following rights regarding your personal data:
– Right of Access: To request information about the personal data we hold concerning you.
– Right to Rectification: To request correction of inaccurate or incomplete information.
– Right to Erasure: To request the deletion of your personal data under certain conditions.
– Right to Restrict Processing: To request limitation on how we process your data.
– Right to Data Portability: To request transfer of your data to another controller in a structured, machine-readable format.
– Right to Object: To object to processing based on legitimate interests, particularly marketing.
To exercise any of these rights, please contact us at [email protected]. We will respond in accordance with applicable laws.
6. Security Measures
We implement robust security measures to safeguard your personal data, including but not limited to:
– Encryption of data in transit and at rest
– Role-based access controls and authentication protocols
– Secure servers and firewalls
– Regular system backups
– Staff training on compliance and confidentiality
While we strive to use commercially acceptable means to protect your information, no method of transmission or storage is entirely secure.
7. International Data Transfers
In certain cases, your personal data may be transferred and processed outside your country of residence, including to countries not deemed to provide adequate data protection by applicable authorities. When such transfers occur, they are governed by appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission and compliance measures aligned with GDPR and CCPA.
8. Data Retention
We retain your personal data for only as long as is necessary to fulfill the purposes outlined in this policy, including compliance with legal obligations:
– Usage and Technical Data: Retained for up to 26 months for analytics and security monitoring
– Account and Profile Data: Retained as long as your account is active, and up to 7 years after closure for legal compliance
– Transaction Data: Retained for 7 years for tax and auditing purposes
– Communication and Preference Data: Retained for up to 3 years following your last interaction or revocation of consent
9. Cookie Policy
Our website uses cookies and similar technologies to enhance your browsing experience. We categorize these cookies as follows:
– Essential Cookies: Required for basic operation of the website, such as navigation, login, and shopping cart functionality.
– Functional Cookies: Enable personalization features like language selection, product recommendations, and preference storage.
– Analytics Cookies: Used to gather anonymized usage data to improve our website performance.
– Performance Cookies: Monitor site reliability, responsiveness, and usage patterns.
10. Cookie Management and Compliance
Upon visiting hearthrootshaven.com, you will be presented with a cookie consent banner, allowing you to accept or manage cookie preferences in accordance with GDPR and CCPA requirements. You may also modify preferences at any time or configure your browser settings to disable cookies altogether. Essential cookies cannot be disabled, as they are critical to the operation of our site.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If you believe that a child under 13 has provided us with personal information without parental consent, please contact us immediately at [email protected], and we will take appropriate steps to delete such information from our systems.
12. Updates to This Privacy Policy
We may revise this Privacy Policy from time to time to reflect changes in legal requirements, data practices, or our service offerings. Any material changes will be communicated to you through appropriate channels. By continuing to use our website after changes are posted, you agree to the revised terms.
13. Contacting Us
If you have any questions, concerns, or complaints about this Privacy Policy or how your personal data is handled, please contact us at:
Email: [email protected]
Website: https://hearthrootshaven.com
We are committed to responding promptly and addressing your inquiries fully and transparently.
Compliance Statement
Hearthroots Haven is committed to full compliance with global data protection regulations, including GDPR and CCPA. Your privacy is of utmost importance. Please do not hesitate to reach out to us at [email protected] with any privacy-related concerns or requests.