Privacy Policy
Hearthroots Solutions (“we,” “our,” or “us”) is committed to protecting the privacy, security, and integrity of all personal data collected from users (“you” or “your”) who access or interact with our website, hearthrootssolutions.com. This Privacy Policy outlines how we collect, use, store, share, and safeguard your information in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We are dedicated to maintaining a transparent and privacy-first approach in all our data practices.
1. Scope and Data Controller
This Privacy Policy applies to all personal data collected through hearthrootssolutions.com and related services. Hearthroots Solutions is the designated data controller responsible for determining the purposes and means of processing your personal information. For any questions or concerns regarding our data processing activities, please contact us at [email protected].
2. Categories of Data We Process
We collect and process various categories of personal data to provide and improve our services, operate our website efficiently, and maintain compliance with legal obligations:
– Usage Data: Includes information about how you use hearthrootssolutions.com, such as your IP address, browser type, device identifiers, pages visited, time and date of visits, referring URLs, and session duration.
– Account Data: Includes information you provide during account creation or sign-up processes, such as your full name, postal address, email address, phone number, and login credentials.
– Profile Data: Includes your preferences, service history, feedback, interests, behavior on our website, language preferences, and purchase records.
– Communication Data: Includes all messages, inquiries, and correspondence you send us, including email communications and support tickets.
– Technical Data: Includes information about your device and system configuration such as operating system, hardware version, browser extensions, and device event data.
– Transaction Data: Includes details related to payments made to us for services, including billing addresses, payment methods, delivery details, and transaction history.
– Preference Data: Includes marketing communication preferences, service interest indicators, and opt-in/opt-out selections.
3. Legal Bases for Processing
We process your personal data only when there is a valid legal basis to do so under GDPR and other applicable laws. These may include:
– Consent: Where you have given explicit consent to the processing of your personal data for specific purposes.
– Contractual Necessity: Where processing is required to enter into or perform our contractual obligations to you (e.g., providing services you have requested).
– Legitimate Interests: Where processing is necessary for our legitimate interests and those interests are not overridden by your rights and freedoms. This may include analytics, service optimization, fraud prevention, or maintaining security.
– Legal Obligation: Where processing is necessary for compliance with legal, regulatory, or judicial obligations.
4. Your Privacy Rights
Under GDPR, CCPA, and other applicable laws, you have specific rights regarding your personal data. These include:
– Right of Access: You may request access to your personal information that we process.
– Right of Rectification: You may request corrections to personal information that is inaccurate or incomplete.
– Right to Erasure: You have the right to request that we delete your personal data, subject to certain conditions.
– Right to Restrict Processing: You may request restriction of processing of your personal data when certain legal conditions are met.
– Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller.
To exercise any of these rights, please contact us at [email protected].
5. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security commensurate with the risks associated with data processing. These measures include but are not limited to:
– Secure data encryption during transmission and at rest.
– Access control policies with role-based permissions.
– Regular backups of critical systems and encrypted storage.
– Employee privacy training and confidentiality agreements.
– Ongoing monitoring, internal audits, and refinement of security protocols.
6. International Data Transfers
Your personal data may be transferred to, stored in, or processed in jurisdictions outside your country of residence, including countries not recognized by the European Commission as providing adequate data protection. When such transfers occur, we ensure appropriate safeguards are in place, including:
– Standard Contractual Clauses approved by the European Commission.
– Binding corporate rules or similar frameworks recognized under data protection law.
– Compliance with U.S. and international privacy frameworks where applicable.
7. Data Retention
We retain your data only for as long as it is necessary for the purposes outlined in this Privacy Policy or as required by applicable law. Retention periods vary by category of data:
– Usage and Technical Data: Retained for up to 12 months for analytics and monitoring.
– Account and Profile Data: Retained for the duration of your account and up to 5 years afterward for compliance and support.
– Communication Data: Retained for 3 years from the last interaction.
– Transaction Data: Retained for 7 years to meet legal and tax obligations.
– Marketing and Preference Data: Retained for as long as consent is valid or until you withdraw consent.
8. Cookie Policy
We use cookies and similar technologies on hearthrootssolutions.com to improve user experience, provide analytics, customize content, and deliver targeted advertisements where applicable. Our cookie categories include:
– Essential Cookies: Necessary for the proper functioning of the website.
– Functional Cookies: Enable enhanced features such as remembering preferences.
– Analytics Cookies: Assist in understanding user interactions and performance metrics.
– Performance Cookies: Optimize site loading times and improve responsiveness.
9. Cookie Management and Compliance
In compliance with GDPR and CCPA, we provide users with clear information and control over cookie usage:
– Upon first visit, users are presented with a cookie banner detailing consent options.
– You may manage cookie settings, withdraw consent, or modify preferences via our cookie management tool accessible on hearthrootssolutions.com.
– Do Not Track and Global Privacy Control signals are both respected where technically feasible.
10. Children’s Privacy
We do not knowingly collect or solicit personal information from children under the age of 13. If we become aware that data has been collected from a child under this age, we will take appropriate measures to delete such information promptly. Parents or guardians who believe their child’s data may have been submitted inadvertently are encouraged to contact us at [email protected].
11. Policy Updates
We may update this Privacy Policy from time to time to remain compliant with evolving legal requirements and to reflect changes to our data processing practices. Any updates will be posted to this page. If the changes are material, we will provide additional notice via prominent website banners, email updates, or other communication methods consistent with our legal obligations.
12. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:
Hearthroots Solutions
Email: [email protected]
Website: https://hearthrootssolutions.com
—
We are committed to full compliance with applicable data protection laws and to keeping you informed of your data rights. For any privacy matters, please do not hesitate to reach out to us at [email protected].