Privacy Policy for Hearthroots Solutions
1. Introduction
Hearthroots Solutions (“we”, “us”, or “our”) is committed to protecting the privacy and personal data of individuals who interact with our website, hearthrootssolutions.com. We value your trust and are dedicated to being transparent about how we collect, use, disclose, and safeguard your personal information. Our Privacy Policy is designed to comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable data privacy laws.
2. Scope of Policy and Data Controller Role
This Privacy Policy outlines the types of personal data we collect through your use of hearthrootssolutions.com and our associated services, how we use that data, and your rights concerning it. For the purposes of applicable data protection legislation, Hearthroots Solutions is the data controller of your personal information.
3. Categories of Data Processed
We may collect, use, store, and transfer different types of personal data about you, as outlined below:
a. Usage Data
Includes information about how you use our website, such as your IP address, browser type and version, time zone setting, pages viewed, referring website addresses, time spent on each page, and navigation patterns.
b. Account Data
Includes your full name, billing and shipping address, email address, and phone number, typically collected when you create an account or place an order.
c. Profile Data
Includes your preferences, product interests, purchase history, and behavioral data, including interactions and patterns derived from your activities on hearthrootssolutions.com.
d. Communication Data
Includes records of communications sent or received via customer support forms, emails, or chat functionality, including timestamps, help topics, and resolution notes.
e. Technical Data
Includes data generated through your devices and systems, such as operating system, screen resolution, language settings, hardware configurations, and other technical identifiers.
f. Transaction Data
Includes details relating to purchases or orders, such as payment method, amount, currency, delivery preferences, and order status.
g. Preference Data
Includes your stated marketing and communication preferences, such as newsletter subscriptions, opt-in or opt-out statuses, and product or service interests you have selected.
4. Legal Bases for Processing
We only process personal data when there is a lawful basis to do so under GDPR (Article 6) and CCPA. Our legal grounds for processing include:
– Performance of a contract: Processing necessary to fulfill or enter into an agreement with you.
– Legitimate interests: Processing to pursue our business interests, e.g., improving customer experience, where such interests are not overridden by your rights and interests.
– Consent: Your explicit agreement to process data, such as subscribing to newsletters or accepting cookies.
– Legal obligation: Where processing is necessary for compliance with legal and regulatory requirements.
5. Your Rights
Under GDPR and CCPA, you are entitled to exercise the following rights, which we fully support and facilitate:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of any inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data, subject to certain exceptions.
– Right to Restriction: Request that we limit the processing of your data.
– Right to Data Portability: Request your data in a structured, commonly used, machine-readable format, or transfer it directly to another controller.
– Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
– Right to Non-Discrimination: CCPA grants California residents the right not to receive discriminatory treatment for exercising their rights.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We take rigorous steps to protect your personal data. Our data security protocols include:
– Encryption: Secure Socket Layer (SSL) encryption is used for data transmissions.
– Access Controls: Restricted access to personal data, governed by role-based permissions.
– Backups: Regular data backups to secure environments.
– Staff Training: Ongoing training to ensure our staff understands and complies with data protection protocols.
7. International Transfers
Your personal data may be transferred to and processed in countries outside your jurisdiction, including the United States and the European Economic Area. In such cases, we use Standard Contractual Clauses or other approved mechanisms to ensure appropriate safeguards are in place, consistent with GDPR and relevant regional data protection laws.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes it was collected for, including legal, accounting, and reporting requirements. Retention periods include:
– Account Data: Retained for the length of your relationship with us and up to 7 years post-termination.
– Transaction Data: Retained for compliance with financial and tax obligations for up to 7 years.
– Communication Data: Retained for up to 2 years for service and support purposes.
– Technical and Usage Data: Retained for up to 12 months after last interaction.
– Preference and Profile Data: Retained until consent is withdrawn or the data becomes obsolete.
9. Cookie Policy
We use cookies and similar tracking technologies to enhance user experience and serve relevant content. Cookies we employ include:
– Essential Cookies: Necessary for the operation of hearthrootssolutions.com (e.g. login, shopping cart).
– Functional Cookies: Remember user preferences and settings.
– Performance Cookies: Collect anonymous analytics data to improve service performance.
– Analytical Cookies: Track user behavior to understand how our website is used.
10. Cookie Management and Compliance with GDPR & CCPA
When you first visit hearthrootssolutions.com, you are presented with a cookie consent banner. You have the right to accept or reject non-essential cookies. You may also manage and withdraw your consent at any time by adjusting your browser settings or using the cookie preferences tool on our site. We comply with all data subject consent and opt-out requirements under GDPR and CCPA.
11. Special Protections for Children Under 13
Our website and services are not intended for children under the age of 13. We do not knowingly collect personal data from minors without verified parental consent. If we discover that we have inadvertently collected information from a child under 13, we will promptly delete such data. Parents or guardians who believe their child may have submitted personal data should contact us at [email protected].
12. Policy Updates and User Notifications
We may update this Privacy Policy from time to time in response to changes in applicable legal, technical, or business developments. Where required under applicable law, we will notify you of any significant changes and provide you with an opportunity to review them.
13. Contact Us
If you have any questions or concerns regarding our use of your personal data or this Privacy Policy, please contact us at:
Hearthroots Solutions
Email: [email protected]
Website: hearthrootssolutions.com
We are committed to full compliance with applicable data protection laws and welcome the opportunity to address your privacy-related inquiries.