Privacy Policy
Hearth Roots Living (“we,” “us,” or “our”) is committed to protecting and respecting your privacy. This Privacy Policy outlines how we collect, use, store, and disclose your personal information when you interact with our website hearthrootsliving.com, in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Your personal data is handled with the utmost care and security in line with data protection principles. We are dedicated to transparency and empowering you with control over your data.
1. Scope of Policy and Data Controller Role
This Privacy Policy applies to all users of hearthrootsliving.com and governs the processing of personal data collected through our website, including through purchases, registrations, communications, and cookies. For the purposes of the GDPR, Hearth Roots Living is the data controller responsible for your personal information.
If you are a California resident, this policy also constitutes our Notice at Collection in accordance with the CCPA.
2. Categories of Personal Data We Process
We collect and process the following categories of personal information depending on your interactions with our services:
a) Usage Data:
Information about how you use our website, including IP address, browser type, referring URLs, page views, session length, and interaction details.
b) Account Data:
Personal information you provide when creating an account or making purchases, such as your full name, billing and shipping addresses, email address, and telephone number.
c) Profile Data:
Preferences, purchase history, content engagement, saved items, and user behavior patterns across hearthrootsliving.com.
d) Communication Data:
Records of your contact history with us, such as customer support inquiries, feedback messages, email threads, and responses via contact forms.
e) Technical Data:
Device identifiers, mobile platform information, operating system configuration, screen resolution, and system diagnostics relevant to your use of the site.
f) Transaction Data:
Details concerning orders placed, items purchased, payment method (limited to non-sensitive identifiers such as transaction reference codes), fulfillment status, and delivery logistics.
g) Preference Data:
Marketing consents, newsletter subscriptions, product category interests, communication preferences, and opt-in/opt-out choices.
3. Legal Bases for Processing
We process your personal data on the following legal grounds, as appropriate:
– Consent: Where you have explicitly given us permission to process certain data (e.g., subscribing to newsletters or accepting cookies beyond essential categories).
– Contractual Necessity: To fulfill a contract with you or take steps leading to a contract (e.g., processing an order or managing your account).
– Legitimate Interests: For purposes such as analyzing web traffic, improving customer experience, and preventing fraud, where such interests do not override your data rights.
– Legal Obligation: Where processing is necessary to comply with legal or regulatory requirements.
4. Your Privacy Rights
In accordance with the GDPR and CCPA, you hold significant rights in relation to your personal data:
– Right of Access: You may request information about the personal data we hold concerning you.
– Right to Rectification: You may request corrections to any inaccurate or incomplete personal data.
– Right to Erasure: You may request that we delete your data, subject to certain legal exceptions.
– Right to Restriction: You may request a limitation on the processing of your data under specific circumstances.
– Right to Portability: You may request a copy of your personal data in a structured, machine-readable format.
– Right to Object: You may object to certain processing activities, especially those based on legitimate interest or marketing.
– Right to Opt-Out (For CCPA): California residents have the right to opt out of the sale or sharing of personal information, even though we do not currently engage in such practices.
To exercise your rights, you may contact us at [email protected].
5. Security Measures
We implement robust technical and organizational measures to protect your data, including but not limited to:
– TLS encryption for data-in-transit
– Encrypted storage for sensitive information
– Access controls and role-based permissions for data access
– Firewalls and secure hosting environments
– Regular security audits and vulnerability assessments
– Staff training in privacy and data protection best practices
– Secure data backups and incident response plans
6. International Data Transfers
Where personal data must be transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including the execution of Standard Contractual Clauses and assessments of regional data protection equivalency. Transfers to the United States or other jurisdictions comply with legal frameworks ensuring adequate protection for your data.
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected. Retention periods may vary based on the data type and applicable legal or contractual obligations:
– Usage and Technical Data: Retained for a maximum of 24 months for analytical and security purposes.
– Account and Transaction Data: Retained for up to 7 years to fulfill legal accounting and reporting obligations.
– Communication and Support Records: Retained for up to 2 years following the last interaction.
– Marketing and Preference Data: Retained until withdrawal of consent or up to 3 years of inactivity.
8. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, perform analytics, and support core functions. Cookies are classified as follows:
– Essential Cookies: Necessary for the site to function (e.g., shopping cart, account login).
– Functional Cookies: Enhance usability, remember preferences or customize content.
– Analytics Cookies: Collect data in aggregate to understand how visitors use our website (e.g., Google Analytics).
– Performance Cookies: Optimize website performance through metrics on loading times and interaction quality.
We use both first-party and third-party cookies in accordance with applicable laws. Your consent is obtained where required before placing cookies, except for strictly necessary ones.
9. Cookie Management and Compliance
You may manage or withdraw your cookie consent at any time via the cookie management banner or browser settings. In accordance with GDPR and CCPA, we honor user consent, provide options to restrict non-essential cookies, and offer opt-out mechanisms for tracking technologies.
Do Not Track (DNT) signals are also respected where supported by browsers.
10. Children’s Privacy
Our website is not directed toward children under the age of 13, and we do not knowingly collect personal data from individuals in this age group. If we become aware that a child under 13 has provided personal information, we will delete such data promptly. Parents or legal guardians who believe that their child has submitted data to us are encouraged to contact us immediately at [email protected].
11. Policy Updates
We may update this Privacy Policy to reflect changes in law, technologies, or our data collection practices. Material changes to the policy will be communicated to you through appropriate means, such as notices on hearthrootsliving.com or email notification where applicable. Continued use of the website signifies your acceptance of the updated terms.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:
Hearth Roots Living
Email: [email protected]
Website: hearthrootsliving.com
We are committed to ensuring our practices remain compliant with applicable data privacy laws and welcome your feedback or inquiries. You have the right to lodge a complaint with your local data protection authority if your concerns are not adequately resolved.