Privacy Policy for Hearthway Crafts
1. Introduction
Hearthway Crafts (“we”, “us”, “our”) is fully committed to protecting and respecting your privacy. We understand the importance of safeguarding personal data and we are dedicated to ensuring that your personal information is processed in a fair, transparent, and lawful manner. This Privacy Policy describes how your personal data is collected, used, and shared when you visit or interact with our website at hearthwaycrafts.com (the “Site”). Our practices are aligned with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all users of hearthwaycrafts.com and covers all personal data that may be collected during your interactions with the Site. Hearthway Crafts is the data controller with respect to your personal data, which means we determine the purposes and means of processing your information.
If you have questions or need clarification regarding this policy, please contact our privacy team at [email protected].
3. Categories of Data Processed
We collect and process the following categories of personal data through hearthwaycrafts.com:
– Usage Data: Includes information about your browser type, operating system, IP address, referral URLs, pages viewed, and the dates/times of site access. Collected automatically through server logs, analytics tools, and cookies.
– Account Data: Information you provide when creating an account or placing an order, such as your full name, billing and shipping address, email address, and phone number.
– Profile Data: Includes user-specific information such as purchase history, saved preferences, behaviors on the Site, and interests derived from interactions with our content or products.
– Communication Data: Includes the content of your inquiries, customer service requests, submitted forms, feedback, or other correspondence shared with us via email, live chat, or the contact page.
– Technical Data: Includes information about the devices you use to access our Site, such as device type, operating system configuration, browser settings, screen resolution, and mobile carrier.
– Transaction Data: Includes payment method, billing details, order confirmations, delivery information, and transaction history. Payment card data is securely processed by third-party payment processors and is not stored on our servers.
– Preference Data: Includes your consents and choices with regard to marketing communications, product alerts, newsletter sign-ups, and your interest in specific categories of products.
4. Legal Bases for Processing
We rely on the following lawful bases under GDPR and equivalent standards under CCPA for the processing of your personal data:
– Consent: Where you have freely given clear and unambiguous consent, such as subscribing to newsletters or agreeing to cookies.
– Contractual Necessity: To perform our contract with you, including processing your orders, managing your account, and delivering purchased products.
– Legitimate Interests: Where it is necessary for our legitimate business interests provided that such interests are not overridden by your fundamental rights and freedoms. This includes fraud prevention, improving user experience, and direct marketing related to products similar to those you’ve previously purchased.
– Legal Obligation: To comply with applicable laws and regulatory requirements.
5. Your Rights
As a data subject under GDPR and a consumer protected by CCPA, you have the following rights concerning your personal information:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete information.
– Right to Erasure: Also known as the “right to be forgotten,” you can request deletion of your personal data, subject to retention policies described below.
– Right to Restriction of Processing: You may request that processing be limited in certain circumstances.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly-used machine-readable format.
– Right to Object: You may object to certain types of processing, including direct marketing.
– Right to Non-Discrimination (CCPA): You have the right to equal service and price, even if you exercise your privacy rights.
To exercise any of the rights enumerated above, please email [email protected]. We may need to verify your identity before responding to your request.
6. Security Measures
We implement technical and organizational security measures designed to protect your personal data against unauthorized access, disclosure, or destruction. These include:
– Data encryption (in transit and at rest)
– Secure access controls and system authentication
– Regular data backups and security audits
– Employee privacy and security training
While no system is completely secure, we continuously improve our safeguards to protect your data.
7. International Transfers
Wherever personal data is transferred outside the European Economic Area (EEA), including to our service providers, we ensure appropriate safeguards are in place to comply with GDPR and related laws. These safeguards may include Standard Contractual Clauses issued by the European Commission or other legally-approved mechanisms. For users under the protection of CCPA, similar provisions apply to ensure your data is handled in accordance with California’s statutory requirements.
8. Data Retention
We retain personal data only for as long as necessary for the purposes outlined in this policy, including:
– Account and Transaction Data: retained for 7 years for financial and legal record-keeping
– Communication Data: retained for 3 years after the last interaction
– Marketing Preferences: retained until consent is withdrawn
– Usage and Technical Data: retained for up to 2 years for analytics
Once retention periods expire, data are securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance user experience on hearthwaycrafts.com. Cookies are small data files stored on your device. They help us to:
– Enable essential features (account log-in, shopping cart)
– Personalize your experience
– Analyze site performance
– Offer targeted advertisements
Types of cookies we use:
– Essential Cookies: Necessary for basic site functionality
– Functional Cookies: Remember user preferences and choices
– Performance and Analytics Cookies: Help identify usage trends, page load speeds, and improve the overall experience
– Targeting Cookies: Deliver relevant advertisements and limit repetitions
10. Cookie Management and Compliance
When you first visit hearthwaycrafts.com, a cookie consent banner will appear allowing you to accept or decline non-essential cookies. You may change or withdraw your consent at any time via our Cookie Settings page.
In addition:
– GDPR users can manage consents under Article 6(1)(a)
– CCPA users can opt-out of the sale or sharing of personal information via a “Do Not Sell or Share My Personal Information” link, available on the Site
You may also use browser settings to block or delete cookies. However, certain features of the Site may not function properly without them.
11. Children’s Privacy
Our services are not directed to children under the age of 13 and we do not knowingly collect personal data from minors without verifiable parental consent. If we become aware that we have collected data from a child under 13, we will take steps to delete such information promptly. Parents or guardians who believe we may have collected data from a child under 13 should contact us at [email protected].
12. Policy Updates
We reserve the right to amend this Privacy Policy at any time in order to reflect changes in our practices, legal requirements, or technological advancements. When changes are made, we will update this page and, where appropriate, provide notification via email or on the Site. Continued use of hearthwaycrafts.com constitutes your acknowledgment of any updates.
13. Contact Us
For any questions regarding this Privacy Policy, your personal data, or to exercise your rights, please contact us at:
Email: [email protected]
This Privacy Policy is designed to ensure transparency in how your data is used and to help you make informed decisions. We are committed to compliance with all applicable privacy laws and to earning and maintaining your trust.