Privacy Policy for HearthDreamCrafts.com
1. Introduction
At HearthDreamCrafts.com (“we”, “us”, or “our”), your privacy is of paramount importance. We are committed to protecting the confidentiality, integrity, and availability of your personal data. This Privacy Policy explains how we collect, use, store, and disclose personal information in accordance with the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable privacy laws. Our commitment is grounded in transparency, accountability, and respect for individual privacy rights.
2. Scope and Data Controller
This Privacy Policy covers all personal data collected, processed, stored, and shared through HearthDreamCrafts.com. HearthDreamCrafts.com is the data controller for purposes of the GDPR and the business under the CCPA.
This policy applies to users of our website, customers, newsletter subscribers, and any individual whose data we process in connection with the operation of our e-commerce and digital services.
3. Categories of Data Processed
We collect and process the following categories of personal data, depending on your interaction with our services:
a. Usage Data
We collect technical and behavioral data about your interaction with our website, including your IP address, browser type and version, OS, web pages visited, time spent on pages, session duration, date/time stamps, and referral URLs.
b. Account Data
Collected when you create an account or place an order, including your full name, billing and shipping addresses, email address, and phone number.
c. Profile Data
Includes information voluntarily submitted to enhance your user experience or during purchases, such as wishlist items, previous order history, expressed preferences, and behavior on our site.
d. Communication Data
Encompasses your interactions with us, including messages sent through contact forms, support requests, reviews, feedback, and correspondence history.
e. Technical Data
Includes device identifiers, system configuration data, application logs, cookies, and other tracking technologies which assist us in securing and optimizing our digital infrastructure.
f. Transaction Data
Refers to financial and logistics-related data, including card type (we do not store full card numbers), billing details, order contents, delivery address, and shipping confirmation records.
g. Preference Data
Covers data related to your marketing preferences, consent status, subscription to email newsletters, and expressed interest in specific product categories.
4. Legal Bases for Processing
We process your personal data on the following lawful grounds:
– Performance of a Contract (e.g., processing your orders, managing your account)
– Consent (e.g., receiving marketing communications, accepting cookies)
– Legitimate Interests (e.g., improving our site, securing transactions, fraud detection)
– Compliance with Legal Obligations (e.g., tax or regulatory requirements)
When your consent is the basis for processing, you have the right to withdraw that consent at any time.
5. Your Privacy Rights
As a data subject under the GDPR or a consumer under the CCPA, you are entitled to the following rights:
– Right of Access: You may request a copy of personal data we hold about you.
– Right to Rectification: You may request corrections to inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, subject to legal retention obligations.
– Right to Restriction: You may ask us to limit the processing of your data in certain circumstances.
– Right to Data Portability: You may request to receive your personal data in a structured, machine-readable format.
– Right to Object: You may object to the processing of your data where processing is based on legitimate interests.
– Right to Non-Discrimination: Under the CCPA, you have the right not to receive discriminatory treatment for exercising your privacy rights.
Requests to exercise any of these rights may be submitted by contacting [email protected].
6. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These include:
– Industry-standard encryption of data in transit and at rest
– Strict access controls based on role and necessity
– Secure data center and cloud infrastructure
– Regular malware, vulnerability, and penetration testing
– Data backup and recovery procedures
– Mandatory employee privacy and security training programs
7. International Data Transfers
Where your personal data is transferred outside of the European Economic Area (EEA) or your jurisdiction of residence, we ensure that such transfers comply with applicable data protection laws. We rely on mechanisms such as Standard Contractual Clauses and ensure appropriate safeguards are in place.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including satisfying legal, accounting, or reporting obligations:
– Account Data: Retained while your account is active and for up to 6 years after closure
– Transaction Data: Retained for at least 7 years for tax and audit obligations
– Communication Data: Retained for 3 years after last interaction
– Preference and Usage Data: Retained for 2 years from last activity
– Cookie Data: Retained in accordance with cookie expiration settings (see Section 9)
Following expiration of the retention period, data is securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar tracking technologies to enhance user experience, measure traffic, and enable core website functionality. We categorize cookies as:
a. Essential Cookies: Required for core website operations, such as navigation and secure checkout.
b. Functional Cookies: Support site customization and remembering user preferences.
c. Analytics Cookies: Collect aggregated statistics on usage patterns to help improve our content and user experience.
d. Performance Cookies: Monitor and enhance site performance, responsiveness, and uptime.
10. Cookie Management and Legal Compliance
We honor your preferences regarding cookies and tracking technologies in accordance with GDPR and CCPA requirements. You may manage your cookie settings via the cookie banner or browser preferences. You may also revoke previously granted consent at any time.
Under the CCPA, California residents have the right to opt-out of the “sale” of personal information. While we do not sell your personal information in the conventional sense, you can manage your preferences and prevent unnecessary data sharing via the cookie settings or by contacting us at [email protected].
11. Children’s Privacy
Our website and services are not intended for children under the age of 13. We do not knowingly collect or solicit personal data from children. If we become aware that we have collected personal data from a child without verifiable parental consent, we will delete that information promptly.
12. Policy Updates
We reserve the right to update or amend this Privacy Policy at any time. When changes are made, we will reflect the updated policy on this page and adjust our internal documentation accordingly. We encourage users to review this page periodically for the latest information on our privacy practices. Significant changes in processing purposes or data rights will be communicated to you via email or on-site notification.
13. Contact Us
If you have any questions regarding this Privacy Policy, your personal data, or wish to exercise your rights under applicable data protection laws, please contact:
Data Privacy Officer
HearthDreamCrafts.com
Email: [email protected]
We are committed to resolving any privacy-related concerns in a prompt and respectful manner.
This Privacy Policy reflects our commitment to responsible data stewardship, full compliance with applicable laws, and placing your privacy first across all operations of HearthDreamCrafts.com.