Privacy Policy
1. Introduction
At Hearth Dream Crafts (“we”, “our”, or “us”), we are deeply committed to safeguarding your privacy and protecting your personal data. This Privacy Policy outlines how we collect, use, store, share, and safeguard personal information obtained through your interaction with our website, hearthdreamcrafts.com. We adhere strictly to international privacy principles, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), ensuring your rights and data are protected with the utmost care.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to all individuals interacting with hearthdreamcrafts.com, including users, customers, and visitors. Hearth Dream Crafts is the data controller responsible for your personal data collected via our website and related services. As data controller, we determine the purposes and means of processing your data, ensuring full compliance with applicable data protection regulations.
3. Categories of Data Processed
We process the following categories of personal data:
a. Usage Data
This includes data about how you use our website and services, such as your IP address, browser type and version, operating system, referral source, time zone settings, page views, navigation paths, and session duration.
b. Account Data
When you create an account or make a purchase, we collect personal information such as your full name, billing and shipping address, email address, and telephone number.
c. Profile Data
We may collect data associated with your preferences, purchases, order history, and behavior on hearthdreamcrafts.com.
d. Communication Data
This includes information contained in communications sent to us directly, support tickets, contact form submissions, or any customer service interactions. We retain contact history to handle inquiries and improve our services.
e. Technical Data
We gather technical details such as device identifiers, hardware type, software configuration, and browser plug-in types to ensure website performance and security.
f. Transaction Data
This includes payment data (processed via secure third-party processors), order content, delivery addresses, and details regarding completed transactions on our site.
g. Preference Data
We collect your communication preferences, such as marketing opt-ins, newsletter subscriptions, and interests in specific product categories.
4. Legal Bases for Processing
We process personal data on the following lawful grounds, as required by the GDPR:
– Consent: Where you have provided your clear permission for us to process your data for a particular purpose (e.g., marketing).
– Contractual Necessity: Where data processing is necessary for the performance of a contract to which you are a party, such as fulfilling a product order.
– Legal Obligation: Where we are required to comply with legal obligations, including tax or regulatory compliance.
– Legitimate Interests: Where processing is necessary for the purposes of our legitimate business interests, and these are not overridden by your rights and freedoms (e.g., fraud prevention, website analytics, internal analytics).
5. Your Rights
Under GDPR and CCPA, you have robust rights regarding your personal data:
– Right to Access: You can request access to personal data we hold about you.
– Right to Rectification: You may request that inaccurate or incomplete data be corrected.
– Right to Erasure: You may request deletion of your personal data, subject to legal obligations.
– Right to Restrict Processing: You have the right to limit how we use your data in certain circumstances.
– Right to Data Portability: You can obtain and reuse your personal data across different services.
– Right to Object: You may object to processing based on our legitimate interests or for direct marketing purposes.
– Right to Withdraw Consent: Where consent has been given, you may withdraw it at any time.
To exercise your rights, please contact us at [email protected].
6. Security Measures
We implement comprehensive technical and organizational security measures to safeguard the confidentiality and integrity of your data. These include:
– Industry-standard encryption protocols (such as HTTPS and SSL)
– Access controls and authentication mechanisms
– Regular security training for our team members
– Secure infrastructure and automated system backups
– Regular review and updating of our information security policies
7. International Transfers
Your data may be transferred to, and processed in, countries outside of your jurisdiction (including countries outside the European Economic Area). When such transfers occur, we ensure compliance through approved mechanisms such as Standard Contractual Clauses, ensuring adequate data protection standards consistent with GDPR and CCPA.
8. Data Retention
We retain personal data only as long as reasonably necessary for the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.
– Usage & Technical Data: Retained for up to 12 months.
– Account & Profile Data: Retained while your account remains active, and for 6 years thereafter for regulatory and tax purposes.
– Communication Data: Retained for 3 years from the date of your last interaction.
– Transaction Data: Retained for 7 years to comply with taxation and accounting laws.
– Preference & Consent Data: Retained until you change or withdraw your settings.
9. Cookie Policy
Our website uses cookies to improve your experience and to provide essential functions.
– Essential Cookies: Necessary for the functioning of the site (e.g., cart management, login authentication).
– Functional Cookies: Enable site customization and improved functionality.
– Analytics Cookies: Collect anonymized data on usage to help us understand visitor behavior.
– Performance Cookies: Monitor site performance metrics, such as load times and responsiveness.
10. Cookie Management and Compliance
You have full control over cookie preferences. When you first visit hearthdreamcrafts.com, you are presented with a cookie banner that allows you to manage your consent in compliance with GDPR and CCPA standards.
You can also control and manage cookies through your browser settings, including blocking or deleting them. Please note, disabling certain cookies may limit some website functionality.
11. Special Protections for Children
Hearth Dream Crafts does not knowingly collect or solicit personal data from children under the age of 13 and does not target its services to this age group. If we become aware that a child under 13 has provided us with personal data, we will delete such information promptly. Parents or guardians who learn that their child has provided us with data should contact us at [email protected].
12. Policy Updates
We may modify or update this Privacy Policy from time to time to reflect changes in our practices, legal updates, or operational requirements. Significant changes will be communicated to affected users via the website and, where appropriate, via direct communication methods. Your continued use of hearthdreamcrafts.com constitutes acceptance of any changes.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our data protection team at:
Email: [email protected]
We are committed to ensuring full compliance with GDPR, CCPA, and all applicable privacy regulations. You may also reach out to your regional Data Protection Authority or the California Attorney General as appropriate.
At Hearth Dream Crafts, protecting your privacy is a core value. Please contact us anytime with privacy-related questions or concerns at [email protected].