Privacy Policy
1. Introduction
At Hearthroots Homes (“we”, “our”, or “us”), accessible via hearthrootshomes.com, we are committed to protecting your privacy and safeguarding your personal data. Your trust is important to us, and we are dedicated to handling your information in a secure, transparent, and privacy-conscious manner. This Privacy Policy outlines how we collect, use, store, share, and protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of this Policy and Data Controller
This Privacy Policy applies to all visitors, users, and others who access or use our website, hearthrootshomes.com. Hearthroots Homes acts as the “data controller” for your personal data as defined under GDPR, and is responsible for processing your information in accordance with this Policy. Users in California are provided additional rights under the CCPA, which are likewise addressed herein.
3. Categories of Data Processed
We collect and process various categories of personal data depending on your interactions with our website and services:
a) Usage Data
This includes data on how you interact with our website, such as your IP address, browser type, referring/exit pages, date/time stamps, pages visited, and session duration.
b) Account Data
When you create an account or engage with us directly, we may collect your full name, mailing address, email address, and telephone number.
c) Profile Data
This includes information you choose to provide in relation to your preferences, previous purchases, product interests, and behavioral interactions with our website.
d) Communication Data
Includes data from support tickets, inquiries, emails, and other correspondence you initiate with us. This may also comprise history of interactions and resolved requests.
e) Technical Data
Collected automatically and may include device type, operating system, system configuration data, browser plug-in types, and platform settings.
f) Transaction Data
Encompasses payment information (processed through secure third parties), billing and shipping details, and records of purchases and transactions.
g) Preference Data
Includes your choices regarding email subscriptions, product/service notifications, and consents provided for marketing communications.
4. Legal Bases for Processing
We process your personal data in accordance with the legal foundations provided under GDPR and, where applicable, CCPA. Legal bases include:
– Contractual Necessity: To fulfill our obligations in providing products or services you have requested.
– Legitimate Interests: To improve our services, perform analytics, enhance security, and prevent fraud.
– Consent: For marketing communications or where required prior to processing non-essential cookies.
– Legal Obligation: To comply with applicable laws and regulatory mandates.
5. Your Rights
Subject to applicable law, and particularly under GDPR and CCPA, you have the following data protection rights:
– Right of Access: You may request a copy of personal information we hold about you.
– Right to Rectification: You have the right to correct inaccuracies in your data.
– Right to Erasure (“Right to be Forgotten”): You may request the deletion of your personal data under qualifying conditions.
– Right to Restriction of Processing: You may request to limit certain uses of your personal data.
– Right to Data Portability: You may request that your data be transferred to another service provider in a structured, commonly used, and machine-readable format.
– Right to Object: You may object to certain types of processing, particularly for direct marketing.
– California Rights Notice (CCPA): California residents may request a report of personal data collected, disclosure of business purposes, opt out of sale (we do not sell your data), and request deletion of their data.
To exercise these rights, please contact us at [email protected]. We may request verification of your identity before processing your request.
6. Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. These include:
– Data encryption during transmission using HTTPS.
– Access controls based on roles and principles of least privilege.
– Regular data backups and secure storage practices.
– Internal staff training on personal data privacy and cybersecurity.
While we make every reasonable effort to protect your information, no system is entirely immune to vulnerabilities. We encourage users to take precautionary steps to protect their own devices and accounts.
7. International Data Transfers
If we transfer your personal data outside of the European Economic Area (EEA) or your jurisdiction, we take steps to ensure protection through:
– Standard Contractual Clauses approved by the European Commission.
– Adequacy decisions, where applicable.
– Ensuring third-party service providers maintain equivalent levels of data protection compliance.
8. Data Retention
We retain personal data for only as long as necessary for the fulfillment of the purposes stated in this Policy, unless a longer retention period is required by law. Data retention schedules include:
– Account and Transaction Data: Retained for up to 7 years for legal and accounting purposes.
– Communication and Support Data: Retained for up to 3 years post-resolution.
– Usage and Technical Data: Retained for up to 2 years for analytics and security purposes.
– Marketing Preference Data: Retained until you withdraw consent or unsubscribe.
Once data is no longer required, it is securely deleted or anonymized.
9. Cookie Policy
We utilize cookies and similar technologies to enhance user experience and analyze site performance. Types of cookies used:
– Essential Cookies: Required for website core functionality (e.g., login, navigation).
– Functional Cookies: Enable personalization features like remembering login preferences.
– Analytics Cookies: Help us measure website performance and understand user behavior via tools like Google Analytics.
– Performance Cookies: Collect aggregated data for performance monitoring and trend analysis.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA:
– We provide you with a cookie consent banner when you first visit hearthrootshomes.com, allowing you to consent or reject non-essential cookies.
– You may manage or withdraw your cookie preferences at any time through your browser settings or through our Cookie Settings interface on the site.
– California users have the right to opt out of certain tracking and may configure their browser’s Do Not Track (DNT) settings accordingly.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from children under the age of 13. If we learn that we have inadvertently collected such data, we will delete it promptly. Parents or guardians who believe their child has provided us with personal data should contact us at [email protected].
12. Policy Updates and Notifications
We reserve the right to amend this Privacy Policy from time to time to reflect changes in legal, regulatory, or operational requirements. We encourage users to review this Policy periodically. Where changes materially affect your rights, we will notify you via prominent notice on hearthrootshomes.com or direct communication, where appropriate.
13. Contact
For any privacy-related questions, concerns, or to exercise your data rights, please contact us at:
Email: [email protected]
Website: hearthrootshomes.com
We are committed to maintaining transparency and accountability in data practices and strive to ensure that your personal information is handled in strict compliance with GDPR, CCPA, and all relevant data protection laws.