Privacy Policy for HearthRootsPulse.com

1. Introduction

At HearthRootsPulse.com (“we,” “us,” or “our”), we are unwaveringly committed to safeguarding your privacy and protecting your personal information. We undertake all processing of personal data in a manner consistent with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act of 2018 (“CCPA”), along with all other relevant international data protection frameworks. This Privacy Policy outlines how we process your personal data when you access our website or interact with our services.

2. Scope of This Policy and Role of Data Controller

This Privacy Policy applies to visitors, users, and customers (“you,” “your”) of HearthRootsPulse.com and describes the categories, purposes, and legal bases for processing your data. For the purposes of data protection laws, HearthRootsPulse.com is the data controller of the personal information we collect and process.

3. Categories of Data We Process

We collect and process the following categories of personal data for the objectives defined herein:

3.1. Usage Data
Information automatically collected when you use the website, including Internet Protocol (IP) addresses, browser type and version, geolocation data, date and time of visits, pages viewed, time spent on pages, referring URLs, and interaction patterns.

3.2. Account Data
Details provided at the time of creating an account, such as full name, postal address, email address, and telephone number.

3.3. Profile Data
Information associated with your activities on HearthRootsPulse.com, including settings, product selections, purchase histories, interests, and user-generated content.

3.4. Communication Data
Records of correspondence when contacting our customer support or submitting queries to [email protected], including support transcripts, response history, and feedback.

3.5. Technical Data
Device details such as operating system, device model, browser plug-in types, language preferences, mobile network data, and diagnostic logs.

3.6. Transaction Data
Payment and billing information used to process purchases, delivery details, order status, and invoice tracking. We do not store full credit card numbers; all payment details are securely handled by PCI-compliant third-party processors.

3.7. Preference Data
Information related to your marketing preferences and interests, including consents for newsletters, promotions, and product recommendations.

4. Legal Bases for Processing Personal Data

We rely on one or more of the following legal bases depending on the nature of the personal data and the context in which it is processed:

– Consent: When you provide informed, voluntary permission, particularly for marketing communications and unnecessary cookies.
– Contractual Necessity: To fulfill our contractual obligations with you, including account management and delivery of goods or services.
– Legitimate Interests: For analyzing usage trends, improving user experience, ensuring security, and developing services, balanced against your fundamental rights and freedoms.
– Legal Compliance: Where processing is required under applicable law, such as for tax, fraud prevention, or regulatory reporting.

5. Your Data Protection Rights

In accordance with GDPR and CCPA, you may be entitled to exercise certain rights in relation to your personal information, which include:

– Right of Access: Request information about the data we hold on you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure (‘Right to be Forgotten’): Request deletion of your personal information where legally applicable.
– Right to Restrict Processing: Request limited processing under certain conditions.
– Right to Data Portability: Obtain a digital copy of your data to reuse across different services.
– Right to Object: Withdraw consent or object to processing based on legitimate interests.
– Right Not to Be Subject to Automated Decision-making: Object to certain profiling or automated processes that produce legal effects.

To exercise any of the above rights, please contact us at [email protected].

6. Security Measures

We implement industry-standard technical and organizational measures to ensure the protection of your personal data:

– Data encryption (at rest and in transit)
– Role-based access controls and permissions
– Secure off-site backups and disaster recovery procedures
– Security and privacy awareness training for personnel
– Continuous system monitoring and threat detection practices

7. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA) or other regional jurisdictions that impose data transfer restrictions, we ensure adequate protection using:

– EU Standard Contractual Clauses (SCCs)
– Binding Corporate Rules
– Transfers to countries recognized by the European Commission as having adequate data protection laws

We regularly review our transfer mechanisms to remain compliant with evolving legal requirements.

8. Data Retention

We store personal data only for as long as necessary to fulfill the purposes outlined in this Policy. Retention periods vary by data type:

– Account and Profile Data: Retained for the lifetime of your user account and up to 6 months thereafter.
– Transaction Data: Retained for a minimum of 7 years for legal and auditing obligations.
– Communication Data: Retained for up to 2 years post-closure of request.
– Cookie Data: Expiry based on cookie type, ranging from session-based to 12 months.
– Usage and Technical Data: Aggregated and anonymized after 12 months.

9. Cookie Policy

We use cookies and similar technologies to enhance site functionality, user experience, and service performance. Our cookies fall into the following categories:

– Essential: Required for core functionality such as security and navigation.
– Functional: Enable enhanced personalization (e.g., saved preferences).
– Analytics: Collect aggregated behavior metrics for service improvement.
– Performance: Measure site performance and detect technical issues.

10. Cookie Management and Legal Compliance

Upon visiting HearthRootsPulse.com, users are presented with a cookie banner to manage preferences and grant or deny consent in compliance with GDPR and CCPA. You may modify your cookie preferences at any time via your browser settings or our cookie management tool.

Under CCPA, California residents may request a list of personal information collected and request that such data not be sold. We do not sell your personal data, but we provide controls to opt out of cookie-based tracking.

11. Children’s Privacy

We do not knowingly collect personal data from children under the age of 13. If we learn that a child’s information has been gathered without appropriate parental consent, we will take steps to delete such data promptly. If you believe your child has provided data, please contact us immediately at [email protected].

12. Policy Updates and Notification

We may update this Privacy Policy to reflect changes in our practices, legal obligations, or business operations. Such modifications will be communicated prominently on HearthRootsPulse.com. Continued use of our services following changes signifies acceptance of the revised terms.

13. Contact Us

For any questions about this Privacy Policy, the information we hold about you, or to exercise your data rights, please contact us at:

Email: [email protected]
Website: https://hearthrootspulse.com

We are committed to maintaining the highest privacy standards and ensuring that your data is handled with the utmost care and transparency.