Privacy Policy for Hearthroots Pulse

1. Introduction

At Hearthroots Pulse (“we,” “our,” or “us”), we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website, hearthrootspulse.com (the “Site”), engage with our services, or communicate with us. We process your personal data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We adhere to a privacy-first philosophy, which means we minimize data collection, implement robust protections, and provide you with transparent access to your rights.

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to all personal data collected through hearthrootspulse.com. For the purposes of the GDPR, the data controller of your personal data is Hearthroots Pulse. If you are a resident of California, we also act as a “business” under the CCPA.

This Policy governs the information you provide to us through the Site, including any communication or transactions performed, and extends to data processed from both visitors and registered users.

3. Categories of Data We Process

We collect the following categories of personal data:

a. Usage Data
Information automatically collected when you access our Site, such as your IP address, browser type, access times, referring website, session duration, pages visited, and technical diagnostics.

b. Account Data
Data provided when you register an account or place an order, including your full name, residential or billing address, email address, and telephone number.

c. Profile Data
Information connected to your behavior and preferences on the Site, such as purchase history, item preferences, wish lists, and user-generated content.

d. Communication Data
Records of inquiries, support tickets, chat messages, emails, and contact history related to your interactions with our team.

e. Technical Data
Device-specific data such as operating system version, browser plugins, display settings, mobile device identifiers, and system configurations.

f. Transaction Data
Data relating to purchases made through the Site, including order information, payment method, shipping details, and transaction confirmation.

g. Preference Data
Marketing and communication preferences, including opt-ins, product interest tags, and newsletter subscription statuses.

4. Legal Bases for Processing

We process your personal data under the following legal bases as permitted by the GDPR:

– Consent: where you have explicitly agreed to our use of your data (e.g. newsletter subscriptions).
– Contractual necessity: where processing is required to fulfill our contract with you (e.g. fulfilling an order).
– Legal obligation: where we need to comply with a legal or regulatory requirement.
– Legitimate interest: where we use your information for reasonable purposes such as improving service quality, fraud prevention, and ensuring secure access to the Site, without overriding your fundamental rights.

For California residents, under the CCPA, we do not sell your personal information. We use your data only as defined within the permitted business purposes under the Act.

5. Your Rights

Subject to applicable law, you may exercise the following rights regarding your personal data:

– Right of Access – Obtain a copy of your personal data held by us.
– Right to Rectification – Request correction of incomplete or inaccurate data.
– Right to Erasure – Request deletion of your personal data where legally warranted (“Right to be Forgotten”).
– Right to Restriction – Request that we limit the processing of your data under certain circumstances.
– Right to Data Portability – Receive your personal data in a structured, commonly used, and machine-readable format.
– Right to Object – Opt out of processing based on legitimate interest or direct marketing.

To exercise your data rights, email us at [email protected]. We will verify your identity before processing any rights requests, as required by law.

6. Security Measures

We utilize multiple safeguards to ensure the protection and confidentiality of your personal data. These include:

– Industry-standard encryption protocols (SSL/TLS) for data in transit.
– Access control mechanisms and authentication barriers to secure data access.
– Regular system backups and disaster recovery services.
– Staff training on data protection and limited internal data access.

We monitor our systems for potential vulnerabilities and update our safeguards in accordance with evolving security standards.

7. International Transfers

Hearthroots Pulse operates with service providers and partners across jurisdictions. Where personal data is transferred outside of the European Economic Area (EEA), we ensure appropriate legal safeguards, including the execution of Standard Contractual Clauses and adherence to equivalent privacy frameworks in receiving jurisdictions.

8. Data Retention

We retain personal data only as long as necessary for the purpose it was collected or required by applicable law. General retention timeframes include:

– Usage Data – up to 12 months
– Account Data – retained while the account is active and for up to 6 years afterward for compliance
– Profile and Preference Data – retained while the user profile remains active
– Transaction Data – retained for up to 7 years for tax and accounting compliance
– Communication Data – retained for up to 24 months
– Marketing Data – retained until consent is withdrawn

Once the applicable retention period lapses, data is securely deleted or anonymized.

9. Cookie Policy

We use cookies and similar tracking technologies on hearthrootspulse.com to enhance user experience and analyze usage. Types of cookies we use include:

– Essential Cookies: Required for core website functionality (e.g. session management, navigation).
– Functional Cookies: Remember user choices (e.g. language, region).
– Analytics Cookies: Collect anonymized data on traffic, clicks, bounce rates for performance insights.
– Performance Cookies: Monitor performance issues and enable improvements to the Site.

Cookies are only stored with your informed consent where required, and we do not use cookies for non-essential purposes without permission.

10. Cookie Management and Compliance

Upon your first visit and periodically thereafter, we provide a cookie consent banner in accordance with GDPR and CCPA requirements. You may choose to:

– Accept all cookies
– Reject all non-essential cookies
– Customize cookie preferences through our preference center

You may also control cookies at the browser level and delete stored cookies at any time. However, disabling certain cookies may affect the functionality of the Site.

11. Children’s Privacy

We do not knowingly collect or process personal data from children under the age of 13. If you are a parent or legal guardian and believe your child has provided us with personal information, please contact us at [email protected], and we will take steps to delete such data as required under applicable law.

12. Updates to This Policy

We may update this Privacy Policy as necessary to reflect changes in legal obligations, technologies, or our data practices. Changes will be posted on this page, and where the changes are material, we may provide additional notice. Your continued use of hearthrootspulse.com constitutes acceptance of the revised policy.

13. Contact Us

For inquiries, requests, complaints, or concerns regarding this Privacy Policy or your personal data, please contact us at:

Email: [email protected]
Website: hearthrootspulse.com

We are committed to maintaining full compliance with international data protection laws and welcome any questions or suggestions related to privacy and data protection.