Privacy Policy for hearthdreamfield.com
1. Introduction
At hearthdreamfield.com, we are committed to protecting your personal data, ensuring your privacy, and upholding your rights in line with the highest standards of data protection. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit and interact with our website. We prioritize a privacy-first approach in everything we do and adhere to regulatory requirements, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of Policy and Controller Role
This Privacy Policy applies to all user interactions with hearthdreamfield.com, including browsing, account creation, purchases, and customer support inquiries. For the purposes of data protection laws, Hearth Dreamfield (hereinafter referred to as “we”, “our”, or “us”) is the data controller responsible for the processing of your personal data. You may contact us regarding data protection at [email protected].
3. Categories of Data Processed
We may collect and process the following categories of personal data:
A. Usage Data
Includes data such as your IP address, browser type and version, time zone settings, referring/exit pages, pages viewed, and session duration while using hearthdreamfield.com.
B. Account Data
Includes your name, email address, mailing address, phone number, and account login credentials, where applicable.
C. Profile Data
Includes your preferences, purchase history, product selections, and user behavior on the website, such as wishlists and saved items.
D. Communication Data
Includes the content and metadata of any communications sent to us, including support messages, email exchanges, and live chat interactions.
E. Technical Data
Includes details about the device you are using to access the site, operating system information, browser plugins, screen resolution, and other device configuration settings.
F. Transaction Data
Includes data associated with your purchases, including items ordered, billing and shipping information, order status, and payment confirmation information. Please note that we do not store full payment card information; payment data is handled securely by our third-party payment processors.
G. Preference Data
Includes your marketing and communication preferences, such as opt-in or opt-out choices, interest categories, and responses to surveys or promotional campaigns.
4. Legal Bases for Processing
We rely on the following legal bases to collect and process your personal data:
– Consent: Where you have explicitly provided consent for processing, such as subscribing to marketing communications.
– Contract Performance: Where data processing is necessary to fulfill our obligations under a contract with you, such as processing orders or providing customer service.
– Legal Obligation: Where we are legally required to process certain data, such as for compliance with tax or regulatory authorities.
– Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these are not overridden by your rights and interests. This includes data used for fraud detection, website functionality, and improvement of our services.
5. Your Rights
In accordance with applicable data protection laws, you have the following rights:
– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete personal data.
– Right to Erasure: Request that we delete your personal data, subject to legal retention requirements.
– Right to Restriction: Request limitation of the processing of your data under certain circumstances.
– Right to Data Portability: Receive a copy of your personal data in a commonly used format and transfer it to another data controller.
– Right to Object: Object to processing based on our legitimate interests or to the processing of personal data for direct marketing purposes.
– Right to Withdraw Consent: Where we rely on your consent, you may withdraw it at any time.
You may exercise any of these rights by contacting us at [email protected].
Residents of California may also exercise specific rights under the CCPA, including the right to know, delete, and opt out of the sale of personal information.
6. Security Measures
We implement technical and organizational measures to ensure the security of your personal data, including:
– Data encryption (SSL/TLS) for all communications and stored data where applicable.
– Role-based access controls to limit access to sensitive data.
– Routine backups to prevent data loss.
– Staff training and internal policies to maintain data security awareness.
– Regular review and testing of our security practices.
While we take all reasonable precautions, no method of transmission over the Internet or method of electronic storage is completely secure.
7. International Transfers
Your personal data may be transferred to and stored in countries outside of your country of residence. Where such international transfers occur, we ensure adequate safeguards are in place, including the use of Standard Contractual Clauses approved by the European Commission and compliance with applicable regional data protection requirements.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law. Data is retained as follows:
– Usage Data: up to 12 months
– Account Data: for the duration of the account plus 6 months
– Profile and Communication Data: for up to 2 years after the last interaction
– Technical and Preference Data: up to 12 months
– Transaction Data: for up to 7 years for compliance with tax and accounting obligations
Anonymized or aggregated data may be retained indefinitely for statistical or analytical purposes.
9. Cookie Policy
We use cookies and similar technologies to enable website functionality, improve performance, and analyze usage patterns. Categories of cookies we use include:
– Essential Cookies: Required for the functioning of hearthdreamfield.com, such as those used for login, checkout, or security.
– Functional Cookies: Enable personalization features such as saved preferences or language selection.
– Analytics Cookies: Help us understand how users interact with the website via tools like Google Analytics.
– Performance Cookies: Collect anonymous usage data to improve site responsiveness and features.
10. Cookie Management and GDPR/CCPA Compliance
Upon your first visit to hearthdreamfield.com, we offer a cookie banner to seek your explicit consent for non-essential cookies. You may manage or revoke your cookie consent at any time through our cookie settings panel.
California users can utilize the “Do Not Sell My Personal Information” link, where applicable, to manage data sharing preferences.
11. Children’s Data Protection
Our website and services are not directed to individuals under the age of 13. We do not knowingly collect personal data from children under 13 without verifiable parental consent. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information.
12. Policy Updates
This Privacy Policy is subject to change to reflect updates in our practices, regulatory requirements, or service changes. We encourage you to review this Policy periodically. Material updates may be communicated by website notifications or direct email where applicable.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or the way your data is handled, you may contact us at:
We are committed to ensuring your privacy rights are respected and will respond to inquiries in accordance with applicable data protection laws.
This Privacy Policy demonstrates hearthdreamfield.com’s commitment to protecting your information and ensuring compliance with GDPR, CCPA, and other relevant data privacy regulations. We encourage you to contact us with any privacy-related questions or concerns.