Privacy Policy
1. Introduction
At Hearthspace Crafts (“we,” “us,” or “our”), accessible at hearthspacecrafts.com, your privacy is a primary concern and we are steadfastly committed to protecting the personal data of all individuals who interact with our website, products, and services. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with applicable global data privacy laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”), as amended.
We recognize the importance of transparency and accountability in our data practices and aim to handle all personal data with care, respect, and a privacy-first mindset.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through hearthspacecrafts.com, related services, communications, and interactions where we act as the data controller—that is, the party responsible for determining the purposes and means of processing your personal data.
This policy applies to visitors and users of hearthspacecrafts.com regardless of their location, and it governs our practices regarding both online and offline personal data collection.
3. Categories of Data Processed
Depending on your interactions with our website and services, we may collect and process the following categories of personal data:
a. Usage Data
Information about how you interact with our website, including your browser type and version, IP address, time zone setting, session length, pages visited, referring URLs, and clickstream data.
b. Account Data
Information you provide when registering for an account or completing a transaction, which may include your full name, billing and shipping address, email address, and telephone number.
c. Profile Data
Information about your preferences and interests, such as purchase history, wish lists, account settings, past reviews, and behavioral patterns while using hearthspacecrafts.com.
d. Communication Data
Records of your correspondence with our customer service team, including support requests, email communication, inquiries via our contact forms, or responses to surveys.
e. Technical Data
Details about your device and connection: device type, operating system, browser plug-in types and versions, screen resolution, language settings, and diagnostic data used for website performance optimization.
f. Transaction Data
Details related to your purchases, including order numbers, products ordered, purchase dates, payment methods, delivery details, and refund requests. Please note that payment card details are processed via third-party payment providers and not stored by us directly.
g. Preference Data
Marketing consents, subscription choices, communication preferences, and expressed interest in products or categories.
4. Legal Bases for Processing
When processing personal data, we rely on one or more of the following legal bases, as defined by GDPR:
– Contractual Necessity: To fulfill our contractual obligations, including order fulfillment and customer support.
– Legitimate Interest: To operate, analyze, and improve hearthspacecrafts.com and communicate relevant offers or product improvements, provided such interests are not overridden by users’ privacy rights.
– Consent: Where required, for marketing communications, cookies, and other optional data uses. You may withdraw consent at any time without affecting the lawfulness of prior processing.
– Legal Obligation: Where required for compliance with laws, such as accounting or consumer protection obligations.
Under CCPA, users also have the right to opt out of the “sale” or sharing of their personal information, where applicable.
5. Your Rights
Subject to local laws, you may have the following rights with respect to your personal data:
– Right of Access – You may request confirmation of whether we process your personal data and obtain a copy of such data.
– Right to Rectification – You may request correction of any inaccurate or incomplete personal data we hold about you.
– Right to Erasure – Also known as the “Right to be Forgotten”, you may request deletion of your personal data, subject to fulfilling certain legal obligations.
– Right to Restrict Processing – You may ask us to suspend processing of your data under limited circumstances.
– Right to Data Portability – Where applicable, you may request that we provide your personal data in a structured, commonly used format that can be transferred to another controller.
– Right to Object – You have the right to object to the processing of your personal data for direct marketing or where we rely on legitimate interests as our legal basis.
– Right to Non-Discrimination – Under the CCPA, you will not be discriminated against for exercising your data protection rights.
To exercise any of the above rights, please contact us at [email protected] with a clear description of your request.
6. Security Measures
We implement and maintain appropriate technical and organizational security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction. These measures include, but are not limited to:
– End-to-end encryption (TLS/SSL) for data in transit
– Secure access controls and authentication for internal systems
– Regular backups and disaster recovery plans to ensure data integrity
– Staff training programs on privacy and security best practices
– Procedures for breach detection, investigation, and mitigation
While no transmission or storage system is completely secure, we continuously evaluate our security strategies to mitigate risk.
7. International Data Transfers
Where your personal data is transferred outside of your home jurisdiction, including to jurisdictions that may not offer the same level of data protection, we ensure that such transfers are carried out in compliance with applicable data protection laws. For data transferred from the EU or UK, we implement safeguards such as:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Additional technical and organizational measures where required
We take care to comply with regional data protection frameworks while ensuring continuity in providing our services.
8. Data Retention
We retain your personal data only for as long as necessary to achieve the purposes for which it was collected, including:
– Usage Data – up to 24 months for diagnostics and analytics
– Account Data – active account duration + 6 years (for tax and legal compliance)
– Profile & Preference Data – until deletion of account or request for erasure
– Communication Data – up to 3 years for service history and quality assurance
– Technical Data – up to 12 months for performance optimization
– Transaction Data – 7 years for legal, financial, and regulatory compliance
Where data is no longer needed for legitimate business purposes or required by law, it will be securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to improve your experience on hearthspacecrafts.com. These cookies fall into the following categories:
– Essential Cookies – Necessary for the website to function and enable basic features like page navigation and secure checkout.
– Functional Cookies – Allow us to remember your preferences and enhance usability.
– Analytics Cookies – Help us understand how users engage with our website so we can improve performance and content.
– Performance Cookies – Used to test new features or monitor traffic for better site functionality.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA:
– You can manage your cookie preferences at any time via our cookie banner or settings page.
– We do not deploy non-essential cookies without obtaining your prior consent (for users in jurisdictions requiring it).
– You may also disable or delete cookies via your browser settings, though doing so may affect site functionality.
– Users in California can exercise their “Do Not Sell or Share My Personal Information” right using our dedicated privacy options.
11. Children’s Privacy
hearthspacecrafts.com is not intended for use by individuals under the age of 13. We do not knowingly collect or solicit personal information from children under 13. If we become aware that we have unintentionally collected such data, we will delete it promptly. Parents or guardians with concerns should contact us directly at [email protected].
12. Policy Updates
We reserve the right to modify this Privacy Policy to reflect changes to our practices, legal requirements, or service offerings. Whenever we update the policy, we will revise its content on hearthspacecrafts.com and, where legally required, notify users via appropriate means such as email or in-site banners.
We encourage users to review this Privacy Policy periodically to stay informed of how their data is handled.
13. Contact
For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:
Privacy Team
Hearthspace Crafts
Email: [email protected]
We are committed to upholding data privacy laws and will respond to all inquiries in a timely and respectful manner.
—
At Hearthspace Crafts, your privacy is central to our values. We continually strive for compliance with international regulations and best practices. Please feel free to contact us at [email protected] if you have any questions about your privacy or our data practices.