Privacy Policy of Hearth Living Fields

1. Introduction

At Hearth Living Fields (“we”, “us”, or “our”), accessible via hearthlivingfields.com, we are deeply committed to protecting your privacy and ensuring that your personal data is handled responsibly and in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and any other relevant legislation. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you interact with our website and services.

We uphold privacy as a fundamental right and operate with a privacy-by-design framework, incorporating strong security and transparency across all data practices.

2. Scope of This Policy and Data Controller Role

This Privacy Policy applies to visitors, users, and others (collectively, “users”) who access or use hearthlivingfields.com or interact with us through email, customer support, or any service channels. Hearth Living Fields is the data controller, meaning we determine the purposes and means of the processing of your personal data.

If you are located within the European Economic Area or California, this Policy is intended to inform you of your rights and our obligations according to the GDPR and CCPA frameworks.

3. Categories of Personal Data We Process

We may collect and process the following categories of personal data depending on your interaction with our website and services:

a. Usage Data
Includes information such as your IP address, browser type and version, operating system, referral source, length of visit, page views, clickstream behavior, and session data. This data allows us to analyze usage trends and improve website performance.

b. Account Data
Includes information you provide when creating or managing an account, such as your full name, email address, mailing and billing address, phone number, and account credentials.

c. Profile Data
Includes preferences, interests, feedback, reviews, surveys, and details on how you use products or services. It may also reflect information on your purchases and behavioral interactions with our digital platforms.

d. Communication Data
Includes any correspondence you have with us, such as customer service inquiries, complaints, general queries, and communication history via email (including messages to [email protected]) or contact forms.

e. Technical Data
Includes device identifiers, mobile network information, browser plug-in types, system configuration details, time zone settings, and platform type. This enables device compatibility and optimized performance delivery.

f. Transaction Data
Includes payment details, order history, delivery addresses, billing records, and other financial or logistical data associated with a transaction conducted via our website or services.

g. Preference Data
Includes your chosen marketing and communication preferences, such as email subscription status, targeted advertising settings, and expressed interest in products or promotions.

4. Legal Bases for Processing Personal Data

We collect and process your personal data under lawful bases defined by the GDPR and, where applicable, the CCPA. These include:

– Consent: When you voluntarily provide information, opt into marketing communications, or accept cookies.
– Contractual Necessity: To deliver goods and services you request or to respond to related requests.
– Legal Obligation: To comply with applicable financial, consumer protection, and operational laws.
– Legitimate Interest: To enhance user experience, improve services, prevent fraud, and perform analytics, unless overridden by your fundamental rights and freedoms.

5. Your Rights Under the GDPR and CCPA

Subject to applicable legislation, you have the following rights with respect to your personal data:

– Right of Access: Obtain confirmation that your data is being processed and access to your personal data.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of data no longer necessary or processed unlawfully.
– Right to Restriction of Processing: Request limited processing during a dispute or investigation.
– Right to Data Portability: Receive your provided information in a structured, commonly used, machine-readable format and transmit it to another controller.
– Right to Object: Object to processing carried out on legitimate interests or direct marketing basis.
– Right Not to be Subject to Automated Decision-Making: Where applicable, the right to not be subject to decisions based solely on automated means.

To exercise these rights, contact us at: [email protected]. We may need to verify your identity before responding to your request.

6. Security Measures

We employ industry-standard security measures to protect your personal information against unauthorized access, disclosure, alteration, and destruction. These include:

– End-to-end encryption of data transmissions.
– Two-factor authentication and access control for internal systems.
– Regular data backups and secure storage.
– Security awareness training for personnel.
– Ongoing system and software vulnerability assessments.

7. International Transfers

Personal data may be transferred, stored, and processed outside of your jurisdiction, including to countries that may not have equivalent data protection laws. In such cases, we use appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or equivalent mechanisms, to ensure adequate protection of your data across borders.

8. Data Retention

We retain your personal data only as long as necessary for the purposes for which it was collected or to comply with legal, regulatory, or contractual requirements. Specific retention periods include:

– Account Data: Retained until deletion request or inactivity beyond 24 months.
– Communication Records: Retained for up to 36 months for customer support resolution.
– Transaction Data: Retained for a minimum of 7 years in accordance with tax and financial regulations.
– Cookie Data: Retained as per business needs and in line with your consent preferences, with performance and analytics data retained for up to 12 months.

9. Cookie Policy

We use cookies and similar tracking technologies to enhance your experience and analyze site usage. Cookies may include:

– Essential Cookies: Necessary for core functionality such as navigation and account login.
– Functional Cookies: Remember your preferences and provide personalized features.
– Analytics Cookies: Collect aggregated data for website usage analysis (e.g., Google Analytics).
– Performance Cookies: Help monitor service quality and optimize performance.

10. Cookie Management and Compliance

Before any non-essential cookies are placed on your device, we will obtain your explicit consent through a cookie banner in compliance with GDPR guidelines.

You may manage cookie preferences via our website or through your browser settings. California residents have the right to opt-out of the “sale” of personal information, as defined by the CCPA. We do not “sell” your data in the conventional sense, but if you wish to exercise opting-out rights, you may do so via our Do Not Sell My Personal Information mechanism on the site or by contacting: [email protected].

11. Children’s Privacy

Our website and services are not intended for children under the age of 13. We do not knowingly collect or solicit personal information from individuals under 13. If we become aware of data collection from a child under this age without verified parental consent, we will promptly delete such information.

12. Policy Updates

We may update this Privacy Policy periodically to reflect changes in our practices, legal requirements, or operational needs. Users will be notified of material changes through a notice on hearthlivingfields.com or direct communication. Continued use of our services following changes constitutes your acknowledgment and acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or requests concerning this Privacy Policy or the processing of your personal data, please contact:

Hearth Living Fields
Email: [email protected]

We are committed to maintaining the highest privacy standards and invite you to contact us if you believe your rights have been violated or require clarification regarding our privacy practices.