Privacy Policy
At Hearth Vibes Spaces (“we,” “us,” or “our”), accessible at hearthvibesspaces.com, we are firmly committed to respecting and protecting your privacy. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal data. We are dedicated to ensuring that your personal information is handled in a manner that is compliant with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction: Commitment to Privacy and Data Protection
We recognize the importance of data privacy and take our responsibilities seriously. This Privacy Policy is designed to transparently explain how we process your personal data and how you can exercise your rights in relation to that data. We prioritize data minimization, purpose limitation, and the robust safeguarding of all information you share with us.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all personal data collected through our website, hearthvibesspaces.com, and any related communications or services. Hearth Vibes Spaces acts as the data controller responsible for processing your personal data as provided through our platforms, interactions, and digital communications.
3. Categories of Data Processed
We collect and process the following categories of personal data:
a) Usage Data
This includes data such as your IP address, browser type and version, geolocation data, referral sources, pages visited, time and date of visits, and session duration. This information helps us analyze the performance and improve the functionality of our website.
b) Account Data
We may collect data that you provide during account creation or profile updates, including your full name, billing or shipping address, phone number, and email address.
c) Profile Data
This entails preferences, browsing behavior, and any product or service interactions on our site—used to personalize your experience and provide relevant offerings.
d) Communication Data
Includes your correspondence with us, such as emails, support requests, feedback forms, and history of your interactions with our customer service team.
e) Technical Data
Collected from your devices and systems when using our platform. This includes device identifiers, operating systems, connection type, and browser configurations.
f) Transaction Data
Comprises billing and payment-related information, order details, shipping addresses, and purchase history. Payment data is processed securely via third-party payment processors.
g) Preference Data
This includes marketing communication preferences, newsletter sign-ups, consent tracking, and interest indicators for personalized outreach.
4. Legal Bases for Processing
We rely on the following legal bases to lawfully process your personal data:
– Consent: Where you explicitly consent to the processing of your information (e.g., marketing emails, cookies).
– Contractual Necessity: To fulfill our contractual obligations when you purchase or register for our services.
– Legitimate Interests: For improving our business operations, fraud prevention, and ensuring the integrity of our services—provided your rights do not override these interests.
– Legal Obligation: Where necessary for compliance with legal obligations or court orders.
5. Your Rights
In accordance with GDPR and CCPA, you have the following rights:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You may request corrections to any inaccurate or incomplete data.
– Right to Erasure: Under certain conditions, you may request deletion of your data (“right to be forgotten”).
– Right to Restrict Processing: You may request a limitation on the processing of your data.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used format or have it transferred to another controller.
– Right to Object: You may object to data processing based on legitimate interests or direct marketing.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement rigorous security measures to protect your personal data. These include:
– Encryption of data in transit and at rest
– Role-based access controls and authentication protocols
– Regular data backups and incident response processes
– Staff training on data privacy principles and secure handling
Despite our thorough efforts, no online system is ever fully immune from security vulnerabilities. We encourage you to take appropriate measures to secure your own systems as well.
7. International Transfers
Your personal data may be transferred to, and processed in, countries outside of your jurisdiction, including countries that may not provide equivalent levels of data protection. Where we do so, we implement appropriate safeguards, such as the European Commission’s Standard Contractual Clauses or other legally approved mechanisms, to ensure your data remains protected.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, tax, or regulatory requirements. Typical retention periods include:
– Account and Transaction Data: Retained for up to 7 years for tax and audit purposes.
– Communication and Support Data: Retained for up to 3 years after closure.
– Marketing Preferences and Consents: Retained until you revoke your consent or request deletion.
Once data is no longer needed, it is securely deleted or anonymized to prevent identification.
9. Cookie Policy
Cookies are small text files placed on your device when you visit our website. We use the following types:
– Essential Cookies: Necessary for navigation and use of secure areas.
– Functional Cookies: Enable enhanced functionality and personalization.
– Analytics Cookies: Collect aggregate data on site usage for performance analysis.
– Performance Cookies: Monitor site availability and improve load time.
We do not use cookies for profiling without your consent.
10. Cookie Management and Compliance with GDPR & CCPA
You have full control over your cookie preferences. Upon visiting hearthvibesspaces.com, you will be presented with a cookie consent banner with the ability to accept or reject non-essential cookies. You can also modify your cookie settings through your browser preferences or through our cookie management tool.
Pursuant to CCPA, California consumers may opt-out of the “sale” of personal data by visiting our “Do Not Sell My Personal Information” page, where applicable.
11. Special Protections for Children Under 13
Our services and website are not intended for children under the age of 13. We do not knowingly collect personal information from individuals under 13. If we become aware that such information has been collected, we will take immediate steps to delete it. Parents or legal guardians who believe their child has submitted personal information may contact us at [email protected].
12. Policy Updates and User Notifications
We may update this Privacy Policy from time to time to reflect legal, technical, or operational changes. When changes are material, we will provide prominent notices on our website or notify you directly via email, where appropriate. We encourage users to review this policy periodically for the latest information on our privacy practices.
13. Contact Us
If you have any questions, concerns, or complaints regarding this Privacy Policy, or if you wish to exercise any of your data protection rights, please contact us at:
Email: [email protected]
Website: hearthvibesspaces.com
We are committed to compliance with data protection laws and welcome your inquiries. Please do not hesitate to reach out with any privacy-related concerns.