Privacy Policy of HearthSaga.com

1. Introduction

HearthSaga.com (“we”, “us”, “our”) is committed to protecting and respecting your privacy. We understand the importance of safeguarding personal data and are dedicated to ensuring that your personal information is used appropriately, transparently, and in compliance with all applicable laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy sets out how we collect, use, disclose, and safeguard your personal data when you interact with our website, hearthsaga.com.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all users of hearthsaga.com and governs the processing of personal data collected through the website, whether as a visitor, customer, registrant, or other user. For the purposes of data protection laws, HearthSaga.com is the Data Controller of the personal data you submit through the website. If you have any questions or concerns about this Policy or our practices, you may contact us at [email protected].

3. Categories of Data Processed

We process the following categories of personal data:

a) Usage Data
Includes information about your visits and activity on our website, including browser type, referring URLs, IP address, pages visited, time spent on pages, session duration, and interaction information.

b) Account Data
When creating an account or making a purchase, you may provide your name, physical address, email address, and phone number.

c) Profile Data
Refers to details related to your website preferences, customizations, order history, product reviews, and other behaviors that help us personalize your experience.

d) Communication Data
Includes any correspondence you send to us, such as support inquiries, feedback, or contact requests. This may involve additional identifying and contextual information.

e) Technical Data
Covers device specifications, operating system, browser information, system configuration, device identifiers, and diagnostic data.

f) Transaction Data
Involves payment information (processed securely via third-party providers), billing address, purchase history, and order fulfillment details.

g) Preference Data
Includes your selections regarding communication preferences, marketing consent, and product categories of interest.

4. Legal Bases for Processing

We process personal data under the following lawful bases:

– Contractual Necessity: To fulfill our contractual obligations when you register an account or make a purchase.
– Legitimate Interests: To improve our website, deliver better services, and prevent fraud and abuse.
– Consent: When required by law, especially for sending marketing emails or placing non-essential cookies; consent can be withdrawn at any time.
– Legal Obligation: To comply with accounting, safety, and other regulatory requirements.

5. Your Rights

Subject to applicable law, you have the following rights over your personal data:

– Right to Access: You may request confirmation of whether we process your data and, if so, receive access to the data.
– Right to Rectification: You may request the correction of inaccurate or incomplete personal data.
– Right to Erasure: Also known as the “right to be forgotten,” you may request the deletion of your personal data under certain conditions.
– Right to Restriction: You may request that we restrict the processing of your data in certain circumstances.
– Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

To exercise these rights, please contact us at [email protected]. We may require verification of your identity before fulfilling such requests.

6. Security Measures

We implement a combination of technical and organizational measures to ensure the security of your data:

– Encryption: Data is encrypted in transit and at rest to prevent unauthorized access.
– Access Controls: Only authorized personnel are permitted to access personal data, with authentication protocols in place.
– Backups: Routine backups ensure data integrity and facilitate recovery in the event of incidents.
– Staff Training: Our team is trained regularly in best practices for privacy and security.

7. International Transfers

While our primary data servers may be located in the United States or other jurisdictions, we maintain appropriate safeguards for international transfers of personal data. Where data is transferred outside of your jurisdiction, we use Standard Contractual Clauses approved by the European Commission or other legally approved mechanisms to ensure compliance with GDPR and equivalent regional laws.

8. Data Retention

Your personal data will be retained for only as long as necessary to fulfill the purposes outlined in this Privacy Policy, and as required by applicable law. Typical retention periods include:

– Account Data: Retained for the duration of your account’s lifecycle and for up to 6 years thereafter to ensure legal compliance.
– Transaction Data: Maintained for at least 7 years for accounting and tax purposes.
– Communication Data: Retained for up to 3 years post-resolution for customer service tracking and audit purposes.
– Usage and Technical Data: Typically retained for no more than 24 months, unless extended for analytical or security reasons.

Upon expiration of retention periods, data will be securely deleted or anonymized.

9. Cookie Policy

HearthSaga.com uses cookies and similar technologies to enhance user experience and collect analytics. Categories include:

– Essential Cookies: Necessary for site navigation and core functionality.
– Functional Cookies: Enable personalization and remembering user choices and settings.
– Analytics Cookies: Help us understand site performance and user interaction via aggregated data.
– Performance Cookies: Improve speed and availability of the website.

We only set non-essential cookies with your consent in accordance with GDPR and CCPA.

10. Cookie Management and Compliance with GDPR & CCPA

Users are offered a clear cookie banner upon their first visit to hearthsaga.com, giving you the option to accept, reject, or customize cookie preferences. You can also adjust cookie settings at any time through your browser or within our on-site privacy controls.

Under CCPA, California residents have the right to opt-out of the “sale” of their personal data. HearthSaga.com does not sell personal data in the conventional sense but enables opt-out through our Cookie Preferences tool and by emailing [email protected] with your request.

11. Special Protections for Children Under 13

HearthSaga.com is not intended for children under the age of 13. We do not knowingly collect personal information from individuals under 13. If it comes to our attention that such data has been collected without verifiable parental consent, it will be deleted promptly. Parents or guardians who believe their child has submitted information may contact us at [email protected].

12. Policy Updates & User Notifications

We reserve the right to update this Privacy Policy in response to evolving legal, technical, or business developments. All changes will be posted on this page, and where appropriate, we will notify users through e-mail or platform alerts. Continued use of hearthsaga.com after updates constitutes acceptance of the revised policy.

13. Contact Us

If you have questions about this Privacy Policy, our data processing activities, or wish to exercise your rights, please contact us at:

Email: [email protected]
Website: https://hearthsaga.com

We are committed to privacy compliance and responsible stewardship of your data. For any further information or privacy-related concerns, we encourage you to reach out to us directly.