Privacy Policy
At Hearthstone Dreams, available at hearthstonedreams.com, we are committed to protecting your privacy and safeguarding the personal data you share with us. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws. We value transparency and accountability in the processing of personal data and take your privacy seriously.
1. Introduction
At Hearthstone Dreams, we recognize the importance of privacy and data protection. We are dedicated to ensuring that your personal data is collected, used, and stored in a fair, lawful, and secure manner. This Privacy Policy reflects our deep commitment to honoring your privacy choices and protecting your data throughout its lifecycle.
2. Scope of the Policy and Data Controller Role
This Privacy Policy applies to personal data collected through your use of hearthstonedreams.com and any related services offered by Hearthstone Dreams. For the purposes of the GDPR, Hearthstone Dreams is the “data controller” of your personal data. As the controller, we determine the purposes and means by which your personal information is processed.
3. Categories of Data We Process
We may collect, use, store, and transfer the following categories of personal data:
a. Usage Data
Includes information such as browser type, IP address, referral source, time zone setting, access times, session durations, and pages visited. This data helps us understand how visitors interact with hearthstonedreams.com.
b. Account Data
Includes personal identifiers such as your name, billing and shipping address, email address, and phone number provided when you create an account or place an order.
c. Profile Data
Includes preferences, purchase history, interactions with our website, wishlists, saved items, and behavioral trends used for personalization.
d. Communication Data
Includes records of support inquiries, contact history, feedback, and correspondence through email or customer service tools.
e. Technical Data
Includes device type, operating system, screen resolution, browser version, and other configuration settings relevant for optimizing the site experience.
f. Transaction Data
Includes details of products purchased, order history, payment method, delivery address, and transaction confirmations.
g. Preference Data
Includes your consent and preferences concerning marketing communications, notification settings, and product interests.
4. Legal Bases for Processing
We process your personal data under the following legal grounds:
– Consent: Where applicable, we rely on your express consent to send marketing communications or use certain cookies.
– Contractual Necessity: Processing is necessary to perform contractual obligations such as processing your orders or providing support services.
– Legitimate Interests: We may process your data to improve site functionality, prevent fraud, or understand user behavior in ways that do not override your rights.
– Legal Obligations: Certain data may be processed to comply with obligations imposed by applicable laws and regulations.
5. Your Rights Under Data Protection Law
You have specific rights under GDPR, CCPA, and other relevant laws, which may include the following:
– Right of Access: You may request details of personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete information.
– Right to Erasure: You may request deletion of data where it is no longer necessary or you have withdrawn consent.
– Right to Restrict Processing: You may request limitations on processing in certain circumstances.
– Right to Data Portability: You may request a copy of your data in a portable format.
– Right to Object: You may object to processing based on our legitimate interests or direct marketing.
– Right to Non-Discrimination (CCPA): You will not receive discriminatory treatment for exercising your privacy rights.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We implement appropriate organizational and technical safeguards to ensure a high level of security for your personal data. These measures include, but are not limited to:
– SSL/TLS encryption for data transmitted over the internet
– Role-based access controls and permissions
– Secure data storage and automated backups
– Staff training on data protection responsibilities
– Regular vulnerability testing and monitoring
7. International Data Transfers
When we transfer your data outside the European Economic Area (EEA) or other originating jurisdictions, we do so in accordance with legal requirements. We implement Standard Contractual Clauses approved by the European Commission or rely on other lawful mechanisms to ensure your data is protected in the destination country.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected or to comply with legal, tax, or regulatory requirements. Retention periods include:
– Usage Data: 12 months from collection
– Account and Profile Data: For the duration of your account and up to 3 years post-deactivation
– Communication Data: Retained for up to 2 years
– Transaction Data: Retained for up to 7 years for accounting and compliance
– Technical and Preference Data: Retained as long as you remain an active user or until consent is withdrawn
9. Cookie Policy
We use cookies and similar technologies to enhance your experience at hearthstonedreams.com. These may include:
– Essential Cookies: Required for core site functionality such as account login and cart management
– Functional Cookies: Enhance site features and remember user preferences
– Analytics Cookies: Help us understand how users interact with the site via aggregated statistics
– Performance Cookies: Measure website performance and loading behavior
10. Cookie Management & GDPR/CCPA Compliance
You may manage your cookie settings at any time through your browser or through the website’s cookie consent banner. Where required by law, we will obtain your consent before placing cookies (except those strictly necessary). You can withdraw consent at any time without affecting your ability to use the site.
Under the CCPA, California users may opt out of the “sale” or “sharing” of personal data, including data collected by cookies. We honor Do Not Sell or Share My Personal Information requests in compliance with the CCPA.
11. Children Under the Age of 13
Hearthstone Dreams does not knowingly collect or solicit personal data from children under the age of 13. If we become aware that we have collected personal information from a child under this age without appropriate consent, we will delete it immediately. Parents or guardians who believe their child has provided information may contact us at [email protected].
12. Changes to This Privacy Policy
We reserve the right to modify this Privacy Policy as our practices evolve or as required by law. If material changes are made, we will provide notice via the website and, where appropriate, contact you directly.
13. Contact Information
If you have questions, requests, or concerns regarding this Privacy Policy or how we handle your personal data, please contact us:
Email: [email protected]
We are committed to maintaining full compliance with applicable data privacy laws, and we encourage users to contact us regarding any aspect of their privacy rights.