Privacy Policy
1. Introduction
At Garden Hug (“we,” “us,” or “our”), accessible at gardenhug.com, we respect and are committed to protecting your privacy. We value transparency and uphold the highest standards of data protection in our operations. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information, and your rights in relation to your data under the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other applicable laws.
We encourage you to read this Privacy Policy carefully to understand our practices regarding your data and how we protect it.
2. Scope of Policy and Data Controller
This Privacy Policy applies to users of gardenhug.com and associated services. We act as the “data controller” under GDPR and as the “business” under the CCPA when processing your personal data. As data controller, Garden Hug determines the purposes and means of processing your personal information.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a. Usage Data
This includes information about how you use our website, such as Internet Protocol (IP) addresses, browser type and version, time zone settings, pages visited, session duration, referral URLs, and navigation patterns.
b. Account Data
We collect account-specific data when you create an account or provide information through forms. This may include your name, billing and shipping address, email address, telephone number, and credentials (where applicable).
c. Profile Data
Collected information related to your preferences, transaction history, wish lists, purchase behavior, and product interests.
d. Communication Data
Data exchanged through customer support channels, including emails, inquiries, live chat transcripts, and any other interactions initiated by you.
e. Technical Data
Includes details about your device and software, such as IP address, device model, operating system, screen resolution, and browser characteristics.
f. Transaction Data
This includes payment details (processed via our secure third-party vendors), order history, invoice information, and delivery preferences.
g. Preference Data
Captured based on consents for marketing communications, opt-ins/opt-outs, and stated interests or preferences you provide on the site.
4. Legal Bases for Processing
We process your personal data in accordance with the following lawful bases, as allowed under GDPR:
– Contractual Necessity: Processing is necessary to perform a contract with you or to take steps prior to entering into a contract (e.g., fulfilling orders, account creation).
– Legitimate Interests: Where we have a legitimate business interest, provided your rights and freedoms do not override such interests (e.g., analytics, preventing fraud, improving services).
– Consent: Where you have given clear and unambiguous consent (e.g., receiving newsletters, enabling cookies beyond those strictly necessary).
– Legal Obligation: Processing is required to comply with applicable laws (e.g., tax, accounting, regulatory requirements).
5. Your Rights
You are entitled to the following rights regarding your personal data:
– Right of Access: Obtain confirmation as to whether we process your personal data and access to that data.
– Right to Rectification: Request corrections to inaccurate or incomplete data.
– Right to Erasure: Request deletion of your data where lawful grounds permit.
– Right to Restrict Processing: Limit the processing of your data under certain circumstances.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format and transmit to another controller.
– Right to Object: Object to processing based on legitimate interests or direct marketing.
– Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
To exercise any of these rights, you may contact us using the details provided in Section 13.
6. Security Measures
We implement industry-standard technical and organizational measures to safeguard your data. These include:
– Encryption protocols (e.g., HTTPS, TLS for data in transit)
– Access control policies and role-based authorization
– Secure server environments and regular vulnerability scans
– Routine offsite and encrypted data backups
– Training and confidentiality agreements for all employees handling personal data
While absolute security cannot be guaranteed, we continuously strive to secure your data against unauthorized access, misuse, or disclosure.
7. International Data Transfers
Your data may be transferred to and processed in countries outside your country of residence, including countries not considered to offer an equivalent level of data protection as in the European Economic Area (EEA). In such cases, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses or rely on other lawful transfer mechanisms.
8. Data Retention
We retain personal data only for the duration necessary to fulfill the purposes outlined in this Privacy Policy, including legal, accounting, and reporting obligations. Retention periods vary depending on data type:
– Account and Profile Data: Retained for the life of your account and a period thereafter consistent with applicable limitation periods.
– Transaction Data: Retained for a minimum of 7 years to comply with financial and legal obligations.
– Communication and Support Records: Typically retained up to 3 years from the last point of contact or resolution.
– Preference and Marketing Contact Data: Retained until you withdraw your consent or object to such processing.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, analyze traffic, and support core site functionality.
Types of cookies used:
– Essential Cookies: Necessary for the operation of gardenhug.com (e.g., account login, cart functions).
– Functional Cookies: Enhance features and personalize content (e.g., remembering site preferences).
– Analytics Cookies: Help us understand user behavior through aggregate data (e.g., time on site, page views).
– Performance Cookies: Optimize site responsiveness, speed, and scalability.
10. Cookie Management and Compliance
Garden Hug’s cookie practices comply with GDPR and CCPA regulations. Upon your first visit, we present a cookie banner allowing you to consent to or reject non-essential cookies. You may adjust your preferences via the site’s cookie settings at any time.
Under the CCPA, California residents may opt-out of the “sale” of personal information where applicable through a designated “Do Not Sell My Personal Information” link.
11. Children’s Privacy
gardenhug.com is not intended for and does not knowingly collect personal information from children under the age of 13. If we learn that we have unintentionally collected such data, we will delete it promptly. Parents or guardians who believe their child has submitted personal data may contact us via the details in Section 13.
12. Policy Updates & User Notifications
We reserve the right to update or modify this Privacy Policy at our discretion. Changes will be posted on gardenhug.com. Where substantial changes are made, we may provide additional notice, such as email notification or website banner. Continued use of the website following any modifications signifies acceptance of the updated policy.
13. Contact Us
For any inquiries regarding this Privacy Policy or to exercise your rights, please contact:
Data Protection Officer
Email: [email protected]
Website: https://gardenhug.com
We fully support your privacy rights and are committed to resolving any concerns in accordance with applicable data protection laws.
Garden Hug is committed to full compliance with global privacy laws, including GDPR and CCPA. If you have any questions or concerns about how your data is handled, please reach out to us using the contact information provided above.