Privacy Policy
1. Introduction
At Garden Hug, accessible at gardenhug.com, we are firmly committed to protecting and respecting your privacy. Your trust is fundamental to us, and we take our obligations seriously when it comes to handling your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with applicable data protection legislation, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant laws. Our approach is grounded in transparency, accountability, and a privacy-first philosophy.
2. Scope of the Policy and Role of Data Controller
This Privacy Policy applies to all information collected through our website gardenhug.com (the “Site”), including any interactions, services, communications, and transactions. Garden Hug acts as the data controller responsible for determining the purposes and means of processing your personal data. Should you have any privacy concerns or inquiries, you may reach us at [email protected].
3. Categories of Data Processed
We may process the following categories of personal data:
a. Usage Data
This includes information about your interactions with our website and services, such as IP address, browser type and version, time zone settings, pages visited, referring URLs, and session data.
b. Account Data
Details you provide when creating or maintaining an account, including your full name, address, email, and telephone number.
c. Profile Data
Information relating to your preferences, product interests, previous purchases, shopping behavior, and account settings.
d. Communication Data
Records of your communications with us, such as messages sent through contact forms, customer support inquiries, and any correspondence history.
e. Technical Data
Device-specific data such as hardware model, operating system, browser version, screen resolution, and system configurations.
f. Transaction Data
Details about financial interactions with us, including billing information, payment card details (processed securely through third-party providers), shipping addresses, and order history.
g. Preference Data
Your stated or inferred preferences, including marketing consent status and product category interests.
4. Legal Bases for Processing
We process personal data based on lawful grounds as required under GDPR and CCPA, including:
– Contractual Necessity: Processing required to create or manage your account or fulfill an order.
– Legitimate Interests: Processing for business intelligence, website functionality, fraud prevention, and service improvement.
– Legal Obligation: Disclosure or retention of data to comply with legal requirements.
– Consent: Where you have explicitly agreed to data collection and marketing use, which can be revoked at any time.
5. Your Data Protection Rights
Subject to applicable laws, you have the following rights concerning your personal information:
– Right of Access: Obtain confirmation whether we process your data and request a copy.
– Right to Rectification: Correct inaccuracies in your data.
– Right to Erasure: Request deletion of your data under certain conditions.
– Right to Restrict Processing: Limit how we use your data in specific circumstances.
– Right to Data Portability: Receive your data in a structured, machine-readable format and transmit it to another controller.
California residents further have the right to:
– Know what personal data is collected, used, shared, or sold;
– Opt out of the sale of personal data;
– Not be discriminated against for exercising CCPA rights.
To exercise these rights, contact us at [email protected].
6. Security Measures
We employ robust safeguards to maintain the security and integrity of your personal data, including:
– Encryption of data in transit and at rest
– Secure authentication protocols and access control systems
– Regular security audits and technical reviews
– Routine backups and incident response procedures
– Staff training and confidentiality obligations
7. International Transfers
Where personal data is transferred outside of the European Economic Area or other governed jurisdictions, we implement appropriate safeguards such as:
– Standard Contractual Clauses approved by the European Commission
– Transfers to jurisdictions deemed to provide adequate protection
– Privacy Shield or equivalent certifications, where applicable
We monitor compliance obligations regularly to ensure data remains protected no matter where it is processed.
8. Data Retention
We retain personal data for no longer than necessary to fulfill the purposes for which it was collected, including legal, regulatory, and business obligations. Retention periods include but are not limited to:
– Account and Transaction Data: 6 years after final interaction
– Communication and Support Records: up to 5 years
– Technical and Usage Data: up to 2 years for analytics purposes
– Preference Data (marketing consents): maintained until opt-out or withdrawal of consent
9. Cookie Policy
Our Site uses cookies and similar tracking technologies to enhance functionality and understand user interaction. These include:
– Essential Cookies: Required for basic navigation, login, and order placement.
– Functional Cookies: Enhance user experience by remembering preferences.
– Analytics Cookies: Enable measurement and analysis of site traffic and usage patterns.
– Performance Cookies: Assist in optimizing website speed and responsiveness.
10. Cookie Management and Compliance
Visitors to gardenhug.com are presented with customizable cookie consent options upon arrival in accordance with GDPR and CCPA requirements. You may manage or withdraw your consent at any time via the cookie settings panel in your browser or by adjusting preferences through our dedicated consent manager. California users can exercise their right to opt-out of the sale of personal information by contacting us directly or using the “Do Not Sell My Personal Information” link if available.
11. Children’s Privacy
Garden Hug does not knowingly collect or solicit personal information from children under the age of 13. If you believe that a child under 13 has provided us with their information, please contact our team at [email protected], and we will take appropriate action to delete such data.
12. Policy Updates
We reserve the right to update or amend this Privacy Policy from time to time to reflect changes in legal requirements, operations, or our service offering. In the event of material changes, we will notify users by appropriate means such as website banners or direct communication, as required by applicable law. We recommend checking this policy periodically to stay informed.
13. Contact
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact our Data Protection Officer at:
Email: [email protected]
—
Garden Hug is dedicated to full compliance with applicable data protection laws and is committed to safeguarding your privacy. For any further information or concerns about how your data is used, please do not hesitate to reach out.