Privacy Policy for Haven Terrace

1. Introduction

At Haven Terrace, accessible via haventerrace.com, we are committed to protecting the privacy, security, and personal data of all website visitors, customers, partners, and users of our services. We respect your right to privacy and take the processing and safeguarding of personal information seriously. This Privacy Policy outlines how we collect, use, share, and protect your data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all personal data collected and processed by Haven Terrace through our website, products, and associated services. For the purpose of the GDPR, Haven Terrace is the “Data Controller” in respect of your personal data—that is, we are responsible for determining the purposes and means of its processing.

By using haventerrace.com or interacting with our services, you acknowledge that you have read and understood this policy.

3. Categories of Data Processed

We collect and process different types of personal data to operate our business efficiently and enhance your experience. These categories include:

– Usage Data: Includes information about how you use our website, such as IP address, browser type and version, geographic location, referring URLs, session duration, and behavior patterns.
– Account Data: Information provided during account registration or communication, including your name, address, email address, phone number, and login credentials.
– Profile Data: Preferences, purchase history, saved items, customizations, and behavioral data collected through interaction with our services.
– Communication Data: Records of communications such as feedback, queries, complaints, or correspondence via email or website forms.
– Technical Data: Device type, operating system, browser settings, language preferences, time zones, and diagnostic technical information collected automatically.
– Transaction Data: Details of product purchases, order history, billing address, delivery address, and payment confirmations (note: we do not store complete payment card details).
– Preference Data: Marketing preferences, opt-in/opt-out choices, interests, and survey responses.

4. Legal Bases for Processing

We process your personal data pursuant to the following lawful bases, as defined by the GDPR:

– Consent: When you opt in for marketing communications or consent to non-essential cookies.
– Contractual Necessity: Where we need the data to fulfill a contract with you (e.g., to process payments or ship products).
– Legal Obligation: When data processing is necessary for compliance with a legal obligation.
– Legitimate Interest: For purposes such as site analytics, fraud prevention, internal administration, and service improvement, provided it does not override your data protection rights.

5. Your Rights

Subject to applicable laws and verification of identity, you may exercise the following rights:

– Right of Access: Obtain confirmation of whether we hold your personal data, and access a copy of it.
– Right to Rectification: Request corrections to any inaccurate or incomplete data we hold about you.
– Right to Erasure: Request deletion of your personal data, subject to legal and contractual restrictions.
– Right to Restrict Processing: Restrict the processing of your data under certain conditions.
– Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format and transmit it to another controller.
– Right to Object: Object to the processing of personal data where processing is based on legitimate interests or for direct marketing.
– Right Not to Be Subject to Automated Decision-Making: We do not engage in fully automated decision-making affecting you.

To exercise any of the above rights, please contact us at [email protected].

6. Security Measures

We employ appropriate technical and organizational safeguards to ensure the confidentiality, integrity, and security of your personal data, including:

– SSL encryption for data transmission
– Access controls and authentication
– Data minimization and regular purging
– Encrypted backups and secure storage
– Staff training on data protection practices

While no security protocol is infallible, we implement industry-standard practices to prevent unauthorized access, alteration, disclosure, or destruction.

7. International Transfers

Your personal data may be transferred to, and processed in, countries outside of your jurisdiction. In such cases, we ensure that adequate safeguards are in place pursuant to GDPR Articles 45–49, including:

– Standard Contractual Clauses (SCCs) approved by the European Commission
– Binding corporate rules where applicable
– Transfers to countries deemed to provide adequate data protection by the European Commission

8. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected, including fulfilling legal, accounting, and reporting obligations. Typical retention timeframes include:

– Account and Profile Data: Retained for the life of the user account and up to seven years thereafter for audit purposes
– Transaction Data: Retained for up to seven years to comply with legal and tax obligations
– Communication Data: Retained up to five years or as required for resolving disputes
– Marketing Data: Retained until the user opts out or withdraws consent

Anonymized analytical data may be retained indefinitely.

9. Cookie Policy

haventerrace.com uses cookies and similar technologies to enhance user experience and collect analytics. Categories of cookies include:

– Essential Cookies: Required for core site functionality and security (e.g., login sessions).
– Functional Cookies: Remember user preferences and settings to enhance usability.
– Analytics Cookies: Collect anonymous data on website usage for performance measurement and optimization.
– Performance Cookies: Monitor website performance to improve stability and user responsiveness.

10. Cookie Management and Compliance with GDPR & CCPA

Upon visiting our website for the first time, users in applicable regions are presented with a cookie consent banner in compliance with GDPR and CCPA standards. You may manage cookie preferences via:

– Our dedicated Cookie Settings tool accessible from the site footer
– Your browser’s cookie settings and privacy controls
– Contacting us at [email protected] for assistance

For CCPA-covered residents, you may also exercise your right to opt out of the sale or sharing of personal data through the “Do Not Sell or Share My Personal Information” link on our website.

11. Special Protections for Children Under 13

We do not knowingly collect, solicit, or process personal data from children under the age of 13. If we become aware that such data has been unknowingly collected, it will be promptly deleted. Parents or legal guardians who believe that their child has provided personal data should contact us at [email protected].

12. Policy Updates and User Notifications

We reserve the right to update this Privacy Policy to reflect changes in our operations, legal obligations, or user feedback. Changes to this policy will be communicated through our website. We encourage you to periodically review this Privacy Policy to stay informed of how we protect your data.

13. Contact

For privacy-related inquiries, data access requests, or to exercise your rights under data protection laws, please contact:

Email: [email protected]

We are committed to addressing your concerns promptly and transparently. If you are dissatisfied with our response, you also have the right to lodge a complaint with your local data protection authority.

This Privacy Policy reflects our ongoing commitment to protecting your privacy, complying with global data protection standards, and building trust with our valued users. You may contact us at any time at [email protected] with any questions, concerns, or requests relating to your personal data.