Privacy Policy
At Hendre Hall (hendrehall.com), your privacy and the security of your personal data are of the utmost importance to us. We are committed to maintaining the confidentiality, integrity, and accessibility of the personal information we process, and we implement robust privacy practices and technologies to protect that information. This Privacy Policy outlines how we collect, use, disclose, and protect your personal data, in compliance with applicable law, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Introduction: Commitment to Privacy and Data Protection
We recognize your right to privacy and are committed to upholding your data protection rights. Whether you are browsing our website, making a purchase, or communicating with us, this policy describes how your personal data is handled. Our goal is to ensure full transparency about our data handling practices and to empower you with control over your personal data.
2. Scope of This Policy and Our Role as Data Controller
This Privacy Policy applies to hendrehall.com and any associated digital services through which we collect personal data. Hendre Hall acts as the data controller for purposes of GDPR and “business” under the CCPA. This means we determine the purpose and means of processing your personal information. If you have questions regarding our data practices, please contact us at [email protected].
3. Categories of Personal Data We Process
We only collect and process personal data necessary for our business operations, and we categorize this information as follows:
a. Usage Data:
– Includes information such as IP address, browser type and version, pages visited, time and date of visits, referring URLs, and duration of visits.
b. Account Data:
– Includes identifiers such as your full name, billing or physical address, telephone number, and email address provided during registration or checkout.
c. Profile Data:
– Includes your preferences, past purchases, browsing behavior, user settings, and any personalization applied to your use of our services.
d. Communication Data:
– Includes correspondence sent through our contact forms, support interactions, emails, and other communications you initiate with us.
e. Technical Data:
– Includes information about the device you use to access our services, such as hardware model, operating system and version, browser type, settings, and other technical identifiers.
f. Transaction Data:
– Includes purchase history, payment details (excluding full card information), delivery tracking, and billing records.
g. Preference Data:
– Includes marketing consents, email and communication preferences, and data collected from opt-in features or surveys regarding product interests.
4. Legal Bases for Processing Personal Data
We process personal data according to the legal bases established in GDPR and CCPA guidelines, including:
– Consent: When you have given express permission for us to process your data (e.g., for marketing purposes).
– Contractual Necessity: When data processing is required to fulfill a contract with you (e.g., order fulfillment).
– Legitimate Interests: When processing is necessary for our legitimate business interests, provided your rights and interests do not override these.
– Legal Obligation: When we are required to comply with applicable laws (e.g., tax records, fraud prevention).
5. Your Data Protection Rights
Under applicable laws, you have the right to:
– Access: Request a copy of your personal data that we hold.
– Rectification: Request correction of inaccurate or incomplete data.
– Erasure: Request deletion of your personal information under certain conditions.
– Restriction: Request restriction of processing your data.
– Portability: Request a structured, machine-readable copy of your data.
– Objection: Object to processing based on legitimate interests, especially for marketing purposes.
– Withdrawal of Consent: Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of your rights, please contact us at [email protected].
6. Security Measures
We implement industry-standard security measures to safeguard your data, including but not limited to:
– Encryption of data in transit and at rest.
– Role-based access controls and multi-factor authentication for internal systems.
– Regular system backups and vulnerability assessments.
– Employee training and confidentiality obligations.
– Ongoing monitoring of threats to information integrity.
7. International Data Transfers
If we transfer your personal data outside of your jurisdiction (including transfers outside the European Economic Area), such transfers are subject to adequate safeguards as mandated by GDPR, such as Standard Contractual Clauses and supplementary technical measures. We ensure that your data is treated in a manner consistent with this Privacy Policy and applicable legal protections.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy and to comply with legal obligations. Specific retention periods include:
– Usage Data: up to 26 months for analytics.
– Account and Transaction Data: 7 years for accounting and compliance purposes.
– Communication Data: 3 years from the last contact.
– Preference Data: retained until consent is withdrawn or user amends settings.
Once data is no longer required, it is securely deleted or anonymized.
9. Cookie Policy
We use cookies and similar technologies to enhance your experience on hendrehall.com. Cookies are categorized as follows:
– Essential Cookies: Required for the operation of our site.
– Functional Cookies: Enable personalization and enhanced functionality.
– Analytics Cookies: Help us understand visitor behavior and improve performance.
– Performance Cookies: Assist in load balancing, page speed optimization, and error reporting.
10. Cookie Management and Compliance
In compliance with GDPR and CCPA, visitors are presented with clear options to accept or reject non-essential cookies. You may also adjust cookie settings at any time through browser controls or by using the cookie preferences panel on our website.
Browser Do Not Track signals are honored where supported. California residents may opt out of “sale” of personal information through a clear and accessible link, as required under CCPA.
11. Special Protections for Children
Our website is not directed at individuals under the age of 13. We do not knowingly collect personal data from children without verifiable parental consent. If we become aware that we have collected data from a child under 13 without proper consent, we will take necessary steps to delete such information.
12. Updates to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. You are encouraged to check this page periodically. Where material changes occur, we may notify you by email or via our website.
13. Contact Us
If you have any questions, concerns, or wish to exercise your rights under this Privacy Policy, please reach out to us at:
—
We are dedicated to safeguarding your personal information and maintaining full compliance with GDPR, CCPA, and other applicable privacy frameworks. Your trust is important to us, and we welcome your questions or concerns regarding your data or privacy at any time.