Privacy Policy
Heidestrasse.com (“we,” “us,” “our,” or the “Company”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines the types of personal data we collect, how we process it, and your rights in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
Your privacy is of paramount importance to us. We are dedicated to handling your personal data with the utmost care, transparency, and in full compliance with applicable laws. We implement robust safeguards to protect your data and process it only for lawful, clearly defined purposes.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all data collected through our website, heidestrasse.com, and our related services. For purposes of data protection laws, the data controller is Heidestrasse, reachable via email at [email protected]. We determine the purposes and means of processing personal data collected via our website.
3. Categories of Data Processed
We may collect and process the following categories of personal data:
a) Usage Data
Includes information about how you interact with our website such as IP address, browser type, operating system, referring URLs, session duration, page views, clickstream data, and geolocation (where statute permits).
b) Account Data
Collected when you create an account, including your full name, physical address, email address, and phone number.
c) Profile Data
Includes your preferences, language settings, product interests, purchase history, and behavioral data relating to your interactions with our services.
d) Communication Data
Covers any information you provide when you contact us, including emails, messages sent via our support form, and any related communication records.
e) Technical Data
Encompasses device information such as hardware model, operating system version, browser software, mobile network information, and system configuration.
f) Transaction Data
Includes billing and delivery information, payment card details (processed securely through authorized processors), order history, and transaction records.
g) Preference Data
Pertains to your marketing preferences, consents for receiving communications, product interests, and other personal selections.
4. Legal Bases for Processing
We process your data under one or more of the following legal bases, as permitted under the GDPR and CCPA:
– Performance of a Contract: When processing is necessary to provide services or deliver products you requested.
– Legitimate Interests: To operate and improve our website, monitor usage, conduct analytics, and prevent fraud, provided such interests are not overridden by your rights.
– Consent: Where we seek your explicit permission for specific processing activities, such as subscribing to our newsletter or placing non-essential cookies.
– Legal Obligation: Where processing is required to comply with legal and regulatory requirements.
5. Your Rights
Subject to applicable laws and the jurisdiction in which you are located, you have the following rights:
– Right of Access: You can request to view the personal data we hold about you.
– Right to Rectification: You may ask us to correct inaccuracies or update incomplete data.
– Right to Erasure (Right to be Forgotten): Under certain conditions, you can request deletion of your personal data.
– Right to Restriction: You can limit our processing of your data in specified circumstances.
– Right to Data Portability: You have the right to receive your data in a structured, machine-readable format and transmit it to another controller.
– Right to Object: You may object to certain processing activities, including direct marketing.
– Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of the above rights, please contact us at [email protected].
6. Security Measures
We use a variety of technical and organizational measures to ensure the confidentiality, integrity, and availability of your personal data, including:
– Encryption of data in transit and at rest.
– Secure access controls, authentication, and authorization protocols.
– Continuous system monitoring, security updates, and scheduled vulnerability scans.
– Regular employee training in data protection principles and secure data handling.
– Scheduled data backups and recovery procedures to ensure business continuity.
7. International Data Transfers
When personal data is transferred outside of the European Economic Area (EEA), we ensure adequate protection through mechanisms such as Standard Contractual Clauses approved by the European Commission or by complying with equivalent regional frameworks as required. Transfers are made only where necessary for providing our services or for other lawful purposes.
8. Data Retention
We retain personal data for no longer than is necessary for the purposes for which it was collected and in accordance with legal, accounting, or regulatory obligations. Typically:
– Account Data is retained for as long as your account remains active and up to five years after closure.
– Transaction and payment data is retained for up to seven years for compliance with financial and tax laws.
– Communications and support records are retained for up to two years from the last contact.
– Preference and profile data is only retained as long as you are engaged with our services or until you withdraw consent.
– Technical and usage data is anonymized or deleted after twelve months unless needed for security or operational purposes.
9. Cookie Policy
We use cookies and similar technologies to enhance your experience on heidestrasse.com. The categories of cookies used are:
– Essential Cookies: Necessary for website functionality and enabling core features such as page navigation and access to secure areas. These cannot be disabled.
– Functional Cookies: Remember user preferences and choices to enhance usability.
– Analytics Cookies: Collect statistical data about how users interact with our site to help us improve service performance and usability.
– Performance Cookies: Help us measure and optimize site features, responsiveness, and stability.
10. Cookie Management and Compliance
You may manage your cookie preferences at any time using the cookie banner presented upon your first visit or by adjusting your browser settings. We honor Do Not Track signals in accordance with the CCPA. For GDPR compliance, we request explicit consent for non-essential cookies and maintain records of such consent.
11. Protection of Children’s Privacy
We do not knowingly collect or process personal data from children under the age of 13. If you believe a child has provided us with personal data without appropriate parental consent, please contact us at [email protected], and we will promptly delete such data.
12. Policy Updates
We may update this Privacy Policy to reflect changes in our practices, legal obligations, or technical advancements. If material changes are made, we will notify users through our website or by email (if appropriate) to ensure you remain informed.
13. Contact Information
For privacy-related questions, data access requests, or to exercise your rights under applicable data protection laws, please contact us at:
Email: [email protected]
We are committed to protecting your data and respecting your privacy preferences. If you have concerns about your personal data at any time, we encourage you to reach out with your inquiries. We take all matters related to privacy seriously and strive to remain in full compliance with GDPR, CCPA, and other relevant regulations.