Privacy Policy
Hatch Cozy (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information when you visit our website, hatchcozy.com. It also explains your rights and how you are protected under applicable data privacy laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).
1. Introduction
At Hatch Cozy, your privacy is of fundamental importance. We recognize our responsibility to treat your personal data with care and transparency. This Privacy Policy serves to inform you of how we handle your information, your data protection rights, and how you can exercise them.
2. Scope of Policy and Data Controller Role
This Privacy Policy applies to all visitors, users, and customers of the website hatchcozy.com. Hatch Cozy acts as the data controller concerning the personal data we collect via our website and associated services. In this role, we determine the purposes and means of processing your personal data.
3. Categories of Data Processed
We may collect and process the following types of personal data:
a. Usage Data
Includes information such as IP address, browser type, referring URL, pages visited, access times, and user interaction metrics gathered automatically through cookies, log files, and analytic tools.
b. Account Data
Includes identifiers such as your full name, billing and shipping addresses, email address, and phone number, provided when you create an account or make a purchase.
c. Profile Data
Includes your product preferences, purchase history, and behavioral data such as page views and links clicked to better understand your interests.
d. Communication Data
Includes the content of emails and messages you send to us, including support inquiries, contact form submissions, and response correspondence.
e. Technical Data
Includes device information, operating system version, browser type, and system configuration collected via cookies or device-based tracking mechanisms.
f. Transaction Data
Includes records of purchases, payment methods, delivery status, and related financial data processed through our third-party payment providers.
g. Preference Data
Includes marketing preferences, newsletter signups, opt-in choices, and product interest information collected via forms or behavioral analysis.
4. Legal Bases for Processing
We process your personal data based on one or more of the following lawful bases as defined under the GDPR:
– Consent: Where you have explicitly agreed to the processing.
– Contractual Necessity: Where processing is necessary to perform a contract with you (e.g., delivering purchased products).
– Legal Obligation: Where processing is necessary for compliance with a legal obligation.
– Legitimate Interests: Where processing supports our legitimate interests, provided these do not override your rights and freedoms (e.g., improving our website or preventing fraud).
Under the CCPA, we do not “sell” personal data as defined in the Act.
5. Your Rights
Depending on your jurisdiction, you may have the following rights under the GDPR or CCPA:
– Right of Access: You can request to know what personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You can request that we delete your personal data when no longer necessary.
– Right to Restrict Processing: You may limit how we use your personal data in certain circumstances.
– Right to Data Portability: You may receive your data in a structured, commonly used format.
– Right to Opt-Out: California residents may request that we do not share or disclose their data for non-essential purposes.
– Right Not to Be Subject to Discrimination: You retain full access to services even if you exercise your privacy rights.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement technical and organizational safeguards designed to secure your personal data. Measures include AES-level data encryption, limited data access based on role, secure cloud-based backup systems, and recurring privacy training for staff. While no method of transmission or storage is fully secure, we strive to meet or exceed industry standards.
7. International Transfers
Your personal data may be transferred and stored outside your local jurisdiction. Where we transfer data internationally, we use appropriate safeguards such as Standard Contractual Clauses approved by the European Commission, and ensure compliance with regional transfer regulations.
8. Data Retention
We retain your personal data only as long as necessary for the purposes set out in this Policy:
– Usage and Technical Data: Retained for up to 12 months for analytics and security.
– Account and Profile Data: Retained as long as your account is active and for five years thereafter for legal and auditing purposes.
– Communication Data: Retained for three years after resolution of your inquiry.
– Transaction Data: Retained for seven years for tax, accounting, and legal compliance.
– Preference Data: Retained until you withdraw consent or the data is no longer required.
9. Cookie Policy
We use cookies and similar technologies for the following purposes:
– Essential Cookies: Necessary for site functionality, such as shopping cart support and user authentication.
– Functional Cookies: Enhance site usability by remembering preferences and stored sessions.
– Analytics Cookies: Collect aggregated data on user behavior to help us improve the site experience.
– Performance Cookies: Monitor website functionality and detect performance issues.
10. Cookie Management and Compliance
You may manage your cookie preferences via our cookie banner or through your browser settings. We comply with the GDPR’s consent requirements for non-essential cookies and provide California residents with the opportunity to opt out of data collection in line with the CCPA.
11. Special Protections for Children
Our website is not intended for children under the age of 13. We do not knowingly collect or solicit personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected], and we will take appropriate action to delete the data.
12. Policy Updates and Notifications
This Privacy Policy may be updated from time to time to reflect changes in legal or regulatory requirements or changes in our business practices. We will notify users of material changes by updating the policy on hatchcozy.com and/or contacting you by email when appropriate.
13. Contact Information
If you have any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us at:
Email: [email protected]
Website: www.hatchcozy.com
This policy is designed to ensure full compliance with the GDPR, the CCPA, and other applicable international data protection frameworks. We are committed to resolving any privacy concerns and invite you to contact us with any inquiries.