Privacy Policy for Rifthearth.com
1. Introduction
At Rifthearth (“we”, “our”, or “us”), accessible via rifthearth.com, we are fully committed to upholding the highest standards of privacy and personal data protection. We recognize and respect your right to privacy and are dedicated to safeguarding the personal data you entrust to us. This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal data in accordance with all applicable privacy regulations, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to your interaction with rifthearth.com through any web browser, mobile device, or other means of access. Rifthearth is the data controller responsible for the processing of your personal data under applicable data protection laws. For residents of the European Economic Area (EEA), Rifthearth determines the purposes and means of processing your personal data and ensures compliance with the GDPR. For California residents, we act in accordance with the CCPA and its requirements for how we collect and manage personal information.
3. Categories of Data We Process
We may collect and process the following categories of personal data:
– Usage Data: Includes data on how you interact with our website, such as IP address, browser type and version, operating system, referral source, pages visited, and session time.
– Account Data: Includes personal identifiers such as full name, mailing address, email address, and phone number used to create or modify an account on rifthearth.com.
– Profile Data: Includes information related to your preferences, purchases, browsing behavior, interests, and user settings.
– Communication Data: Includes records of any correspondence you initiate with us, including support inquiries, feedback, and historical customer service interactions.
– Technical Data: Includes information from the devices you use to access our site, such as device type, hardware model, unique device identifiers, system settings, and crash logs.
– Transaction Data: Encompasses details of products or services you purchase from us, including payment card information (processed securely through third-party payment processors), billing address, delivery address, and order history.
– Preference Data: Includes records of your expressed preferences, such as marketing communication consents, cookie selections, and product interest settings.
4. Legal Bases for Data Processing
We process your personal data on the following legal bases, depending on the type of data and the specific context in which it is collected:
– Consent: We rely on your freely given, specific, informed, and unambiguous consent for certain processing activities, such as sending you marketing communications or placing non-essential cookies.
– Contractual Necessity: We process your data when it is necessary for the performance of a contract with you, such as processing purchases or delivering products.
– Legitimate Interests: We process your data where it is necessary for the purposes of our legitimate interests, such as improving our website, preventing fraud, maintaining security, or analyzing user behavior—provided that such interests are not overridden by your rights and freedoms.
– Legal Obligation: In some cases, we are legally obligated to process your data, for example, to comply with tax or financial regulations.
5. Your Rights
If you are a resident of the EEA or California, you have the following rights under applicable data protection laws:
– Right to Access: You have the right to request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You can request the deletion of your personal data, subject to certain exceptions.
– Right to Restriction: You have the right to request the restriction of the processing of your data under specific conditions.
– Right to Data Portability: You are entitled to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller where feasible.
– Right to Object: You can object to the processing of your personal data where we rely on legitimate interests or use your data for direct marketing purposes.
To exercise these rights, please contact us at [email protected].
6. Security Measures
We implement industry-standard physical, technical, and organizational security measures to protect your data:
– Data Encryption: All sensitive data transmitted between you and our servers is encrypted using Secure Socket Layer (SSL) technology.
– Access Controls: We limit access to personal data to authorized personnel who require it to fulfill their job responsibilities.
– Secure Backups: Routine backups are conducted to ensure data integrity and availability in the event of a system failure.
– Staff Training: Our staff receive regular training on privacy practices and obligations.
Despite our rigorous efforts to protect your personal data, no transmission method over the internet or electronic storage is entirely secure. We encourage you to also take appropriate protective measures.
7. International Data Transfers
Your personal data may be processed outside of your country of residence, including countries that may not offer the same level of data protection laws. When transferring data internationally, we ensure appropriate legal safeguards are in place, including:
– Standard Contractual Clauses approved by the European Commission;
– Verification that recipients are certified under recognized frameworks (e.g., EU-US Data Privacy Framework);
– Implementation of additional safeguards where necessary.
8. Data Retention
We retain your personal data no longer than is necessary for the purposes for which it was collected, unless a longer retention period is required or permitted by law. Retention periods by data category include:
– Usage Data: 12 months for analytical accuracy;
– Account & Profile Data: Retained while your account remains active and for a period of 24 months after deactivation;
– Communication Data: 3 years or as required by applicable consumer protection laws;
– Transaction Data: 7 years to comply with tax and accounting obligations;
– Technical and Preference Data: 12 months or until you withdraw your consent (for preference-based storage).
After the retention period, data will be securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance your user experience, analyze performance, and provide personalized content. Cookies we use include:
– Essential Cookies: Necessary for the basic functioning of rifthearth.com (e.g., session management, navigation).
– Functional Cookies: Help to remember your choices, such as language or region.
– Analytics Cookies: Collect statistical data on site usage to help us improve functionality (e.g., Google Analytics).
– Performance Cookies: Monitor performance and detect technical issues.
We do not use cookies to collect sensitive personal data without your explicit consent.
10. Cookie Management and User Control
You can manage your cookie preferences at any time via the cookie consent banner on rifthearth.com. Most web browsers also allow you to delete or block cookies through browser settings. For GDPR compliance, we only place non-essential cookies after receiving your explicit consent. For CCPA compliance, California users can opt out of the “sale” or sharing of personal information via designated mechanisms on our website.
11. Children’s Privacy
Rifthearth.com is not intended for use by children under the age of 13. We do not knowingly collect personal information from individuals under 13 without verifiable parental consent. If we learn that we have collected personal data from a child without such consent, we will take appropriate steps to promptly delete the information.
12. Changes to This Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices or legal obligations. In the event of material changes, we will notify users via prominent notices on rifthearth.com and revise the policy accordingly. We encourage you to review this policy periodically to remain informed.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, you may contact us at:
Email: [email protected]
We are committed to maintaining our compliance with global data protection laws and ensuring transparency in our privacy practices. For all privacy matters, please feel free to reach out to us.