Privacy Policy for Cottage Willow

1. Introduction

At Cottage Willow, accessible via cottagewillow.com, we deeply value your privacy and are fully committed to respecting and protecting your personal data. This Privacy Policy outlines our practices in collecting, processing, storing, and safeguarding your personal information in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We prioritize transparency, accountability, and a privacy-first approach at every stage of your interaction with our services.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all personal data collected through cottagewillow.com and related services, whether you are browsing our site, placing an order, or interacting with our customer support team.

Cottage Willow is the data controller responsible for determining the purposes and means of processing your personal data. If you have any questions regarding this policy or our data practices, you may contact us at [email protected].

3. Categories of Data Processed

We process various categories of personal data depending on your interactions with our website and services, which may include:

A. Usage Data
Information such as browser type, IP address, time zone settings, pages visited, session duration, and other analytical data that helps us understand how users engage with cottagewillow.com.

B. Account Data
Identifiers such as your full name, billing and shipping address, email address, phone number, and account login credentials when you create or manage an account on our site.

C. Profile Data
Details related to your preferences, historical activity with our site, purchase history, wish lists, and behavioral trends used to tailor your experience.

D. Communication Data
Records of your interactions with us including customer support inquiries, email correspondence, and other messages sent to our team.

E. Technical Data
Device type, operating system, system configuration settings, screen resolution, language settings, and other technical identifiers captured through cookies or system logs.

F. Transaction Data
Payment information (processed securely via third-party processors), order details, delivery address, order date, and tracking data.

G. Preference Data
Settings and choices regarding marketing communications, notification preferences, newsletter subscriptions, and information on product categories of interest.

4. Legal Bases for Processing

We process personal data based on several lawful grounds under the GDPR and CCPA, including:

– Consent: When you have expressly granted us permission (e.g., subscribing to our newsletter).
– Contractual Necessity: To fulfill orders and perform obligations under a contract with you.
– Legitimate Interests: To improve user experience, prevent fraud, and market our products, provided such interests do not override your rights.
– Legal Obligation: To comply with applicable laws and regulatory requirements.

5. Your Rights

Under GDPR and applicable data protection laws, you may have the following rights:

– Right of Access: Obtain information about how your data is processed and access to your personal data.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure: Request deletion of your personal data under certain conditions.
– Right to Restriction: Restrict the processing of your data in specific circumstances.
– Right to Data Portability: Receive your personal data in a structured, commonly used format and/or transmit that data to another controller.

If you wish to exercise any of your rights, please contact us at [email protected].

6. Security Measures

We utilize robust technical and organizational measures to protect your personal data, including but not limited to:

– Encryption of sensitive information
– Secure server infrastructure and firewalls
– Role-based access control mechanisms
– Regular security audits and vulnerability assessments
– Data backups and disaster recovery protocols
– Employee training on data protection obligations

7. International Transfers

If personal data is transferred or accessed across borders, we implement suitable safeguards in compliance with GDPR and other relevant legislation. This includes the use of standard contractual clauses approved by the European Commission and appropriate contractual arrangements with our service providers outside the European Economic Area (EEA).

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy. Retention periods vary by data type:

– Usage and Technical Data: Up to 26 months for analytics and traffic analysis
– Account and Profile Data: For as long as your account is active or up to 7 years after last activity
– Transaction Data: 7 years for accounting and record-keeping
– Communication and Preference Data: Retained for 3 years following last contact unless otherwise required by legal obligations

When data is no longer needed, it is securely deleted or anonymized.

9. Cookie Policy

We use cookies to enhance your experience on cottagewillow.com, including:

– Essential Cookies: Required for basic site functionality (e.g., shopping cart, login)
– Functional Cookies: Improve usability and remember your preferences
– Analytics Cookies: Collect aggregated usage data to help us enhance performance
– Performance Cookies: Monitor site response rates and diagnostic toolsets

Detailed descriptions of individual cookies we place can be found on our Cookie Settings page.

10. Cookie Management and Compliance with GDPR & CCPA

Users are informed about cookies upon visiting our website and may manage consent preferences through our cookie banner or settings panel. Under GDPR and CCPA, you may:

– Opt-out of non-essential cookies at any time
– Request access to information collected via cookies
– Require deletion of cookie-derived data associated with identifiable information

You can also manage cookies directly through your browser settings, though blocking some cookies may impair site functionality.

11. Special Protections for Children

Cottage Willow does not knowingly collect or solicit personal information from children under the age of 13. If we become aware that we have collected data from a minor without verifiable parental consent, we will take prompt steps to delete such information. Parents or guardians who believe we might have any such data may contact us at [email protected].

12. Policy Updates & User Notifications

We may revise this Privacy Policy from time to time, in line with legal or operational requirements. Any material changes will be communicated via prominent notices on cottagewillow.com or directly to your account-associated email. We encourage periodic review to stay informed about our data practices.

13. Contact

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our Data Protection Officer via:

Email: [email protected]

We are committed to full compliance with all applicable data protection laws and to handling your personal information with the utmost integrity. For any privacy-related inquiries, do not hesitate to reach out to us.