Privacy Policy
At Mad Hatter’s Teahouse (referred to as “we,” “our,” or “us”), accessible at madhattersteahouse.com, we are committed to safeguarding the privacy and personal data of our users. This Privacy Policy outlines how we collect, use, store, and share your personal information in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We believe in transparency, respect for individual rights, and processing data securely and lawfully at all times.
1. Scope of This Policy and Controller Responsibility
This Privacy Policy applies to all personal data collected through our website, madhattersteahouse.com, and any other interactions you may have with us, either online or offline. We act as the Data Controller for the personal data we collect, determine the purposes for which the data is processed, and are responsible for its protection. For any questions about how your data is handled, please contact us at [email protected].
2. Categories of Personal Data We Collect
We may collect and process the following categories of personal data:
Usage Data
Includes information about how you interact with our website, such as IP address, browser type, geolocation data, referring/exit pages, time stamps, session duration, pages viewed, and clickstream data.
Account Data
Includes personal identification information such as name, billing/shipping addresses, email address, and telephone number provided when creating an account, placing an order, or subscribing to services.
Profile Data
Includes information derived from your interactions with our site and services, such as products you view or purchase, preferences, feedback, and survey responses.
Communication Data
Includes messages, queries, support requests, email correspondence, and customer service interactions.
Technical Data
Includes device-level data such as device identifiers, operating system and platform, screen resolution, system configurations, and language settings.
Transaction Data
Includes purchase history, payment method details (handled via secure third-party processors), shipping addresses, and purchase confirmation details.
Preference Data
Includes consents related to receiving promotional communications, your interests in specific products or services, and cookie consent preferences.
3. Legal Bases for Processing Personal Data
We process personal data under the following lawful bases, as required by GDPR:
– Performance of a Contract: To provide services you request, such as fulfilling product orders or account creation.
– Consent: For specific purposes, such as sending marketing communications or placing non-essential cookies (where required).
– Legitimate Interests: For purposes such as fraud prevention, enhancing user experience, analytics, and securing our services.
– Legal Obligation: Where necessary to comply with legal or regulatory requirements.
4. Your Data Protection Rights
You have the right to exercise the rights afforded by applicable privacy legislation, including:
– Access: You may request confirmation of the personal data we hold about you and obtain a copy thereof.
– Rectification: You may request correction of inaccurate or incomplete data.
– Erasure (“Right to be Forgotten”): You may request deletion of your personal data, subject to certain limitations.
– Restriction: You may request restriction of processing under specific conditions.
– Portability: You may request to receive certain data in a commonly used, machine-readable format or to have it transferred to another controller.
To exercise these rights, kindly contact us at [email protected]. We will respond in accordance with applicable laws and within legally prescribed timeframes.
5. Data Security Measures
We implement administrative, technical, and physical safeguards to protect personal data against loss, theft, unauthorized access, alteration, and destruction. These include:
– SSL/TLS encryption for website connections.
– Restricted access to personal data on a need-to-know basis.
– Regular system and access log monitoring.
– Routine data backups and disaster recovery contingencies.
– Employee training on data protection and security procedures.
6. International Data Transfers
Where we transfer personal data outside the European Economic Area (EEA), such transfers are conducted in compliance with applicable data protection laws. We rely on:
– Standard Contractual Clauses (SCCs) approved by the European Commission
– Adequacy decisions by the European Commission, or
– Other appropriate safeguards under Article 46 of the GDPR
We ensure that equivalent legal protections are afforded to your data even when processed outside your jurisdiction.
7. Data Retention Policy
We retain personal data only as long as necessary for the purposes for which it was collected, including:
– Account and Transaction Data: Retained for 7 years for legal and accounting requirements.
– Communication and Support Data: Retained for 3 years after the last contact.
– Marketing and Preference Data: Retained for 2 years from the last activity or until withdrawal of consent.
– Technical and Usage Data: Retained for 18 months to support analysis and improvements.
Data may be retained longer where required by law or to defend against legal claims.
8. Use of Cookies and Similar Technologies
We employ cookies and similar technologies to enhance your browsing experience on madhattersteahouse.com. These cookies may include:
– Essential Cookies: Necessary for website functionality, such as account login and shopping cart features.
– Functional Cookies: Used to remember your preferences (e.g., location, language).
– Analytics Cookies: Help us understand how users interact with our site to improve performance, using tools such as Google Analytics.
– Performance Cookies: Optimizing load times, responsiveness, and error tracking.
9. Cookie Management and Your Rights
Under GDPR and CCPA, you have the right to control non-essential cookies:
– Opt-In Consent: We obtain opt-in consent for setting non-essential cookies from EU users.
– Cookie Preferences Banner: Visitors can set or refuse cookie preferences upon arrival and modify them at any time via our Cookie Settings tool.
– “Do Not Sell My Personal Information”: Under CCPA, California residents may opt out of the sale or sharing of personal data by contacting us or using applicable tools on our site.
– Browser Control: Most web browsers allow cookie blocking or deletion through settings.
Note: Essential cookies cannot be disabled without harming website functionality.
10. Children’s Privacy
madhattersteahouse.com is not intended for children under the age of 13. We do not knowingly collect, use, or disclose data of anyone under this age. If we become aware that personal data from someone under 13 has been collected, we will delete such data promptly. If you believe a child under your supervision has provided personal data to us, please contact us immediately at [email protected].
11. Updates to This Privacy Policy
We may amend this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. Notice of significant changes will be provided through this website or other appropriate communication channels. Continued use of madhattersteahouse.com constitutes acknowledgment and acceptance of the latest version of this policy.
12. Contacting Us
If you have any questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us at:
Email: [email protected]
Website: https://madhattersteahouse.com
We are fully committed to maintaining privacy and supporting your rights under applicable data protection laws. Please contact us should you wish to exercise your rights or lodge a privacy concern.
By using madhattersteahouse.com, you acknowledge that you have read and understood this Privacy Policy.