Privacy Policy for Mad Hatter’s Tea House
1. Introduction
At Mad Hatter’s Tea House (“we,” “us,” or “our”), accessible via madhattersteahouse.com, we are committed to protecting your privacy and safeguarding the personal data you entrust to us. We prioritize a privacy-first approach and ensure that the collection, use, storage, and disclosure of your personal data comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable data protection laws. This Privacy Policy outlines the principles and practices we follow to respect your privacy and protect your rights.
2. Scope of This Policy and Role of the Data Controller
This Privacy Policy governs the processing of personal data collected through our website at madhattersteahouse.com and any related services provided by us. Mad Hatter’s Tea House is the data controller for the personal data we collect and process, which means we determine the purposes and manner in which your data is used.
3. Categories of Data We Process
We collect and process various categories of personal data to provide, improve, and tailor our services.
a. Usage Data
Includes information such as your IP address, browser type, operating system, device type, date/time of visits, and pages interacted with on madhattersteahouse.com.
b. Account Data
Collected when you create an account or make a purchase, which may include your name, billing and shipping address, email address, and telephone number.
c. Profile Data
Includes preferences, past purchases, order history, account settings, and behavioral data related to your interactions with our site.
d. Communication Data
Refers to correspondence or communication you initiate, including customer support inquiries, feedback, messages, or emails sent to [email protected].
e. Technical Data
Involves technical information collected from your device, such as hardware model, operating system version, browser plug-ins, screen resolution, and settings.
f. Transaction Data
Includes payment information (processed securely via third-party providers), purchase details, delivery logistics, and order status.
g. Preference Data
Covers your expressed interests, product choices, and consent settings regarding marketing communications and newsletters.
4. Legal Bases for Processing Personal Data
We process personal data lawfully under one or more of the following legal bases:
– Contractual Necessity: To fulfill a contract with you, such as processing orders or managing your account.
– Legitimate Interest: To operate and enhance our services, prevent fraud, and maintain network security, provided such interests are not overridden by your rights.
– Consent: Where we rely on your explicit consent, such as for sending direct marketing communications or non-essential cookies.
– Legal Obligation: To comply with applicable legal or regulatory requirements.
5. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: Also known as the “right to be forgotten,” enabling you to request deletion of your data.
– Right to Restrict Processing: You may request limitations on how we process your data.
– Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format for transmission to another controller.
To exercise any of these rights, please contact us at [email protected].
6. Security Measures
We implement industry-standard security protocols to protect your personal data against unauthorized access, loss, or misuse. These include:
– Encryption of data in transit and at rest
– Strict access controls with role-based permissions
– Regular backups to secure isolated storage
– Employee training on data protection and awareness
7. International Transfers
Your personal data may be processed outside of your home jurisdiction, including in the United States. Where personal data is transferred internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or rely on legally recognized mechanisms to ensure appropriate levels of protection.
8. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or to comply with legal obligations. Retention periods include:
– Usage Data: Up to 12 months
– Account Data: Duration of account + 3 years
– Profile & Preference Data: Until user request for deletion or revocation of consent
– Communication Data: Up to 24 months after closure of inquiry
– Transaction Data: Retained per financial and legal obligation for up to 7 years
– Technical Data: Typically anonymized and stored for up to 12 months
9. Cookie Policy
We use cookies and similar technologies to enhance your experience on madhattersteahouse.com. Our use of cookies falls under the following categories:
– Essential Cookies: Required for the basic functioning of the website, including secure login and shopping cart support.
– Functional Cookies: Enhance performance and user preferences.
– Analytics Cookies: Help us measure performance and user interactions (e.g., via Google Analytics).
– Performance Cookies: Monitor load speed and responsiveness for site improvement.
10. Cookie Management and Compliance
You can manage your cookie preferences at any time through your browser settings or through the cookie banner presented on madhattersteahouse.com. We do not deploy non-essential cookies without your prior consent in compliance with GDPR. Under CCPA, California residents are entitled to opt out of the “sale” of personal information — we honor such requests and do not sell your personal data.
11. Children’s Privacy
Mad Hatter’s Tea House does not knowingly collect or solicit personal data from children under the age of 13. If we learn that we have inadvertently collected such data, we will delete it promptly. Parents or legal guardians who believe we may have improperly collected personal information about a child under 13 should contact us at [email protected].
12. Changes to This Policy
We reserve the right to update or amend this Privacy Policy at our discretion to reflect changes in legal, regulatory, operational, or technological circumstances. Where material changes are made, we will notify users through appropriate channels, including notices on madhattersteahouse.com or direct communication where applicable.
13. Contact
If you have any questions about this Privacy Policy, your rights, or our data practices, you may contact us at:
Email: [email protected]
Website: https://madhattersteahouse.com
We are committed to upholding the highest standards of data protection and welcome any privacy-related inquiries or concerns. Please do not hesitate to reach out.