Privacy Policy
Cozy Roots Home (“Cozy Roots Home,” “we,” “us,” or “our”) is committed to maintaining your privacy and protecting your personal information. This Privacy Policy outlines our data collection practices, usage, and the choices you have regarding your personal data when you visit or interact with our website, cozyrootshome.com (the “Website”). We take your privacy seriously and handle personal data in accordance with applicable privacy and data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
1. Commitment to Privacy and Data Protection
At Cozy Roots Home, we are dedicated to upholding the principles of transparency, security, and user control in all of our data processing activities. Protecting your privacy is a core part of our values, and we only collect and process personal data when it is essential for delivering our services, improving user experience, and fulfilling legal obligations.
2. Scope of Policy and Role of Data Controller
This Privacy Policy applies to all personal data collected through cozyrootshome.com and any related services or communications. Cozy Roots Home is the data controller and is responsible for your personal information under applicable privacy law. Any processing we perform is done in our capacity as data controller, ensuring we determine the purposes and means of the data handling practices described herein.
3. Categories of Personal Data We Process
We may process the following categories of personal data:
a. Usage Data
This includes data collected about how users interact with the Website, such as IP addresses, browser type and version, pages visited, time and date of visit, referring URLs, and other diagnostic data gathered through cookies and similar technologies.
b. Account Data
When you create an account, we may collect your name, email address, postal address, telephone number, password, and related login credentials.
c. Profile Data
This includes information related to your preferences, purchase history, wish lists, product reviews, and behavioral data related to how you interact with our content and offerings.
d. Communication Data
Includes the content of communications between you and us, such as customer service inquiries, feedback, and messages submitted through forms or via email at [email protected].
e. Technical Data
Information about your device type, operating system, language preferences, screen resolution, device identifiers, and system configuration.
f. Transaction Data
Includes records of products ordered, payment status, shipping and billing addresses, purchase amounts, and confirmation numbers.
g. Preference Data
Relates to your marketing and communication preferences, such as opting into newsletters or indicating interest in specific product categories.
4. Legal Bases for Processing
We rely on the following lawful bases for processing your personal data under GDPR and applicable U.S. privacy laws:
– Consent: For certain marketing activities and cookie placement, we request your explicit permission.
– Contractual Necessity: Processing data necessary for entering into or performing a contract with you, such as fulfilling purchases or managing your account.
– Legal Obligation: Where processing is required to comply with relevant legal and regulatory obligations.
– Legitimate Interests: When data processing is necessary for our legitimate business interests—such as improving our services, preventing fraud, and ensuring network and information security—provided such interests do not override your fundamental rights.
5. Your Privacy Rights
Depending on your jurisdiction and applicable laws, you may have the following rights with regard to your personal information:
– Right of Access: To request confirmation of the data we hold about you and obtain a copy.
– Right to Rectification: To correct inaccurate or incomplete data.
– Right to Erasure: To request deletion of your personal data where legally permitted.
– Right to Restriction: To request limited processing under certain circumstances.
– Right to Data Portability: To obtain your data in a structured, commonly used format and transfer it to another controller.
– Right to Object: To object to specific types of processing, including direct marketing.
– Right to Withdraw Consent: Where you have provided consent, you can withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.
To exercise your rights, please contact us at [email protected].
6. Security Measures
We implement strong organizational, technical, and administrative safeguards to protect personal data against unauthorized access, accidental loss, disclosure, or misuse. These include, but are not limited to:
– Encryption of data in transit and at rest
– Access controls and multi-factor authentication
– Regular security assessments and penetration testing
– Data backups and redundancy protocols
– Staff training on data privacy best practices
7. International Data Transfers
Where required, personal data may be transferred and processed outside your country of residence, including to jurisdictions that may not provide the same level of data protection. In such cases, we ensure that safeguards are implemented, including Standard Contractual Clauses as approved by the European Commission or other legal mechanisms to ensure adequate protection in compliance with GDPR and applicable international laws.
8. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected, or as required under applicable laws. Our standard retention periods include:
– Account Data: Retained until the user deletes their account or for up to 5 years of inactivity.
– Order/Transaction Data: Retained for up to 7 years for legal, tax, and accounting requirements.
– Communication and Support Data: Retained for 2 years following the closing of an inquiry.
– Cookie and Analytics Data: Retained according to the lifespan of the cookie or analytics tool, typically no more than 26 months unless otherwise specified.
9. Cookie Policy
We use cookies and similar technologies to enhance your experience on cozyrootshome.com. Cookies fall into the following categories:
– Essential Cookies: Required for the Website to operate and cannot be turned off in our systems.
– Functional Cookies: Enable personalization and ensure functionality such as remembering settings or login status.
– Analytical Cookies: Help us understand how visitors interact with our site, enabling improvements to performance and usability.
– Performance and Targeting Cookies: Enable us to deliver customized advertisements and measure the effectiveness of our marketing.
10. Cookie Management and User Consent
Upon your first visit, and periodically thereafter, we request your consent to deploy non-essential cookies in accordance with GDPR and CCPA. You can manage your preferences at any time through our cookie settings banner or via browser controls.
Users covered by the CCPA may also opt out of “sale” or “sharing” of personal data (as defined under CCPA). Cozy Roots Home does not sell your personal data in the conventional sense but provides a “Do Not Sell or Share My Personal Information” link as required under CCPA guidance.
11. Protection of Children’s Privacy
Our Website and services are not directed at, nor intended for, children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, please contact us at [email protected], and we will take steps to delete such information promptly.
12. Changes to This Privacy Policy
We may amend this Privacy Policy to reflect changes in legal, technical, or business developments. When such changes occur, we will update the policy accordingly and endeavor to notify users of material changes where legally required. Continued use of the Website signifies acceptance of the updated policy.
13. Contact Us
If you have any questions, requests, or concerns about this Privacy Policy or how your personal data is handled, please contact us at:
Cozy Roots Home remains fully committed to privacy best practices and complying with paramount data protection frameworks such as the GDPR and CCPA. We welcome all inquiries and are available to assist you with any privacy-related concerns.