Privacy Policy for Hugshade

1. Introduction

At Hugshade, accessible at hugshade.com, we are deeply committed to protecting your personal data and upholding your privacy rights. We understand the importance of transparency, data security, and responsible data processing in building trust with our users. This Privacy Policy outlines how we collect, use, disclose, and safeguard your information in accordance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.

2. Scope and Role of Data Controller

This Privacy Policy applies to all personal data collected through our website, hugshade.com, and associated services. Hugshade acts as the “Data Controller” for the purposes of GDPR and as a “Business” under the CCPA with respect to the information you provide.

By accessing or utilizing our website and services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.

3. Categories of Data We Process

We may collect and process the following categories of personal data, both directly (e.g., through forms) and indirectly (e.g., through cookies and analytics):

a. Usage Data
Information about how you interact with our website, including your IP address, browser type, operating system, referral URLs, pages viewed, session duration, and other diagnostic data.

b. Account Data
Details provided when creating an account such as your full name, address, email address, phone number, and login credentials.

c. Profile Data
Information derived from your account including purchase history, saved preferences, wishlists, and behaviors related to product views or content interactions.

d. Communication Data
Records of any correspondence with our customer support (via email or web forms), including inquiries, complaints, and other interactions.

e. Technical Data
Device and system-level metadata including device identifiers, network information, system configurations, language settings, and performance diagnostics.

f. Transaction Data
Information related to product purchases such as billing and shipping addresses, payment method details (processed via secure third-party providers), and invoice history.

g. Preference Data
Marketing communication preferences, opt-in statuses, and interest profiles based on your engagement with our content and promotional materials.

4. Legal Bases for Processing

We rely on the following legal grounds to process your personal data, as permitted under GDPR:

– Consent: Where you have expressly agreed to our use of your data for specific purposes, such as receiving marketing communications.
– Contractual Necessity: When data processing is required to fulfill a contract with you or to take steps at your request prior to entering into a contract.
– Legitimate Interests: For improving services, securing systems, preventing fraud, and providing a better user experience, provided such interests are not overridden by your rights.
– Legal Obligation: When processing is necessary to fulfill legal or regulatory requirements.

For users in California, you have the right to opt-out of the “sale” of personal data as defined by the CCPA. Hugshade does not sell your personal data for monetary compensation.

5. Your Data Protection Rights

Under applicable laws, you have the following rights regarding your personal data:

– Right of Access: Request access to the personal data we hold about you.
– Right to Rectification: Request correction of inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data under certain circumstances.
– Right to Restrict Processing: Request limited use of your data in specific scenarios.
– Right to Data Portability: Receive your personal data in a structured, commonly used, and machine-readable format and request its transmission to another controller.

To exercise any of these rights, please contact us at [email protected]. We will process your request in accordance with applicable laws.

6. Security Measures

We employ industry-standard technical and organizational measures to ensure the confidentiality, integrity, and availability of your data. These include:

– Encryption of data in transit and at rest
– Role-based access control and strict authentication protocols
– Regular cybersecurity audits and vulnerability assessments
– Periodic data backups and secure data storage solutions
– Staff training and awareness programs on privacy best practices

7. International Data Transfers

When your data is transferred outside of your country of residence (including transfers outside the European Economic Area), we implement appropriate safeguards. These include reliance on the European Commission’s Standard Contractual Clauses and ensuring that third-party service providers maintain an adequate level of data protection.

8. Data Retention

Your personal data is retained only for the duration necessary to fulfill the legitimate purposes for which it was collected, including:

– Usage Data: 26 months (for analytics and diagnostic purposes)
– Account and Profile Data: As long as your account remains active or until request for deletion
– Transaction Data: 7 years (for financial and legal compliance)
– Communication Data: 3 years (for support history)
– Preference Data: Until revocation of consent

We securely delete or anonymize your data upon expiry of these periods.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance user experience, measure performance, and analyze traffic. The types of cookies we use include:

– Essential Cookies: Necessary for website functionality (e.g., session management, page navigation)
– Functional Cookies: Enhance user preferences (e.g., language and location settings)
– Analytics Cookies: Provide aggregated insights on usage trends and behavior
– Performance Cookies: Track site performance and detect technical issues

Third-party cookies (e.g., Google Analytics) may also be set through our site.

10. Cookie Management and GDPR/CCPA Compliance

Upon your first visit to hugshade.com, you will be presented with a cookie consent banner, in compliance with GDPR and CCPA regulations. You can manage your cookie preferences at any time through our Cookie Settings tool or by adjusting your browser settings.

Under CCPA, you may also exercise your right to opt out of cookies classified as “sales” by certain third parties, though we do not sell your data in the conventional sense.

11. Children’s Privacy

Our services are not directed to individuals under the age of 13, and we do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected such data, we will take immediate steps to delete it. If you believe a child has provided us with personal data, please contact us at [email protected].

12. Updates to This Privacy Policy

We may revise this Privacy Policy periodically to reflect changes in law, technology, or our data practices. Any updates will be clearly posted on our website. While major changes may prompt user notification, we encourage you to review this Privacy Policy regularly to stay informed.

13. Contact Us

If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, please reach out to our Privacy Team at [email protected].

We are committed to full legal compliance and respecting your data privacy preferences. You may contact us any time with concerns related to data protection, and we will respond diligently and transparently.