Privacy Policy
At Halvah Heaven, accessible via halvahheaven.com, we are firmly committed to protecting the privacy and personal data of our visitors, customers, and users. In accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), this Privacy Policy outlines how we collect, use, disclose, and safeguard your information. Our commitment to privacy-first principles ensures that your data is handled with the highest level of integrity, transparency, and security.
1. Introduction
This Privacy Policy describes how we collect and process your personal data through your use of the website halvahheaven.com, including any data you may provide through this website when you register, make a purchase, sign up for communications, or engage with us in any other manner. We recognize the importance of safeguarding your personal information and are dedicated to ensuring that your rights and freedoms are protected.
2. Scope of Policy and Role of Data Controller
This Policy applies to all users of our website and services, including but not limited to visitors, customers, account holders, and subscribers. For the purposes of applicable data protection legislation, Halvah Heaven is the “Data Controller” of your personal data.
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
a) Usage Data
Information about how you use our website and services, including IP address, browser type, device logs, referral source, time zone settings, and interaction activity.
b) Account Data
Identifiers such as your full name, email address, billing and shipping addresses, contact number, and account credentials.
c) Profile Data
Details relating to your preferences, purchase history, website activity, order frequency, and user behavior.
d) Communication Data
Records of communications with our support team, contact forms, emails, and other user-initiated correspondence.
e) Technical Data
Device-specific data including operating system, platform, screen resolution, system settings, and diagnostics.
f) Transaction Data
Information about payments made, items ordered, transaction identifiers, delivery tracking, and order fulfillment data.
g) Preference Data
Marketing preferences, language selections, subscribed newsletters, and indicated product interests.
4. Legal Bases for Processing Personal Data
We process your personal data based on one or more of the following legal grounds:
– Consent: Where you have given us clear permission to process your data for a specific purpose.
– Contractual Necessity: Where processing is necessary for entering into or performing a contract with you.
– Legal Obligation: Where processing is necessary for compliance with a legal obligation.
– Legitimate Interests: Where we process data to pursue our legitimate business interests, provided that these interests are not overridden by your rights and interests.
5. Your Rights Under GDPR and CCPA
You have the right to exercise the following under applicable laws:
– Right of Access: You may request confirmation and access to the personal data we hold about you.
– Right to Rectification: You have the right to request correction of any inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You may request deletion of your personal data where legally applicable.
– Right to Restriction: You can request limited processing of your personal data under certain conditions.
– Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.
– Right to Object: You have the right to object to certain types of data processing, including direct marketing.
– Right to Non-Discrimination (CCPA): You will not be discriminated against for exercising your privacy rights.
To exercise any of the above rights, please contact us at [email protected].
6. Data Security Measures
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:
– End-to-end SSL encryption
– Role-based access controls across internal systems
– Scheduled data backups and recovery protocols
– Secure firewalls and intrusion prevention systems
– Staff confidentiality agreements and regular privacy training
7. International Transfers
Where personal data is transferred outside of the European Economic Area (EEA) or other applicable regions, such transfers are made in compliance with international data protection regulations. We use Standard Contractual Clauses and ensure appropriate safeguards are in place to maintain security and confidentiality.
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes described in this Policy, including satisfaction of legal, contractual, and operational obligations. Retention periods include:
– Account and Transaction Data: Up to 7 years (for tax and legal purposes)
– Communication Data: 2 years from last contact
– Marketing Preferences: Retained until consent is withdrawn or data is deleted
– Technical and Usage Data: Up to 24 months post-collection
Upon expiration of the applicable retention periods, your data will be securely deleted or anonymized.
9. Cookie Policy
Our website uses cookies and similar technologies to enhance user experience, personalize content, and analyze traffic. Cookies are categorized as follows:
– Essential Cookies: Necessary for the operation of the site (e.g., shopping cart, log-in functionality)
– Functional Cookies: Enhance usability by remembering your preferences
– Performance and Analytics Cookies: Monitor website usage statistics and user interactions
– Advertising Cookies: May be used to deliver relevant advertisements, subject to your consent
10. Cookie Management and GDPR / CCPA Compliance
Users of halvahheaven.com can manage cookie preferences via our Cookie Consent Banner or browser settings. In jurisdictions governed by GDPR and CCPA, we obtain explicit consent for non-essential cookies. You have full control to withdraw or modify your consent at any time through our Consent Management Tool.
11. Children’s Privacy
Our website and services are not intended for individuals under the age of 13. We do not knowingly collect personal data from children. If we become aware that such data has been collected without verified parental consent, we will take immediate steps to delete the data.
12. Policy Updates
Halvah Heaven may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or our practices. When updates occur, we will provide prominent notice on our website and, where appropriate, notify users via email.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:
Email: [email protected]
Website: https://halvahheaven.com
We are committed to maintaining full compliance with all applicable privacy laws and upholding the highest standards in data protection. Please do not hesitate to reach out to us should you have any queries about how your data is collected and managed.