Privacy Policy
1. Introduction
At Forever Green Christmas Tree Co. (“Company”, “we”, “us”, or “our”), accessible at www.forevergreenchristmastree.com, we are firmly committed to safeguarding the privacy and personal data of our users. We recognize the importance of maintaining the confidentiality, integrity, and security of your personal information and adhere strictly to applicable privacy and data protection regulations, including the European Union General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, process, store, and protect your personal data in connection with your use of our website, services, and associated communications. We are dedicated to a privacy-first approach, ensuring that your rights and data sovereignty remain our priority.
2. Scope of This Policy and Role as Data Controller
This Privacy Policy applies to all users of our website, www.forevergreenchristmastree.com, and to all personal data collected through it. For purposes of data protection laws, Forever Green Christmas Tree Co. is the “data controller” with respect to the personal data collected from individuals in the European Economic Area (EEA), the United Kingdom, and California. This means we determine the purposes and means of processing your personal data.
3. Categories of Personal Data We Process
We collect, use, store, and share various types of personal data, depending on how you interact with our services. These categories include but are not limited to:
a) Usage Data
Information collected automatically through cookies and similar technologies when you access the website. This includes IP addresses, browser type, access times, pages visited, referring URLs, session duration, and interactions with website features.
b) Account Data
Information you provide when creating an account or placing an order, including your full name, email address, phone number, billing/shipping address, and login credentials.
c) Profile Data
Details relating to your preferences, shopping behavior, browsing history on our site, wish lists, and purchase records.
d) Communication Data
Records of your communication with us, including email correspondences, support requests, contact form submissions, reviews, and customer service interactions.
e) Technical Data
Device-specific information such as operating system, device type, device identifiers, screen resolution, and system configuration settings.
f) Transaction Data
Details pertaining to orders and financial activities, such as products purchased, delivery addresses, transaction timestamps, and partially masked payment methods (note: we do not store complete payment card data—transactions are processed via secure third-party vendors).
g) Preference Data
Data relating to your expressed preferences for receiving marketing messages, newsletter subscriptions, product alerts, and interest categories.
4. Legal Bases for Processing Personal Data
We process personal data under various lawful bases, depending on the nature of the data and your interaction with our services:
– Contract: Where processing is necessary to perform a contract with you (e.g., to fulfill your online order).
– Consent: Where you have explicitly given consent for one or more processing purposes (e.g., marketing emails).
– Legal Obligation: Where processing is required for compliance with a legal obligation.
– Legitimate Interest: Where we have a legitimate business interest in processing your data, and such interest is not overridden by your fundamental rights and freedoms (e.g., fraud prevention, service improvement).
5. Your Rights
Subject to applicable laws, you may have the following rights regarding your personal data:
– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your personal data, where legally applicable.
– Right to Restriction: You may request restriction of processing under certain circumstances.
– Right to Data Portability: You may request to receive your data in a structured, machine-readable format and/or have it transferred to another controller.
– Right to Object: You may object to the processing of your data for direct marketing or based on legitimate interests.
– Right to Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time without penalty.
To exercise any of these rights, please contact us at [email protected]. We will respond to valid requests in accordance with applicable law.
6. Security Measures
We employ industry-standard technical and organizational measures to ensure the security of your data. These include:
– Encryption of data in transit and at rest;
– Access control systems with role-based permissions;
– Secure server infrastructure and hosting environments;
– Regular security assessments and audits;
– Data backup and disaster recovery protocols;
– Staff training in data protection practices.
While no method of transmission over the Internet or method of storage is 100% secure, we strive to implement and maintain appropriate safeguards to protect your data.
7. International Transfers
We may transfer your personal data to countries outside of your jurisdiction, including to servers or service providers located in the United States or other countries that may not offer the same level of protection. When doing so, we rely on international data transfer safeguards such as:
– Standard Contractual Clauses approved by the European Commission;
– UK International Data Transfer Agreements, where applicable;
– Binding Corporate Rules (where relevant);
– Appropriate supplemental measures to ensure adequate protection of your data.
8. Data Retention
We retain personal data only as long as necessary to fulfill the purposes outlined in this policy and to satisfy legal, contractual, or compliance requirements. Retention periods vary by data type:
– Usage and Technical Data: Retained for up to 12 months for analytics and security.
– Account and Profile Data: Retained as long as your account is active and for up to 6 years thereafter.
– Transaction Data: Retained for up to 7 years for tax, legal, and warranty purposes.
– Communication Data: Retained for up to 3 years from the date of last contact.
– Preference Data: Retained until you withdraw your consent or update settings.
You may request deletion of your data as allowed under section 5.
9. Cookie Policy
Our website uses cookies and other similar technologies to enhance user experience, analyze usage patterns, and support essential functions. Cookies fall into the following categories:
– Essential Cookies: Necessary for core website functionality such as authentication and cart management.
– Functional Cookies: Improve your experience by remembering preferences and settings.
– Analytics Cookies: Collect aggregated data on site performance, user behavior, and visitor demographics using third-party tools (e.g., Google Analytics).
– Performance Cookies: Track system performance and errors to improve overall stability and functionality.
10. Cookie Management and Compliance
Under the GDPR and CCPA, you have the right to manage your cookie preferences, including opting out of non-essential cookies. Upon your first visit to our website, you will be presented with a cookie banner allowing you to customize your consent settings. You can also manage cookies via your browser settings or by using our Cookie Settings tool available on our site.
California residents may further opt out of the “sale” of personal data under the CCPA through our Do Not Sell My Personal Information page, as defined by the law. Though we do not sell personal data in the traditional sense, we honor opt-out choices for any data sharing practices that may be subject to CCPA provisions.
11. Children’s Privacy
Our website and services are not directed to or intended for use by children under the age of 13. We do not knowingly collect or process personal data from anyone under 13. If a parent or guardian becomes aware that their child has provided us with personal data without their consent, they should contact us immediately at [email protected]. We will take steps to delete such information promptly.
12. Policy Updates
We reserve the right to update this Privacy Policy from time to time in response to changes in legal, technical, or business developments. In the event of material changes that affect your rights or the manner in which we process your personal data, we will notify you via prominent notice on the website or by direct communication, if appropriate. Continued use of www.forevergreenchristmastree.com after such updates constitutes acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding your personal data or this Privacy Policy, you may contact us at:
Forever Green Christmas Tree Co.
Email: [email protected]
We are committed to upholding your privacy rights and complying fully with applicable data protection laws. You are encouraged to reach out with questions, queries, or complaints relating to our data handling practices.