Privacy Policy for StoddardCarpets.com

1. Introduction

At StoddardCarpets.com, we are committed to safeguarding the personal data of our users and customers. We recognize the importance of privacy and take data protection seriously. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information in compliance with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws. Your trust is fundamental to our relationship, and we adhere to the highest standards of data management.

2. Scope of the Policy and Data Controller Role

This policy applies to all users who access and interact with StoddardCarpets.com, including customers, visitors, and third-party vendors. The data controller responsible for your personal data is Stoddard Carpets, which operates through the website StoddardCarpets.com. All inquiries regarding personal data or this policy should be directed to: [email protected].

3. Categories of Data Processed

We may collect and process the following categories of personal information, either directly from you, through automated technologies, or from third-party services:

a. Usage Data:
Includes information about how you interact with our website—such as IP address, browser type, referring pages, time zone settings, session durations, device identifiers, and internet activity.

b. Account Data:
We collect personal identifiers when you create or manage an account, including your name, home or billing address, email address, and telephone number.

c. Profile Data:
Includes your preferences, product selections, browsing behavior, account settings, and historical purchase data.

d. Communication Data:
Includes messages you send to us via contact forms, customer service inquiries, telephone communications, and email exchanges.

e. Technical Data:
Details about the devices used to access StoddardCarpets.com, including device model, operating system, screen resolution, language settings, and platform identifiers.

f. Transaction Data:
Encompasses payment details (processed securely via our third-party providers), as well as order history, shipping information, and invoicing records.

g. Preference Data:
Including your communication preferences, marketing consents, and interests in specific products or services.

4. Legal Bases for Processing

We process personal data only when we have a lawful basis for doing so. These bases include:

– Contractual Necessity: When processing is necessary for the performance of a contract (e.g., completing a purchase or delivering goods).
– Legitimate Interest: For activities that support our business operations, such as fraud prevention, analytics, and website optimization, as long as such interests do not override your fundamental rights.
– Legal Obligation: Where required to comply with legal obligations under applicable laws.
– Consent: For email marketing, behavioral tracking, or non-essential cookies, your explicit consent will be obtained prior to processing.

5. Your Rights

Under GDPR and CCPA (where applicable), you are entitled to the following rights:

– Right of Access: To request copies of your personal data held by us.
– Right to Rectification: To request correction of inaccurate or incomplete data.
– Right to Erasure: To request deletion of your data where there is no lawful reason for its continued processing.
– Right to Restrict Processing: To request temporary suspension of processing in certain cases.
– Right to Data Portability: To receive your data in a structured, commonly used, machine-readable format.
– Right to Object and Withdraw Consent: You may object to processing where we rely on legitimate interests or withdraw consent where consent has been given.

To exercise these rights, please contact us at [email protected].

6. Security Measures

We implement robust technical and organizational safeguards to protect your data. This includes:

– TLS encryption for data transmitted over the internet
– Access controls and authentication protocols
– Routine data backups and disaster recovery frameworks
– Cybersecurity training for staff accessing personal data
– Regular reviews of security infrastructure and incident response procedures

We continually monitor risks and update controls to ensure the ongoing confidentiality, integrity, and availability of personal data.

7. International Transfers

Some of your information may be processed outside your country of residence, including in jurisdictions that may not offer the same level of data protection. When we transfer personal data internationally, we use data transfer mechanisms recognized by the GDPR, such as Standard Contractual Clauses, and we ensure data subjects’ rights remain protected.

8. Data Retention

We retain personal data for as long as necessary to fulfill the purposes it was collected for, including satisfying legal, accounting, or reporting obligations. Retention periods are as follows:

– Usage and Technical Data: up to 2 years
– Account and Profile Data: active while the account is in use and up to 5 years after inactivity
– Communication Data: up to 3 years for customer service purposes
– Transaction Data: retained for 7 years to meet financial and taxation requirements
– Preference Data: until consent is withdrawn or updated

When no longer needed, data is securely deleted or anonymized.

9. Cookie Policy

Our website uses cookies to enhance user experience, understand traffic patterns, and deliver tailored content. Categories of cookies used:

– Essential Cookies: Required for basic site functionality; disabling them may impair certain features.
– Functional Cookies: Enable enhanced features such as product recommendations or video playback.
– Analytics Cookies: Collect aggregated data on site usage to improve structure and content.
– Performance Cookies: Monitor service performance, load speeds, and user behavior under different scenarios.

10. Cookie Management & Compliance

In compliance with GDPR and CCPA:

– Consent is requested prior to activating non-essential cookies.
– Users may manage preferences via our on-site cookie consent tool or by adjusting their browser settings.
– You may withdraw consent at any time, and we honor “Do Not Sell My Personal Information” requests under CCPA.

For detailed cookie settings or inquiries, please contact: [email protected].

11. Children’s Privacy

StoddardCarpets.com does not knowingly collect or solicit personal data from children under the age of 13. If a parent or guardian becomes aware that a child has provided data without proper consent, please contact us immediately. We will take steps to remove such information from our records.

12. Policy Updates & User Notifications

This Privacy Policy may be updated to reflect legal, regulatory, or operational changes. Updates will be posted prominently on StoddardCarpets.com. Where significant changes are made, users will be notified via email or website notifications. Continued use of the website signifies your agreement with the most current version of the policy.

13. Contact Us

For any questions regarding this policy or your personal information, or to exercise your legal rights, please contact us at:

Email: [email protected]
Website: https://stoddardcarpets.com

We are committed to continuous compliance with global privacy standards and welcome your inquiries regarding how your data is handled.