Privacy Policy - Heart To Heart

We are staunchly committed to protecting and meticulously safeguarding the privacy, confidentiality, and security of personal information relating to our website visitors and service users. This commitment extends across all our operations, systems, and processes.

This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data. In this role, we are responsible for maintaining comprehensive oversight of how your personal information is collected, used, and protected throughout our systems.

We may process usage data (“usage data”), which comprehensively includes browser type, operating system, page views, navigation patterns, timing of visits, device information, and interaction metrics. This information is collected through automated logging systems, cookies, and analytics tools and may include session duration, pages visited, and user interaction patterns. The source of this data is our analytics software and server logs. We process this information for several important purposes, including website optimization, user experience improvement, security monitoring, and performance analysis, which enables us to enhance site functionality, improve navigation, and provide better service. The legal basis for this processing is our legitimate interests in monitoring and improving our website and services.

We may process account data (“account data”), which comprehensively includes email address, username, password hash, account preferences, notification settings, and login history. This information is collected through registration forms, account updates, and user preferences and may include communication preferences, security settings, and account status. The source of this data is direct user input during account creation and management. We process this information for account administration, security maintenance, user authentication, and service delivery, which enables us to provide secure access, personalized services, and account management capabilities. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

We may process profile data (“profile data”), which comprehensively includes name, biographical information, preferences, interests, and design preferences. This information is collected through profile completion forms, preference settings, and user interactions and may include interior design preferences, style choices, and project requirements. The source of this data is your direct input and interaction with our platform. We process this information for personalization, content recommendation, service optimization, and user experience enhancement, which enables us to provide tailored content, relevant recommendations, and improved service delivery. The legal basis for this processing is our legitimate interests in providing personalized services and maintaining an engaging user experience.

Your Rights

Right to Access
You have the right to access your personal data, which means you can request a copy of all information we hold about you and confirm how we are using this information. This includes the ability to receive confirmation of data processing, obtain copies of your personal data, and verify the lawfulness of processing. To exercise this right, you can submit a written request through our dedicated privacy portal or contact our data protection officer directly. We will respond within 30 days and may require government-issued identification, proof of address, and account verification to verify your identity.

Right to Rectification
You have the right to rectification, which means you can request corrections or updates to any inaccurate or incomplete personal data we hold about you. This includes the ability to correct personal information, update outdated details, and complete any incomplete information. To exercise this right, you can access your account settings or submit a correction request through our support system. We will respond within 15 days and may require account verification, supporting documentation, and specific details about the information to be corrected.

Right to Erasure
You have the right to erasure, also known as the right to be forgotten, which means you can request the deletion of your personal data when there is no compelling reason for its continued processing. This includes the ability to delete your account, remove personal information, and withdraw consent for data processing. To exercise this right, you can submit a deletion request through our privacy center or contact our support team. We will respond within 30 days and may require password confirmation, account ownership verification, and explicit confirmation of deletion request.

Right to Restrict Processing
You have the right to restrict processing, which means you can limit the way we use your personal data while maintaining its storage. This includes the ability to temporarily pause data processing, limit processing to specific purposes, and suspend certain data uses. To exercise this right, you can submit a processing restriction request through our privacy settings or contact our data protection team. We will respond within 20 days and may require account authentication, specific processing details, and reason verification.

Right to Data Portability
You have the right to data portability, which means you can receive your personal data in a structured, commonly used format and transmit it to another service provider. This includes the ability to download your data, transfer information between services, and receive data in a machine-readable format. To exercise this right, you can request a data export through our account dashboard or submit a portability request. We will respond within 30 days and may require identity verification, account ownership confirmation, and destination service details.Data Processing and Security Measures

Data Types and Processing

We process Service Data which includes design preferences, room measurements, project timelines, and consultation requests. This processing involves digital storage, analysis, and project management systems, enabling us to deliver personalized interior design services. For example, in the context of Interior Design, this includes creating detailed room layouts, material selections, and design proposals. The legal basis for this processing is contractual necessity and legitimate interests, specifically to provide our core design services and maintain project records.

We process Technical Data which includes device information, browsing patterns, and website interaction metrics. This processing involves automated collection, analysis, and storage systems, enabling us to optimize website performance and user experience. For example, in the context of Interior Design, this includes tracking popular design galleries and resource downloads. The legal basis for this processing is legitimate interests, specifically to improve our digital services and understand user behavior.

We process Communication Data which includes email correspondence, consultation notes, and design feedback. This processing involves secure storage, analysis, and response management systems, enabling us to maintain effective client relationships. For example, in the context of Interior Design, this includes storing design revision requests and project updates. The legal basis for this processing is contractual necessity and legitimate interests, specifically to maintain client communications and project progression.

We process Transaction Data which includes payment details, service purchases, and billing information. This processing involves secure payment processing, record-keeping, and financial management systems, enabling us to handle business transactions efficiently. For example, in the context of Interior Design, this includes processing design consultation fees and material purchases. The legal basis for this processing is contractual necessity and legal obligations, specifically to fulfill financial commitments and maintain required records.

We process Preference Data which includes style preferences, color schemes, and design inspirations. This processing involves analysis, storage, and recommendation systems, enabling us to provide personalized design solutions. For example, in the context of Interior Design, this includes creating tailored design boards and material selections. The legal basis for this processing is consent and legitimate interests, specifically to deliver customized design services.

Security Implementation

Our comprehensive encryption protocols ensure end-to-end protection of your data, incorporating industry-standard algorithms and regular security updates to maintain data integrity. This includes regular security assessments and penetration testing by qualified professionals.

We implement multi-layered security infrastructure, including advanced firewalls and intrusion detection systems that continuously monitor for and prevent unauthorized access attempts. This infrastructure undergoes regular updates and enhancements.

Access to personal data is strictly controlled through role-based permissions, multi-factor authentication, and detailed access logs. We maintain comprehensive audit trails of all data access and modifications.

Our continuous monitoring systems provide real-time threat detection and automated response protocols, ensuring immediate action against potential security threats.

We maintain comprehensive backup procedures with encrypted offsite storage and regular recovery testing, ensuring data availability and integrity.

All staff undergo regular security awareness training and must comply with detailed data protection protocols, including specific training for handling sensitive data.

International Transfers

We may transfer your personal data to countries outside your jurisdiction. These transfers are protected by appropriate safeguards, including Standard Contractual Clauses, Privacy Shield certification, and Binding Corporate Rules. Each international transfer is conducted under strict protocols that ensure:
– Adequate data protection standards
– Compliant processing procedures
– Enforceable data subject rights
– Effective legal remedies

International transfers are protected by GDPR standards, ISO 27001, and APEC Privacy Framework, ensuring compliance with regional and international regulations. We implement additional measures including:
– Regular compliance audits
– Data protection impact assessments
– Documented transfer mechanisms
– Continuous monitoring procedures

Regarding international transfers, you maintain specific rights including:
– Right to information about transfers
– Right to object to transfers
– Right to withdraw consent
– Right to data protection guarantees

Data Retention

We maintain specific retention periods for different data categories:

Account Information: 7 years after account closure to comply with legal requirements and handle potential disputes
Usage Data: 2 years to analyze long-term usage patterns and improve services
Transaction Records: 7 years to comply with tax and financial regulations
Communication History: 3 years to maintain service continuity and handle ongoing projects
Technical Logs: 1 year for security monitoring and system optimization

These retention periods are determined by:
– Legal requirements
– Business purposes
– Technical necessities
– User preferences

Special circumstances affecting retention:
– Legal obligations
– Dispute resolution
– Security investigationsCookie Policy for ScarletRoseFree.com

Essential cookies serve fundamental functions for our website’s core operations. These cookies process authentication data, security tokens, and session information to maintain a secure and stable browsing experience. For example, in our Interior Design context, these cookies remember your design preferences and project saves while you browse through different room layouts and color schemes.

Functional cookies enhance your browsing experience by storing your preferences and customization choices. They process data related to language settings, regional preferences, and interface customizations. In practice, these cookies remember your preferred color palettes, room styling preferences, and saved design boards to provide a seamless interior design exploration experience.

Analytics cookies help us understand how visitors interact with our design resources and inspiration galleries. They collect information about your interactions with design portfolios, navigation through style guides, and engagement with interior design tutorials. This helps us optimize our content and feature presentation to better serve your creative journey.

Performance cookies assess and improve our website’s technical operations. They monitor loading times for high-resolution design images, track system responsiveness during virtual room planning, and optimize the delivery of interactive design tools. These cookies ensure smooth functionality when you’re using our design visualization features and project planning tools.

Cookie Management

You can control your cookie preferences through your browser settings, our cookie consent banner, privacy preference center, and account settings. We provide easy-to-use tools to manage your cookie choices while ensuring essential site functionality.

GDPR Compliance

For EU residents, we maintain strict data protection standards including explicit consent mechanisms for data collection, minimal data processing, clear purpose limitations, defined storage periods, and transparent processing procedures.

CCPA Compliance

California residents are entitled to know about personal information collection, request data deletion, opt-out of data sales, receive equal service regardless of privacy choices, and access their collected information.

COPPA Compliance

We implement strict age verification measures, require parental consent for users under 13, limit data collection from minors, maintain special protection protocols, and ensure parental access to their children’s information.

Updates and Changes

Our policy maintenance includes regular reviews, user notifications about significant changes, consent renewal requirements, detailed change documentation, and ongoing compliance monitoring.

Contact Information

For privacy-related inquiries:
Primary Contact: [email protected]
Response Time: Within 48 hours
Verification Required: For data-related requests
Available Support: Privacy concerns, data requests, rights exercise

This policy was created specifically for scarletrosefree.com and covers all associated services within the Interior Design industry.