Privacy Policy - The Folk Remedy

1. Introduction

At The Folk Remedy (“we”, “our”, “us”), accessible at thefolkremedy.com, we are committed to respecting and protecting your privacy. We recognize the importance of safeguarding your personal data and maintaining transparency regarding how this information is collected, used, and shared. This Privacy Policy outlines how we handle your personal information in compliance with the General Data Protection Regulation (“GDPR”), the California Consumer Privacy Act (“CCPA”), and other applicable data protection laws. Our guiding principle is privacy by design and by default.

2. Scope of this Policy and Role of the Data Controller

This Privacy Policy applies to your use of the website located at thefolkremedy.com (the “Website”), including all related services, communications, and interactions. The data controller responsible for processing your personal data is The Folk Remedy. For any privacy-related inquiries, including questions or requests regarding this policy, you may contact us at [email protected].

3. Categories of Data Processed

We process the following categories of personal data for the purposes described in this Privacy Policy:

a. Usage Data
This includes information about how you use the Website, such as your IP address, browser type, geographic location, referring URLs, pages accessed, time spent, and other diagnostic data.

b. Account Data
Information you provide when creating an account on the Website, including your name, email address, telephone number, billing and shipping addresses.

c. Profile Data
Includes data about your purchasing history, browsing behavior, wishlists, preferences, selected interests, and user account settings.

d. Communication Data
This comprises your communication with us, such as emails, contact form submissions, support ticket history, and customer service interactions.

e. Technical Data
Device-specific information including your device type, operating system, language preference, browser configuration, screen resolution, and system identifiers.

f. Transaction Data
Details of products or services you have purchased, payment confirmations, delivery and shipping information, order numbers, and billing information.

g. Preference Data
Marketing and communication preferences, including consents provided for receiving promotional emails, interests selected for product updates, and feedback provided.

4. Legal Bases for Processing Personal Data

We only process your personal data when a valid legal basis exists:

– Performance of a Contract: To provide you with products or services you have requested or purchased.
– Legitimate Interests: For operating, improving, and securing our Website, marketing similar products and services, and preventing fraud.
– Consent: For sending direct marketing communications where required by law and for the placement and reading of cookies.
– Legal Obligation: To comply with legal and regulatory requirements.

5. Your Rights

You have the following rights under applicable data protection laws:

– Right of Access: You may request access to the personal data we hold about you.
– Right to Rectification: If your personal data is inaccurate or incomplete, you may request it be corrected.
– Right to Erasure: You may request deletion of your personal data under certain circumstances.
– Right to Restriction: You can request a limitation of how your data is processed.
– Right to Portability: You may request a copy of your data in a structured, commonly used, and machine-readable format and transfer it to another service provider.
– Right to Object: You may object to processing based on our legitimate interests or for direct marketing purposes.
– Right Not to Be Discriminated Against (CCPA): You will not be discriminated against for exercising your privacy rights.

To exercise any of these rights, please contact [email protected].

6. Security Measures

We implement appropriate technical and organizational security measures to protect your personal data, including:

– Secure Socket Layer (SSL) encryption for data transmissions;
– Role-based access control and password protection;
– Regular data backups and business continuity protocols;
– Staff training in data protection and privacy;
– Continuous monitoring of systems for potential vulnerabilities and attacks.

Although we strive to use commercially acceptable means to protect your personal data, no method of transmission or storage is completely secure.

7. International Transfers

Some personal data may be transferred to, and processed in, countries outside your jurisdiction, including to countries which may not provide the same level of data protection as your home country. Such transfers are performed in compliance with GDPR, using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or adequacy decisions where applicable.

8. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. The general retention periods include:

– Usage Data: up to 24 months;
– Account Data and Profile Data: for the duration of your account’s life and up to 6 months following account closure;
– Communication Data: up to 36 months following last interaction;
– Technical Data: up to 24 months;
– Transaction Data: 7 years for legal and tax compliance;
– Preference Data: until consent is withdrawn or for a maximum of 5 years.

Data may be anonymized and retained in aggregate form for research or statistical purposes.

9. Cookie Policy

We use cookies and similar technologies to enhance user experience on thefolkremedy.com. These may include:

– Essential Cookies: Necessary for Website functionality (e.g., shopping cart, login sessions);
– Functional Cookies: Enable Website optimization and remember your preferences;
– Analytics Cookies: Help us understand interaction with our content (using privacy-focused analytics providers);
– Performance Cookies: Measure performance of our marketing campaigns and user behavior.

10. Cookie Management and GDPR/CCPA Compliance

Upon first visit to thefolkremedy.com, you will be presented with a cookie consent banner in compliance with GDPR and CCPA. You may accept or manage your preferences. You can also adjust your browser settings to block or delete cookies at any time. Please note that disabling essential cookies may limit the functionality of the Website.

CCPA consumers may opt-out of the “sale” of their data where applicable. While we do not sell your personal information in the conventional sense, you may exercise this right by managing cookie settings or contacting us at [email protected].

11. Children’s Privacy

The services provided by thefolkremedy.com are not intended for children under the age of 13. We do not knowingly collect or solicit personal data from individuals under 13 years of age. If we become aware that we have inadvertently collected data from a child under 13, we will take appropriate steps to delete the information promptly. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at [email protected].

12. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal obligations or our data processing practices. Where legally required, we will notify users of material changes through the Website or via direct communication channels. We encourage you to periodically review this page to stay informed about how we are protecting your information.

13. Contact Information

If you have any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact:

The Folk Remedy
Email: [email protected]
Website: https://thefolkremedy.com

We are committed to full compliance with applicable data protection laws, including GDPR and CCPA. Please don’t hesitate to contact us with any privacy-related concerns.