Privacy Polices

1. Introduction and Overview

Purpose
This Privacy Policy explains how Folk & Fire Apothecary LLC, also known as Folk & Fire Apothecary ("we," "us," or "our") collects, uses, processes, and protects the personal information of individuals who visit our website, use our services, or interact with us in any other way. We are committed to ensuring your privacy and protecting your personal data.

By using our website, services, or providing your personal information, you consent to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, you should not use our services.

2. Data Collection and Use

Types of Data We Collect
We may collect and process the following types of personal data about you:

  1. Personal Identification Information: Name, address, email address, phone number, payment details.

  2. Technical Data: IP address, browser type, device type, browsing behavior (such as pages visited, time spent on the site, etc.), operating system.

  3. Transactional Data: Purchase history, services you have requested or inquired about, and related correspondence.

  4. Profile Data: Account details, preferences, communication history, and feedback.

  5. Usage Data: Information about how you use our website, services, and interactions with us (including through third-party services like Google Analytics and social media platforms).

  6. Marketing and Communications Data: Your preferences in receiving marketing communications, and any feedback or responses to marketing surveys.

How We Use Your Data:
We use your data for the following purposes:

  • To provide, maintain, and improve our website and services.

  • To process transactions and manage your account.

  • To communicate with you, including for customer support, promotional updates, and order confirmations.

  • To analyze website usage trends, improve user experience, and tailor marketing.

  • To comply with legal obligations (e.g., accounting and tax regulations).

  • To detect, prevent, and address technical issues or security concerns.

  • To market our products and services, if you have consented to such communications.

Legal Basis for Processing Data:
We process personal data based on the following legal grounds:

  • Consent: When you consent to our use of your data for specific purposes (e.g., email marketing).

  • Contractual Necessity: To fulfill contracts we enter with you (e.g., completing a sale, providing customer support).

  • Legal Obligation: When we are required to comply with legal obligations (e.g., maintaining tax records).

  • Legitimate Interests: To improve our services and provide a personalized user experience.

3. Data Sharing and Third-Party Processors

Third-Party Service Providers:
We may share your personal data with third-party vendors, service providers, or business partners to fulfill services on our behalf, such as payment processing, hosting services, and email communications. These third parties are contractually obligated to keep your data confidential and secure and may only process data to the extent necessary to provide the service.

Third-Party Analytics and Advertising:
We use third-party analytics and advertising services, including Google Analytics, Facebook Ads, and others, to analyze website traffic and deliver targeted ads. These services may use cookies or similar technologies to track your browsing activity across different websites.

  • Google Analytics: You can opt-out by installing the Google Analytics opt-out browser add-on.

  • Facebook: You can opt-out of Facebook's interest-based ads by visiting Facebook's Help Center.

International Data Transfers:
If you are located outside the United States, please note that we may transfer your personal data to the United States. We take appropriate steps to protect your data, including working with third-party processors who comply with applicable privacy regulations.

For EU residents, we ensure that any international transfers of your data are made in compliance with the General Data Protection Regulation (GDPR), including using Standard Contractual Clauses (SCCs) where required.

4. Your Rights and Control Over Your Data

Data Protection Rights in the EU:
If you are an EU resident, you have the following rights under the General Data Protection Regulation (GDPR):

  1. Right to Access: You can request a copy of the personal data we hold about you.

  2. Right to Rectification: You can request that we correct any inaccurate or incomplete information.

  3. Right to Erasure (Right to be Forgotten): You can request that we delete your personal data when it is no longer necessary for the purposes for which it was collected.

  4. Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances.

  5. Right to Data Portability: You can request that we provide your personal data in a structured, commonly used, and machine-readable format, and transfer it to another controller.

  6. Right to Object: You can object to our processing of your personal data in certain circumstances, including for direct marketing purposes.

  7. Right to Withdraw Consent: If we rely on your consent to process your personal data, you have the right to withdraw it at any time.

Data Protection Rights in the United States:
Under U.S. law, there is no single comprehensive federal privacy law like the GDPR. However, certain states (such as California under the CCPA) provide specific rights related to privacy. If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  1. Right to Know: You have the right to request details about the personal data we collect, use, and share.

  2. Right to Delete: You have the right to request the deletion of your personal data, subject to certain exceptions.

  3. Right to Opt-Out: You can opt-out of the sale of your personal data (if applicable).

Exercising Your Rights:
To exercise any of the rights mentioned above, please contact us at [Your Contact Email]. You may also request to update, delete, or restrict the use of your personal data, and we will respond to your request in accordance with applicable laws.

California Residents:
If you are a California resident, you can make requests to know or delete your personal data free of charge once per year.

5. Data Security and Retention

Data Security:
We take reasonable measures to protect your personal data from unauthorized access, loss, or misuse. This includes using industry-standard encryption technologies and secure payment systems. However, no data transmission over the internet can be guaranteed to be completely secure, and we cannot ensure the security of information sent to us electronically.

Data Retention:
We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy or to comply with legal obligations. For example, we may retain transaction records to comply with tax regulations or other legal requirements. When your data is no longer needed, we will securely delete it.

Children's Privacy
This website and its services are not intended for children under the age of 13 (or under the age of 16 in the EU). We do not knowingly collect, use, or share personal information from children. If you are a parent or guardian and believe your child has provided personal data to us, please contact us immediately at [your contact information], and we will take steps to remove that information.

By using this website, you confirm that you are at least 13 years old (or at least 16 years old if you are located in the European Union). If you are under this age, please refrain from using our site or providing any personal data.

6. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time. If we make material changes to how we handle your personal data, we will notify you via email or through a prominent notice on our website. Please check this Privacy Policy periodically for updates.

7. Contact Information

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact us at:

Folk & Fire Apothecary
sia@folkandfireshop.com