Heartsmart (“Heartsmart”, “we,” “us,” “our”) is committed to fulfilling our responsibilities under the European Union’s General Data Protection Regulation (“GDPR”) in relation to the collection, retention, use, and other processing of EU/European Economic Area (“EEA”) personal data. This online privacy notice applies to information about you obtained through www.heartsmart.com (the “Website”) in our role as a data controller.
Personal Data We Collect
Personal data collected via the Website may include:
- Contact Data. You may provide us with your contact details, such as your name, phone number, home address, company name, job title, and email address (for example, when you contact us or place an order).
- Account and Authentication Information. To verify the identity of registered users we may collect a user name, password, security questions and answers, and other similar information associated with the creation of an account.
- Order Placement Information. In order to process and fulfill orders you place through the Website, we may collect your billing and shipping address, payment card details, and any other necessary financial information. We do not store payment card information after a transaction has been processed.
- Job Application Information. If you apply for a job through our careers page, we or our vendor may collect personal data such as your name, e-mail address, physical address, phone number, and resume.
- Device Information. We may obtain information about devices that you use to access our Website, including the type of device, its operating system, device settings, unique device identifiers, and error data.
- Location Information. The Website may use location-aware technologies to identify the country from which you are visiting a given website.
- Other Information You Provide. In addition to the above, you may provide us with other information, including personal data. You might do so through emails and other communications that you send us, such as feedback and user support inquiries regarding the Website.
How and Why We Use Your Personal Data
We may process your personal data to:
- Fulfill purchase orders, initiate returns, and otherwise transact with you.
- Respond to your comments, questions and requests, provide customer service, send you informational notices, and contact you if we need to obtain or provide additional information.
- Issue product safety notices where necessary.
- Process your online account registration and administer or maintain your account.
- Accumulate loyalty points to your account (should you opt into our program) and track your usage thereof.
- Advertise to you or suggest products that may interest you.
- Facilitate, manage, personalize, and improve our user relationships.
- Analyze user interactions with the Website and use such data for internal purposes, such as website optimization.
- Prevent and address fraud, breach of any applicable policies or terms, and threats or harm.
- Ensure the security and integrity of the personal data we process.
- Comply with applicable legal requirements.
Our processing of such personal data is carried out pursuant to the following legal bases:
- The processing is necessary for us to provide you with the products and services you request, or to respond to your inquiries.
- We have a legal obligation to process your personal data, such as to comply with applicable tax and other government regulations, or to comply with a court order or binding law enforcement request.
- To protect your vital interests, or those of others.
- We have a legitimate interest in carrying out the processing activity. In particular, we
have a legitimate interest in the following instances:
- Analyzing and improving the safety and security of the Website. This includes implementing and enhancing security measures and protections and protecting against fraud, spam, and abuse.
- Maintaining and optimizing the function of the Website.
- Operating the Website and providing you with certain tailored information and communications to develop and promote our network and opportunities.
- You have consented to the use of your personal data. When you consent, you can change your mind at any time.
If we make a material change to how we process your personal data, we will notify you as appropriate and may also modify this privacy notice.
How We May Share Your Personal Data
We may share your personal data:
- With our staff, agents, vendors, consultants, and other service providers who perform functions on our behalf.For example, we may use third parties to help us provide customer support, manage our advertisements on other platforms, and send marketing and other communications on our behalf.
- To abide by applicable law or protect rights and interests. For example, we may disclose your personal data if we determine that such disclosure is reasonably necessary to comply with the law, protect our or others’ rights, property, or interests, or prevent fraud or abuse.
- If we are involved in a reorganization, merger, acquisition, or sale of some or all of our assets.
How We Use Tracking Technologies
We may utilize online identification tools—such as cookies, web beacons, pixels or similar tracking technologies—in accordance with applicable law and requirements. “Cookies” are small text files placed on your device when you visit a website; they store information which is sent back to our servers or those of third parties.
How We Protect Your Personal Data
Heartsmart takes reasonable measures to protect your personal data from loss, theft, misuse, unauthorized access, disclosure, alteration, and destruction. Our server uses advanced encryption and firewall technology to keep your personal data private, and we are compliant with the Payment Card Industry Data Security Standards (PCI DSS). Our secure server layer (SSL) software fully encrypts the information you input so that it cannot be read as it travels to our ordering system. However, Heartsmart cannot guarantee “perfect security” and cannot ensure or warrant the security of any information you transmit to us or others through the Website. Such information is transmitted at your own risk.
How Long We Retain Your Personal Data
We will store your personal data for no longer than is necessary for the performance of our obligations or to achieve the purposes for which the information was collected, or as may be permitted under applicable law. To determine the appropriate retention period, we will consider the amount, nature, and sensitivity of the data; the potential risk of harm from unauthorized use or disclosure of the data; the purposes for which we process the data and whether we can achieve those purposes through other means; and the applicable legal requirements. Unless otherwise required by applicable law, at the end of the retention period we will remove personal data from our systems and records or take appropriate steps to properly anonymize it.
Links to Third-Party Websites
Some features of the Website may open your preferred internet browser on your device and allow you to access certain third-party websites. These websites are governed by their own privacy policies, terms, and cookie policies. We encourage you to read the policies and terms of websites that the Website may link to.
Your Rights and Choices
The GDPR provides EU/EEA data subjects with certain rights regarding their personal data. Subject to certain conditions, you may ask us to take the following actions in relation to your personal data that we hold:
- Provide you with information about our processing of your personal data and give you access to your personal data.
- Update or correct inaccuracies in your personal data.
- Delete your personal data.
- Transfer a machine-readable copy of your personal data to you or a third party of your choice.
- Restrict the processing of your personal data.
- Object to our processing of your personal data for direct marketing purposes.
- Object to reliance on our legitimate interests as the basis for processing of your personal data.
You may exercise some of these rights and choices through the Website’s features, such as editing your account settings when you are logged in. Additionally, you can submit these requests by email to [email protected] or our postal address provided below. We may request specific information from you to help us confirm your identity prior to processing your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to submit a complaint about our use of your personal data or our response to your requests regarding your personal data, you may contact us or submit a complaint to the data protection regulator in your jurisdiction. You can find information about your data protection regulator here.
How to Contact Us
To inquire about our practices described herein, raise a concern, or exercise your data protection rights, please contact us at [email protected]. The data controller for your personal data is Heartsmart, which you may reach at the email address above, or at the following address:
5000 Tuttle Crossing Blvd.
Dublin, OH 43016