Privacy Policy

At Cedar & Pine Furnishings ("we," "us," or "our"), we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website www.cedarandpinefurnishings.com or engage with our services.

1. Information We Collect

Personal Information

We may collect personal information that can identify you, including but not limited to:

• Contact Information: Name, email address, phone number, shipping/billing address
• Payment Information: Credit/debit card details (processed through secure payment gateways), billing history
• Account Credentials: Username, password (hashed and encrypted), security questions
• Demographic Information: Age, gender, preferences (for customized service)
• Communication Data: Correspondence through email, chat, or other channels
• Custom Order Details: Specifications, measurements, design preferences

Non-Personal Information

We automatically collect certain technical information when you visit our website:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, navigation paths, clickstream data
• Cookies and Tracking Technologies: See our separate Cookies Policy

Information from Third Parties

We may receive information about you from:

• Social media platforms when you interact with our profiles
• Payment processors regarding transaction status
• Shipping carriers regarding delivery status
• Marketing partners for analytics and advertising purposes

2. How We Use Your Information

We use the collected information for various purposes:

Service Provision

• Process and fulfill your orders for furniture and related services
• Create and manage your customer account
• Provide customer support and respond to inquiries
• Facilitate custom furniture design and production
• Arrange shipping and provide delivery updates

Business Operations

• Improve our products, services, and website functionality
• Conduct research and analysis to enhance customer experience
• Prevent fraudulent transactions and enhance security
• Troubleshoot technical issues and maintain system integrity
• Comply with legal obligations and enforce our policies

Marketing and Communications

• Send promotional materials, newsletters, and special offers (with consent)
• Personalize content and advertising based on your preferences
• Notify you about new collections, events, or policy changes
• Administer contests, surveys, or other promotional activities

3. Legal Basis for Processing (GDPR Compliance)

For users in the European Economic Area (EEA), we process personal data under the following legal bases:

• Contractual Necessity: When processing is necessary for order fulfillment or to take steps at your request prior to entering a contract
• Legitimate Interests: When processing is necessary for our legitimate business interests (e.g., fraud prevention, network security, marketing)
• Legal Compliance: When processing is necessary to comply with legal obligations
• Consent: When we rely on your explicit consent for specific processing activities (e.g., marketing emails)

You may withdraw consent at any time where applicable, without affecting the lawfulness of processing based on consent before withdrawal.

4. Data Sharing and Disclosure

We may share your information in the following circumstances:

Service Providers

We engage trusted third parties to perform functions and provide services including:

• Payment processing (Stripe, PayPal, Razorpay)
• Order fulfillment and shipping (FedEx, DHL, local couriers)
• Website hosting and maintenance (AWS, Google Cloud)
• Marketing and analytics (Google Analytics, Mailchimp)
• Customer support (Zendesk, Freshdesk)

These parties only receive necessary information to perform their functions and are contractually obligated to maintain confidentiality.

Legal Requirements

We may disclose information if required by law, including to:

• Comply with legal processes or governmental requests
• Protect against legal liability
• Prevent or investigate possible wrongdoing
• Protect the safety of any person
• Protect our rights or property

Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or similar event, customer information may be transferred as part of our business assets.

5. Data Security

We implement appropriate technical and organizational measures to protect personal data:

• Encryption of sensitive data in transit (SSL/TLS) and at rest
• Regular security assessments and vulnerability testing
• Access controls and authentication measures
• Secure payment processing (we do not store full credit card numbers)
• Employee training on data protection best practices

Despite these measures, no internet transmission or electronic storage is completely secure. We cannot guarantee absolute security but will promptly notify you of any data breaches as required by law.

6. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Order information: 7 years for tax and warranty purposes
• Customer accounts: Until deletion request or 3 years of inactivity
• Marketing data: Until consent withdrawal or 2 years from last interaction
• Website analytics: 26 months from last visit

After retention periods expire, we securely delete or anonymize your data.

7. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights regarding your personal data:

Access and Portability

Request a copy of your personal data in a structured, commonly used format.

Correction

Update or correct inaccurate or incomplete information.

Deletion

Request erasure of personal data under certain conditions.

Restriction

Limit processing of your data in specific circumstances.

Objection

Object to processing based on legitimate interests or for direct marketing.

Withdraw Consent

Revoke previously given consent at any time.

Opt-Out

Unsubscribe from marketing communications via the link in emails or your account settings.

8. International Data Transfers

As an international business, we may transfer and process personal data outside your country of residence:

• Our primary servers are located in India
• Some service providers operate in the United States, Europe, or other regions

For transfers from the EEA to countries without adequacy decisions, we implement appropriate safeguards such as Standard Contractual Clauses or rely on derogations under Article 49 GDPR.

9. Children's Privacy

Our services are not directed to children under 16. We do not knowingly collect personal information from children without parental consent. If we become aware of such collection, we will take steps to delete the information promptly.

10. Third-Party Links

Our website may contain links to third-party sites with separate privacy practices. We are not responsible for the content or privacy practices of these sites and encourage you to review their policies.

11. Changes to This Policy

We may update this Privacy Policy periodically. The "Last Updated" date at the top indicates when revisions were made. Material changes will be notified through our website or email for active customers.

Your continued use of our services after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or to exercise your rights:

Cedar & Pine Furnishings
Attn: Privacy Officer
Rajpur Road, Dehradun
Uttarakhand, India 248001
Email: privacy@cedarpinehome.com
Phone: +91-98765-43210

For EU residents, you may also lodge complaints with your local data protection authority.