Privacy Policy
1. Introduction
At Hilltop Project (“we”, “our”, or “us”), accessible at hilltopproject.com, we are committed to respecting and safeguarding your privacy and personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you visit our website or engage with our services. We adhere to the highest standards of data protection as required by applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We prioritize your privacy and only process personal data where absolutely necessary and in a transparent, fair, and secure manner.
2. Scope and Data Controller
This Privacy Policy applies to all personal data collected via hilltopproject.com, including through direct interactions, account registration, or related digital communications. For the purposes of data protection law, Hilltop Project is the data controller responsible for the collection and management of your personal information.
Any inquiries regarding this policy or our privacy practices may be directed to [email protected].
3. Categories of Data Processed
We may collect, use, store, and transfer the following categories of personal data:
a. Usage Data
Information collected automatically through your interaction with our website, including IP address, browser type, browsing patterns, geographic location, access time, and pages viewed.
b. Account Data
Data provided to create an account or log in, such as name, email address, phone number, mailing address, and login credentials.
c. Profile Data
Customer preferences, interests, order history, product interactions, behavioral metrics, and other profile-related insights.
d. Communication Data
Records of correspondence via email or website contact forms, including support requests, feedback submissions, and customer service interactions.
e. Technical Data
Device information, operating system details, browser settings, screen resolution, and other system-level configurations.
f. Transaction Data
Purchase and payment information, billing address, shipping address, and order confirmation data, including any relevant invoice details.
g. Preference Data
Marketing preferences, communication consents, product subscriptions, and feedback on content or offerings.
4. Legal Bases for Processing Personal Data
We process your personal data only when a lawful basis applies under applicable data protection law, including:
– Consent: where you have given explicit permission for specific purposes (e.g., email marketing).
– Contractual Necessity: when the processing is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract.
– Legal Obligation: where we are required to comply with legal or regulatory obligations.
– Legitimate Interests: where processing is required for our legitimate business interests—provided those interests do not override your rights and freedoms.
5. Your Rights
As a data subject, you have the following rights, subject to limitations defined by law:
– Right of Access: You may request details of the personal data we hold about you.
– Right to Rectification: You may request correction of inaccurate or incomplete personal data.
– Right to Erasure: Under certain circumstances, you may request that we delete your data.
– Right to Restrict Processing: You may limit how we use your personal data.
– Right to Data Portability: You may request to receive your personal data in a structured, machine-readable format and transmit it to another controller.
– Right to Object: You may object to the processing of your data where we rely on a legitimate interest or where we process for direct marketing.
To exercise any of these rights, please contact us at: [email protected].
6. Security Measures
We take the security of your personal data seriously. Hilltop Project has implemented appropriate technical and organizational measures to prevent unauthorized access, alteration, disclosure, or destruction of your data. These measures include but are not limited to:
– End-to-end encryption of sensitive data.
– Role-based access control and user authentication mechanisms.
– Regular system backups.
– Mandatory privacy-awareness training for staff with data access privileges.
7. International Transfers
Your personal data may be transferred to countries outside the European Economic Area (EEA) or California, where data laws may differ. In such cases, we implement safeguards, such as Standard Contractual Clauses approved by the European Commission, to ensure your data continues to be protected consistent with European and international privacy standards.
8. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes we collected it for, including satisfying legal, tax, accounting, or reporting requirements. The retention periods may vary:
– Usage and Technical Data: retained up to 12 months.
– Account and Profile Data: retained for the duration of account activity and up to 3 years after inactivity.
– Transaction and Communication Data: retained for 7 years to comply with tax and contractual obligations.
– Preference and Marketing Data: retained until withdrawal of consent or inactivity for 2 years.
9. Cookie Policy
We use cookies and similar tracking technologies to improve user experience and website performance. Our use of cookies falls into the following categories:
– Essential Cookies: necessary for website functionality and security.
– Functional Cookies: remember preferences and enhance functionality.
– Analytics Cookies: collect anonymized usage data to analyze website traffic and improve performance.
– Performance Cookies: monitor load times, site responsiveness, and page interactions.
10. Cookie Management and Compliance with GDPR & CCPA
We respect your right to control your information:
– At first visit, users are prompted with a cookie consent banner managed in compliance with GDPR and CCPA, allowing granular control over enabled cookie categories.
– You may update preferences or withdraw consent via our Cookie Settings tool available at the bottom of every page.
– For California residents, our Notice of Collection and right to opt-out from the “sale” or “sharing” of personal information under CCPA is fully supported.
11. Children’s Data
Protecting the privacy of children is a priority. Our services and content are not directed at users under the age of 13. We do not knowingly collect personal information from individuals under 13 years of age. If we become aware that such data has been collected without verified parental consent, we will delete that information promptly.
12. Policy Updates
We may revise this Privacy Policy from time to time. All changes will be published on hilltopproject.com under this page. Where material changes are made, we may notify you via email or through an on-site notice. Continued use of the website constitutes acceptance of the updated policy.
13. Contact Us
If you have any questions, comments, or concerns about this Privacy Policy or how we process your personal data, please contact us at:
Email: [email protected]
Website: https://hilltopproject.com
We are fully committed to ensuring compliance with applicable privacy laws and to maintaining the trust you place in us. Your data privacy is our priority.