Privacy Policy

Introduction

Wallace Heron ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our AI-powered chatbot.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Place an order or make a purchase
• Create an account
• Submit a custom product request through our chatbot
• Contact us via email, phone, or contact form
• Subscribe to our newsletter

This information may include:

• Name and contact information (email address, phone number, mailing address)
• Payment information (processed securely via Stripe)
• Order history and purchase details
• Company name (if applicable)
• Project requirements and specifications (from chatbot interactions)

AI Chatbot Data

When you use our AI-powered chatbot, we collect:

• Your responses to product-related questions
• Product recommendations shown to you
• Conversation timestamp and duration
• Session ID (a unique identifier for your conversation)

If you submit a custom request, we also collect your name, email address, phone number (optional), and specific project requirements.

Technical Data

We automatically collect certain information when you visit our website:

• IP address (anonymized after 12 months)
• Browser type and version
• Device information
• Pages visited and time spent on pages
• Referring website
• Date and time of access

How We Use Your Information

We use the information we collect for the following purposes:

• To Provide Services: Process your orders, provide product recommendations, and fulfill custom requests
• To Communicate: Send order confirmations, shipping updates, and respond to inquiries
• To Improve Services: Analyze chatbot conversations to improve accuracy and helpfulness
• To Prevent Fraud: Detect and prevent spam, fraud, and misuse of our systems
• To Comply with Legal Obligations: Maintain records as required by law
• To Send Marketing Communications: Send promotional emails (only with your consent)

Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for processing your personal information includes:

• Consent: You have given us permission to process your data for specific purposes (e.g., newsletter, custom requests)
• Contract: Processing is necessary to fulfill our contract with you (e.g., order fulfillment)
• Legal Obligation: We must process your data to comply with the law
• Legitimate Interest: Processing is in our legitimate interests to provide and improve our services, provided these interests do not override your rights

How We Share Your Information

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party companies that help us provide services (e.g., Stripe for payments, Mailgun for emails, OpenAI for chatbot functionality)
• Business Transfers: In the event of a merger, acquisition, or sale of assets
• Legal Requirements: When required by law or to protect our rights

Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this policy:

• Order Information: Retained for 7 years (accounting and legal requirements)
• Chatbot Conversations: Anonymized after 12 months (IP addresses and personal data removed)
• Custom Requests: Retained until fulfilled or 2 years, whichever comes first
• Marketing Data: Retained until you unsubscribe

Your Data Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal obligations)
• Data Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time (where processing is based on consent)

To exercise these rights, please visit our GDPR Data Request page or contact us at sales@wallaceheron.co.nz

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to improve your experience on our website. For detailed information, please see our Cookie Policy.

Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• SSL/TLS encryption for data in transit
• Secure server infrastructure
• Access controls and authentication
• Regular security audits
• Employee training on data protection

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Third-Party Services

We use the following third-party services:

• Stripe: Payment processing (see Stripe Privacy Policy)
• OpenAI: AI chatbot functionality (see OpenAI Privacy Policy)
• Mailgun: Email delivery (see Mailgun Privacy Policy)

Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this page indicates when the policy was last revised. We encourage you to review this policy periodically.

Contact Us

If you have questions or concerns about this Privacy Policy, please contact us: