1. Introduction
THE HUT, LLC ("we," "our," "us," or "the Company") is committed to protecting the privacy of all visitors, users, and customers who interact with our website, services, and platforms. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or otherwise engage with us.
Please read this Privacy Policy carefully. By accessing our website or using our services, you acknowledge that you have read and understood the practices described in this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our website or services.
THE HUT, LLC operates as a provider of home improvement, construction, and property management solutions. In the course of delivering these services, we collect and process personal data from homeowners, prospective clients, vendors, and partners. We take your privacy seriously and have implemented appropriate technical and organizational measures to protect your personal information.
2. Information We Collect
2.1 Personal Information You Provide
We collect personal information that you voluntarily provide to us when you:
- Fill out forms โ including contact forms, quote requests, service booking forms, and newsletter sign-ups on our website.
- Communicate with us โ via email at support@thehutl.shop, phone at +1(530)716-7166, or through other channels such as live chat or social media.
- Create an account โ if you register for an online account to manage service requests, view project history, or receive personalized offers.
- Enter a promotion or survey โ when you participate in contests, sweepstakes, promotions, or respond to surveys.
The categories of personal information we may collect include, but are not limited to:
- Full name, mailing address, email address, and phone number(s).
- Property address and details about your home or commercial space.
- Payment information (credit card details, billing address, bank account information for direct debits) โ processed through PCI-compliant third-party payment processors.
- Identification documents where required for credit checks or service contracts.
- Any other information you choose to provide to us.
2.2 Information Automatically Collected
When you visit our website, certain information is automatically collected by our servers and through analytics tools. This includes:
- Device and browsing information โ IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
- Usage data โ pages visited, time spent on pages, click patterns, referral source (how you arrived at our site), and exit pages.
- Location data โ general geographic location derived from your IP address (city, state, country).
2.3 Cookies and Similar Technologies
We use cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience, analyze website traffic, and deliver relevant content. Cookies are small text files stored on your device by your web browser.
We use the following types of cookies:
- Essential / Strictly Necessary Cookies โ Required for the basic functionality of our website, such as maintaining session state during form submissions. These cannot be disabled.
- Performance / Analytics Cookies โ Help us understand how visitors interact with our site (e.g., Google Analytics). Data is aggregated and anonymized where possible.
- Functionality Cookies โ Remember your preferences (such as language or region) to provide a more personalized experience.
- Targeting / Advertising Cookies โ Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns.
You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies and how to control them, visit www.allaboutcookies.org.
3. How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery โ To provide, maintain, and improve our home improvement, construction, and property management services; to process service requests; to schedule appointments; and to complete transactions.
- Communication โ To respond to your inquiries, provide customer support, send service-related notifications (e.g., appointment confirmations, project updates), and communicate about your account or transactions with us.
- Marketing and promotions โ To send you information about our services, special offers, promotions, and events that may be of interest to you, where you have given consent or where permitted by applicable law. You may opt out of marketing communications at any time.
- Website improvement โ To analyze usage patterns, diagnose technical issues, and enhance the functionality and user experience of our website.
- Legal compliance โ To comply with applicable laws, regulations, legal processes, and enforceable governmental requests; to enforce our Terms of Service and other agreements; and to protect our rights, privacy, safety, or property, as well as those of our users and the public.
- Fraud prevention and security โ To detect, investigate, and prevent fraudulent transactions, abuse, and security incidents; to maintain the integrity and security of our systems.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, we process your personal data under one or more of the following lawful bases as defined by the General Data Protection Regulation (GDPR):
- Consent (Article 6(1)(a)) โ You have given clear consent for us to process your personal data for a specific purpose. For example, when you subscribe to our newsletter or accept non-essential cookies. You have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Contractual necessity (Article 6(1)(b)) โ Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. This applies when we provide services, process payments, or manage service bookings.
- Legal obligation (Article 6(1)(c)) โ Processing is necessary for compliance with a legal obligation to which we are subject, such as tax and accounting requirements, building regulations, or health and safety obligations.
- Legitimate interests (Article 6(1)(f)) โ Processing is necessary for the purposes of our legitimate interests or those of a third party, provided such interests are not overridden by your data protection interests or fundamental rights and freedoms. Our legitimate interests include improving our services, managing our business operations, preventing fraud, and conducting direct marketing (where compatible with your rights).
Where we rely on legitimate interests as a legal basis, we have conducted a Legitimate Interests Assessment (LIA) to ensure that our interests are balanced against your rights. You have the right to object to processing based on legitimate interests at any time.
5. Information Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties for their own marketing purposes without your explicit consent. However, we may share your information in the following circumstances:
- Service providers and subcontractors โ We engage trusted third-party companies and individuals to perform services on our behalf, including payment processing, web hosting, email delivery, analytics, marketing assistance, and customer support. These providers are contractually obligated to protect your information and may use it only for the specific services they perform for us.
- Professional advisors โ We may disclose your information to lawyers, accountants, auditors, insurers, and other professional advisors where necessary to obtain professional advice or to establish, exercise, or defend our legal rights.
- Business transfers โ In the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or use of your personal information.
- Legal requirements โ We may disclose your information if required to do so by law or in the good-faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect and defend our rights or property, (c) prevent or investigate possible wrongdoing in connection with our services, (d) protect the personal safety of our users or the public, or (e) protect against legal liability.
- With your consent โ We may share your information for any other purpose with your explicit consent.
6. Data Retention
We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements.
Our retention periods are determined based on the following criteria:
- Service relationship โ We retain information for the duration of your relationship with us, plus a reasonable period thereafter to handle follow-up inquiries, warranty claims, or potential disputes.
- Legal requirements โ Certain information must be retained for specific periods under applicable laws (e.g., tax and accounting records typically for 6โ7 years).
- Consent-based processing โ Where we process data based on your consent, we retain it until you withdraw your consent or until the purpose for processing has been fulfilled.
- Legitimate interests โ Where processing is based on legitimate interests, we retain data for the duration of the relevant interest, subject to periodic review.
When retention is no longer necessary, we will securely delete or anonymize your personal information. If deletion is not immediately possible (e.g., due to backup retention schedules), we will securely isolate your data from further processing until deletion is possible.
7. Data Security
We implement a comprehensive set of technical, administrative, and physical security measures designed to protect your personal information from unauthorized access, disclosure, alteration, or destruction.
Our security measures include, but are not limited to:
- Encryption โ All data transmitted between your browser and our servers is encrypted using TLS/SSL (Transport Layer Security) protocol. Sensitive data stored in our databases is encrypted at rest using industry-standard AES-256 encryption.
- Access controls โ Access to personal information is restricted to employees, contractors, and agents who have a legitimate business need to access it. All personnel with access are bound by confidentiality obligations and undergo regular privacy and security training.
- Network security โ We employ firewalls, intrusion detection and prevention systems, and regular vulnerability assessments to protect our network infrastructure.
- Secure payment processing โ Payment transactions are processed through PCI-DSS compliant third-party payment processors. We do not store full credit card numbers on our servers.
- Regular audits and monitoring โ We conduct periodic security audits, penetration testing, and system monitoring to identify and address potential vulnerabilities.
- Incident response โ We maintain a data breach response plan to promptly address any security incidents and notify affected individuals and regulators as required by applicable law.
While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we are committed to taking all reasonable steps to safeguard your data.
8. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information. We will respond to all legitimate requests in accordance with applicable data protection laws.
8.1 Your Rights (GDPR โ EEA & UK Residents)
If you are located in the EEA or the UK, you have the following rights:
- Right to access (Article 15) โ You have the right to obtain confirmation as to whether we are processing your personal data and, if so, to request a copy of that data along with supplementary information about how we process it.
- Right to rectification (Article 16) โ You have the right to request correction of inaccurate or incomplete personal data we hold about you.
- Right to erasure / "Right to be forgotten" (Article 17) โ You have the right to request deletion of your personal data where certain grounds apply (e.g., where the data is no longer necessary for the purpose for which it was collected, or you withdraw consent and there is no other legal basis).
- Right to restriction of processing (Article 18) โ You have the right to request that we restrict the processing of your personal data in certain circumstances (e.g., while a dispute about accuracy is being resolved).
- Right to data portability (Article 20) โ You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller without hindrance, where processing is based on consent or contract and is carried out by automated means.
- Right to object (Article 21) โ You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will comply unless we demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms.
- Rights related to automated decision-making (Article 22) โ You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
8.2 How to Exercise Your Rights
To exercise any of your rights, please contact us using the details provided in the "Contact Us" section below. We may need to verify your identity before processing your request, which may require you to provide additional information.
We will respond to your request without undue delay and in any event within one month of receiving your request (or two months for complex or multiple requests, as permitted by GDPR). We may extend the response period by a further two months where necessary, taking into account the complexity and number of requests.
You also have the right to lodge a complaint with your local data protection supervisory authority if you believe that our processing of your personal data infringes applicable data protection laws.
Marketing opt-out: You may opt out of receiving marketing communications from us at any time by clicking the "unsubscribe" link in any marketing email, replying "STOP" to SMS messages, or contacting us directly. Please note that even if you opt out of marketing communications, you may still receive service-related messages (e.g., appointment confirmations, warranty information).
9. California Privacy Rights (CCPA)
This section applies to residents of the State of California, USA, and is intended to comply with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
9.1 Categories of Personal Information Collected
In the preceding 12 months, we may have collected the following categories of personal information from California residents:
- Identifiers โ name, alias, postal address, email address, phone number, IP address, account name.
- Personal information categories listed in Cal. Civ. Code ยง 1798.80(e) โ signature, physical characteristics, address, telephone number, bank account number, credit card number, debit card number.
- Commercial information โ records of products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
- Internet or other electronic network activity โ browsing history, search history, information on interaction with our website or advertisements.
- Geolocation data โ general location derived from IP address.
- Professional or employment-related information โ if you apply for a job or submit business credentials.
- Inferences drawn from any of the above โ to create a profile about your preferences and behavior.
9.2 Business or Commercial Purpose for Collection
We collect the categories of personal information listed above for the business and commercial purposes described in Section 3 (How We Use Your Information) of this Privacy Policy.
9.3 Sources of Personal Information
We collect personal information from the following categories of sources:
- Directly from you (forms, communications, account registration).
- Automatically from your device (browsing activity, cookies, analytics).
- From third-party service providers (payment processors, analytics providers, marketing partners).
9.4 Sale or Sharing of Personal Information
We do not sell personal information in the traditional sense (exchange for monetary consideration). However, under the CCPA, certain disclosures of personal information for cross-context behavioral advertising may be considered a "sale" or "sharing." We use cookies and similar technologies that may involve sharing certain information (e.g., browsing activity) with advertising partners.
You have the right to opt out of the sale or sharing of your personal information at any time. You can exercise this right by:
- Managing your cookie preferences via our cookie consent banner.
- Submitting a request through our Contact page or emailing support@thehutl.shop.
9.5 California Resident Rights
As a California resident, you have the following rights under the CCPA/CPRA:
- Right to Know โ You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information was collected, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
- Right to Delete โ You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., to complete a transaction, detect security incidents, comply with legal obligations).
- Right to Correct โ You have the right to request correction of inaccurate personal information that we maintain about you.
- Right to Opt Out โ You have the right to opt out of the sale or sharing of your personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information โ You have the right to limit the use of sensitive personal information (e.g., precise geolocation) to that which is necessary to perform the services.
- Right to Non-Discrimination โ We will not discriminate against you for exercising any of your CCPA rights. This means we will not deny you services, charge different prices, or provide a different level of service based on your exercise of these rights.
9.6 How to Exercise Your CCPA Rights
To exercise your rights under the CCPA, please submit a verifiable consumer request to us by:
- Email: support@thehutl.shop
- Phone: +1(530)716-7166
- Online: Visit our Contact page
We will acknowledge receipt of your request within 10 business days and respond substantively within 45 calendar days (extendable by an additional 45 days with notice). We may need to verify your identity before processing your request by matching information you provide with information we have on file.
You may designate an authorized agent to make a request on your behalf. The authorized agent must provide written authorization signed by you, and we may require you to verify your identity directly with us.
10. Children's Privacy
Our website and services are not intended for individuals under the age of 16 (or the age of majority in your jurisdiction). We do not knowingly collect personal information from children.
If we become aware that a child has provided us with personal information without parental consent, we will take steps to delete such information from our systems promptly. If you believe that a child has provided us with personal information, please contact us immediately at support@thehutl.shop so that we can take appropriate action.
In the event we need to collect personal information from a child for a specific purpose (e.g., a youth program or educational service), we will obtain verifiable parental consent in compliance with the Children's Online Privacy Protection Act (COPPA) where applicable.
11. International Data Transfers
THE HUT, LLC is based in the United States. If you are accessing our website or services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States or other countries where we or our service providers operate.
Where we transfer personal data from the European Economic Area (EEA), Switzerland, or the United Kingdom to countries that have not been deemed to provide an adequate level of data protection by the European Commission or relevant regulator, we implement appropriate safeguards to ensure your data is protected. These safeguards include:
- Standard Contractual Clauses (SCCs) โ We use the European Commission's approved Standard Contractual Clauses for international data transfers, ensuring that the recipient provides a level of protection equivalent to that required under GDPR.
- Data Processing Agreements (DPAs) โ We enter into comprehensive data processing agreements with all third-party service providers that process personal data on our behalf, incorporating the requirements of applicable data protection laws.
- Transfer Impact Assessments (TIAs) โ We conduct transfer impact assessments to evaluate the legal framework and practices in the destination country, supplementing safeguards where necessary.
By using our website and services, you understand and consent to the transfer of your information to the United States and other countries as described in this section. If you have any questions about international data transfers, please contact us using the information below.
12. Third-Party Links
Our website may contain links to third-party websites, plugins, and applications (e.g., social media buttons, payment gateways, mapping services). Clicking on those links or enabling those connections may allow the third party to collect or share data about you.
We do not control these third-party websites and are not responsible for their privacy practices, content, or policies. When you leave our website, we encourage you to read the privacy policy of every website you visit. This Privacy Policy applies solely to information collected by THE HUT, LLC through our website and services.
Third-party services we may use include, but are not limited to:
- Payment processing services (e.g., Stripe, Square, PayPal)
- Analytics providers (e.g., Google Analytics)
- Email marketing platforms (e.g., Mailchimp, Constant Contact)
- Customer relationship management (CRM) platforms
- Social media platforms (e.g., Facebook, Instagram, LinkedIn)
- Mapping and location services (e.g., Google Maps)
- Cloud hosting and infrastructure providers
13. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal obligations, or industry standards. When we make material changes, we will notify you by:
- Posting a prominent notice on our website.
- Updating the "Last Updated" date at the top of this Privacy Policy.
- Sending an email notification to the email address associated with your account (if applicable).
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our website or services after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree with any changes, you should discontinue use of our website and services and contact us to request deletion of your personal information.
Older versions of this Privacy Policy may be archived and made available upon request.
14. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please do not hesitate to contact us:
SHARON HILL, OH 19079
United States
Saturday: 10:00 AM โ 4:00 PM EST
Sunday: Closed
Data Protection Officer (DPO):
For privacy-specific inquiries, you may direct correspondence to our Data
Protection Officer at the address above or via email with the subject line
"ATTN: DPO โ Privacy Request."
Supervisory Authority (for EEA & UK residents):
If you are not satisfied with our response or believe we are processing your
personal data in violation of applicable law, you have the right to lodge a
complaint with your local data protection supervisory authority. For UK
residents, the relevant authority is the Information Commissioner's Office
(ICO): www.ico.org.uk.