Privacy Policy

 

The following Privacy Policy is intended to inform you about how we use your personal information. In doing so, we adhere to Wyoming’s common law and statutory privacy and data protection requirements and the EU’s General Data Protection Regulation (“GDPR”).

 

Data Controller

A “data controller” is a person or organization who alone or jointly determines the purposes for which, and the manner in which any personal data is, or is likely to be, processed. In this sense, Walkingdots LLC, 5830 E 2ND ST, STE 7000 #3630, Casper, 82609, WY, USA (“Imagine Living”, “we”, “us”, “our”) is the data controller.

 

If you want to contact us or if you have any questions about data protection at Imagine Living, please email us using info@hommagestore.com with “Data Protection” in the subject line.

 

Scope of the processing of personal information

As a matter of principle, we only collect and use personal information from you insofar as this is necessary to provide a functional website and our content and services, e.g., when you subscribe to our newsletter, or register on our website or log in to an existing customer account or when you order our prints. The collection and use of your personal information regularly only takes place with your consent. An exception applies in cases where prior consent is not possible for actual reasons and the processing of the data is permitted by applicable law.

 

Security

The security of your personal information is a high priority for us. We therefore protect your data stored with us by technical and organizational measures in order to effectively prevent loss or misuse by third parties. In particular, our employees who process personal information are bound to data secrecy and must comply with it. To protect your personal information, it is transmitted in encrypted form. You can recognize this by the lock symbol that your browser displays when an SSL connection is established. In order to ensure the permanent protection of your data, the technical security measures are regularly checked and, if necessary, adapted to the state of the art. These principles also apply to companies that process and use data on our behalf and in accordance with our instructions.

 

Purposes of processing and legal basis

We collect, process and use your personal information for the following purposes:

 

  • Establishment and performance of contractual relationships;
  • Sending newsletters;
  • Marketing measures;
  • Customer satisfaction surveys and analyses;
  • Product evaluations;
  • Customer service and customer support;
  • To process orders for our online range of prints.

 

The processing of your personal information may be based on the following legal grounds:

 

  • Consent: the individual has given clear consent to process personal information for a specific purpose (Art. 6 (1) a) GDPR).
  • Contract: the processing is necessary for a contract or because you have asked us to take specific steps before entering into a contract (Art. 6 (1) b) GDPR).
  • Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations) (Art. 6 (1) c) GDPR).
  • Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal information which overrides those legitimate interests (Art. 6 (1) f) GDPR).

 

Duration of storage and routine deletion of personal information

We process and store your personal information only for the period of time required to fulfil the purpose of storage or if this has been provided for, in laws or regulations. After the purpose has ceased to exist or has been fulfilled, your personal information will be deleted or blocked.

 

In the case of blocking, deletion will take place as soon as legal, statutory, or contractual retention periods do not conflict with this, there is no reason to assume that deletion would impair your interests worthy of protection and deletion would not cause a disproportionately high expense due to the special nature of the storage.

 

Log files

If you visit our website for information purposes only, without providing personal information via registration or in any other way, only the Internet connection data that your browser transmits to our server will be processed. Our website collects a series of general data and information with each call, which is temporarily stored in log files of a server. A log file is created in the course of an automatic protocol of the processing computer system. The following can be recorded:

 

  • Access to the website (date, time and frequency)
  • How you arrived at the website (previous page, hyperlink etc.)
  • Amount of data sent
  • Which browser and browser version you are using
  • The operating system you are using
  • Which internet service provider you use
  • Your IP address, which your Internet access provider assigns to your computer when you connect to the Internet

 

The legal basis for this data processing is the performance of a contract, as the collection and storage of this data is necessary for the operation of the website in order to ensure the functionality of the website and to deliver the content of our website correctly (Art. 6 (1) b) GDPR.

 

In addition, the data serve us to optimize our website and to ensure the security of our IT systems and the processing is based in this respect on our legitimate interest (Art. 6 (1) f) GDPR). For this reason, the data is stored for a maximum of 7 days as a technical precaution.

 

We also use this data for the purposes of advertising, market research and to design our services to meet your needs by creating and evaluating user profiles under pseudonyms, but only if you have not exercised your right to object to this use of your data (see information on the right to object under "Your rights").

 

Shopify

We use the store system Shopify of the service provider Shopify International Limited ("Shopify"), for the purpose of hosting and displaying the online store on the basis of processing on our behalf. All data collected on our website is processed on Shopify's servers. As part of Shopify's services, data may also be transferred to Shopify Inc, 150 Elgin St, Ottawa, ON K2P 1L4, Canada, Shopify Data Processing (USA) Inc, Shopify Payments (USA) Inc or Shopify (USA) Inc as part of further processing on our behalf. In the event that data is transferred to Shopify Inc. in Canada, the appropriate level of data protection is guaranteed. Further processing on servers other than the aforementioned of Shopify will only take place within the framework communicated below. The legal basis for the data processing is our legitimate interest in providing an appealing website (Art. 6 (1) f) GDPR).

 

reCAPTCHA

We also use Google`s reCAPTCHA from Google Inc of 1600 Amphitheatre Parkway Mountain View, CA 94043, US to check whether data input is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis begins automatically as soon as the website visitor enters the website. The legal basis for the data processing is our legitimate interest in operating a secure and spam free website (Art. 6 (1) f) GDPR).

 

Use of cookies

We use so-called cookies on our web site. Cookies are small text files that are stored on your respective device (PC, smartphone, tablet, etc.) and saved by your browser. For further information please refer to our Cookie Policy. The legal basis for the use of cookies is your consent (Art. 6 (1) a) GDPR) as well as our legitimate interest (Art. 6 (1) f) GDPR).

Sending information

We use your data for sending information ordered by you about our offer and other promotions from us to the e-mail address provided by you.

 

  1. a) Newsletter registration on our website

On our website there is the possibility to subscribe to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us, i.e., at least your e-mail address. The registration is carried out by means of the so-called double opt-in procedure.

 

After registration, you will receive an e-mail asking you to confirm your registration. This confirmation is necessary so that no one can register with other people's e-mail addresses. For the processing of the data, your consent is obtained during the registration process and reference is made to this privacy policy. If you register for our newsletter, which informs you about our latest products and services, the personal information you provide in this context (e-mail address) will be processed by us for the purpose of sending you the newsletter The legal basis for the newsletter is your consent (Art. 6 (1) a) GDPR) as well as our legitimate interest (Art. 6 (1) f) GDPR). You can revoke your consent at any time with effect for the future. The newsletter is sent using the dispatch service provider "Omnisend” a service of  Omnisend, UAB, legal entity code 302530363, address Verkių g. 25C-1, LT-08223 Vilnius, Republic of Lithuania.

 

  1. b) Dispatch due to the sale of goods and abandoned shopping cart

If you purchase goods on our website or forget something in your shopping cart, we may send you information on our own similar goods to your specified e-mail address even without your consent. The legal basis for this data processing is our legitimate interest, because advertising related products by way of direct advertising represents a legitimate interest for us as a business and the provider of this website. You may object to the processing of your personal information for the purpose of direct advertising at any time. We will then refrain from further processing for such purposes. You can send us your objection as described below. In addition, you can object to the sending of such newsletters at any time in the future without giving reasons by unsubscribing via the unsubscribe link at the end of each newsletter or by contacting us using info@hommagestore.com.

 

We would like you to enjoy reading our e-mails. Therefore, we try to only include content that you are likely to be interested in. We therefore measure and store opening and click-through rates in your usage profile, i.e., whether and when you open our emails, which content of the emails you click on and when, as well as whether and why our emails could possibly not be delivered. We also use this data for statistical purposes.

 

In particular, this serves our legitimate interest to evaluate the performance of the individual newsletter campaigns and to define optimization measures in order to make the newsletter as attractive and suitable as possible for you. The legal basis for the processing is therefore our legitimate interest (Art. 6 (1) f) GDPR).

 

Of course, you can unsubscribe from receiving our information at any time, i.e., revoke your consent with effect for the future or object to data processing. For this purpose, you will find a corresponding unsubscribe link in every mail or newsletter. You can also contact us using info@hommagestore.com for a cancellation at any time.

 

Contacting us, registration or placing orders

 

  1. a) Contacting us

When you contact us using via email or social media, the data you provide will be stored by us based on your consent and the preparation or initiation of a contract, insofar as it is necessary to answer your questions (Art. 6 (1) a) GDPR) and (Art. 6 (1) b) GDPR). Your inquiry is logged in order to be able to prove the contact in accordance with the legal requirements. We delete the data accruing in this context when the respective conversation with you has ended and your inquiry has been conclusively clarified.

 

  1. b) Registration

On our website, we offer you the opportunity to register by providing personal information. The data is entered in the registration form is transmitted to us and stored. Registration is necessary in order to set up your customer account, which you can use to place orders and services. The processing of the data for this registration thus serves the fulfilment of the contract of use or the implementation of pre-contractual measures (Art. 6 (1) b) GDPR). You can delete your customer account at any time on our website either by using the delete function in your account or by contacting us using info@hommagestore.com.

 

  1. c) Storage of data in the user account

For the conclusion and processing of contracts, we require contact details, such as name, delivery and billing address and e-mail address, as well as information on the type of payment method you have chosen. You can store this data in your user account. In addition, we use your data to maintain our customer database so that only accurate data is stored by us. In order to avoid typing errors and to ensure that the items you have ordered reach you, we check the completeness and accuracy of your address when you enter it.

 

Following your order, you will receive a corresponding order confirmation as well as further documents, which we are obliged to provide in order to fulfil our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) GDPR) and (Art. 6 (1) b) GDPR).

 

  1. d) Guest order

You have the option to place your orders as a guest. If you choose this order type, you do not have to register before placing an order. Please note that you will have to enter your data again for each subsequent order.

 

We collect, process, and use the information you provide in the context of a guest order for the purpose of executing the contract. We store the information you provide for the period of processing and handling your order. Afterwards, your data will be deleted unless you decide to activate your customer account within 14 days after placing your order. Data that we are required to store due to legal, statutory or contractual retention obligations will be blocked instead of being deleted to prevent it being used for other purposes. The processing of the data serves the fulfilment of the contract with you (Art. 6 (1) b) GDPR).

 

  1. e) Order confirmation/dispatch confirmation

In order to process the contract and provide you with our services, for example, the web shop or to send you a package for which a fee is charged, we use your contact details to send you registration confirmations, customer service information, order confirmations, contract documents, or payment processing information. We are obliged to send you these documents in order to comply with our legal information obligations for an effective conclusion of a contract with you. The processing of your data is therefore necessary to fulfil our legal information obligations for an effective conclusion of a contract with you (Art. 6 (1) c) GDPR) and (Art. 6 (1) b) GDPR).

 

  1. f) Other

Based on our legal obligation (Art. 6 (1) c) GDPR) and our legitimate interest (Art. 6 (1) f) GDPR), we use and store your personal information and technical information to the extent necessary to prevent or prosecute misuse or other illegal behavior on our website, e.g., to maintain data security in the event of attacks on our IT systems (Art. 6 (1) f) GDPR). This also takes place insofar as we are legally obliged to do so, for example, due to official or court orders, and for the exercise of our rights and claims as well as for legal defense (Art. 6 (1) f) GDPR).

 

Disclosure of personal information to third parties

Your personal information will only be passed on if there is a legal obligation to do so or to service providers and partner companies that have been carefully selected in advance and are contractually obliged to comply with the requirements of data protection law.

 

  1. a) Disclosure within affiliated companies

We pass on your personal information for the conclusion and processing of contracts for offers on our website to affiliated companies. This is particularly necessary so that you can use all our offers. If you contact us using info@hommagestore.com with questions, complaints, or returns, as well as other complaints, they will also receive access to your order data in order to be able to process your request.

 

  1. b) Disclosure to service providers

For the operation and optimization of our website and our services and for the processing of contracts, various service companies work for us, e.g., for central IT services or the hosting of our website, for the payment and delivery of products, or order fulfillment or for the dispatch of newsletters, to whom we pass on the data required for the fulfilment of the task (e.g., name, address).

 

Some of these companies act for us by way of commissioned processing and may therefore use the data provided exclusively in accordance with our instructions. In this case, we are legally responsible for appropriate data protection measures at the companies we commission. We therefore agree on specific data security measures with these companies and monitor them regularly.

 

In contrast to order processing, in the following cases we transmit data to third parties for their own use in order to process the contract:

 

  • In the case of delivery of goods to our fulfillment partner (Printspace Studios Limited) and the necessary logistics companies and the postal service provider specified when the order was placed.

 

  • In the case of payment for goods to the payment service provider as specified when the order was placed (currently PayPal and Shopify Payments).

 

We do not collect or store any payment transaction information, such as credit card numbers or bank details during the payment process. You only provide this information directly to the respective payment service provider.

 

  1. c) Disclosure to other third parties

We will disclose your data to third parties or government agencies within the framework of existing data protection laws if we are legally obliged to do so, e.g., due to official or court orders, or if we are entitled to do so, e.g., because this is necessary for the prosecution of criminal offenses or for the exercise and enforcement of our rights and claims.

 

Data transfer to third countries

If we use service providers in third countries, we take additional measures to ensure an adequate level of data protection for the transfer of personal information in accordance with Art. 44 of the GDPR and thus ensure that the transfer is generally permissible and that the special requirements for a transfer to a third country are met (e.g., by concluding standard contracts and additional guarantees, supplementary technical and organizational measures such as encryption or anonymization).

 

Google Analytics

We use Google Analytics, a service provided by Google Inc. This means that the data collected can in principle be transmitted to a Google server in the USA, whereby the IP addresses are anonymised by means of IP anonymisation so that an allocation is not possible. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. You can object to the collection and processing of this data by Google Analytics by setting an opt-out cookie that prevents the future collection of your data when you visit this website: http://tools.google.com/dlpage/gaoptout?hl=en. The legal basis for this processing is (Art. 6 (1) f) GDPR), our legitimate interest.

 

Social Media

Based on our legitimate interest (Art. 6 (1) f) GDPR), we are present in various "social media" platforms (Facebook, Instagram, Pinterest) in order to communicate with our customers, interested parties, and users registered there and to be able to inform them about our offers there. We would like to point out that you use these platforms and their functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g., commenting, sharing, rating).

 

In addition, your data may be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behavior and the resulting interests. This allows, for example, advertisements to be placed within and outside the platforms that presumably correspond to your interests. Cookies are usually stored on your computer for this purpose. Independently of this, data that is not directly collected from your devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).

 

Links to other providers

Our website also contains - clearly recognizable - links to the websites of other companies. Insofar as there are links to websites of other providers, we have no influence on their contents. Therefore, no guarantee or liability can be assumed for these contents. The respective provider or operator of the pages is always responsible for the content of these pages.

 

The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete indications of a legal violation. Such links will be removed immediately if infringements of the law become known.

 

Google Fonts

We use Google Fonts on our website to display external fonts. This is a service provided by Google, To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed. The connection to Google established when you call up our website enables Google to determine which website sent your request and to which IP address the display of the font is to be transmitted.

 

Your rights and privileges

  1. a) Privacy rights

You can exercise the following rights:

  • The right to access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to object to processing;
  • The right to data portability;

 

  1. b) Update your information and withdraw your consent

If you believe that the information we hold about you is inaccurate or request its rectification, deletion, or object to legitimate interest processing, please do so by contacting us.

 

  1. c) Access Request

In the event you want to make a Data Subject Access Request, please contact us. We will respond to requests regarding access and correction as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days, we will tell you why and when we will be able to respond to your request. If we are unable to provide you with any personal information or to make a correction requested by you, we will tell you why.

 

  1. d) What we do not do
  • We do not request personal information from minors and children;
  • We do not process special category data without obtaining prior specific consent;
  • We do not use automated decision-making, including profiling; and
  • We do not sell your personal information.

 

  1. e) Who is the competent data protection authority?

The Office of the Attorney General. If you believe that the processing of your personal information is not lawful, you can lodge a complaint with the AG or your local data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you approach the AG or any other supervisory authority.

 

  1. f) Data Breaches and Notification

Databases or records containing personal information may be breached accidentally or through unlawful intrusion. As soon as we become aware of a data breach, we will notify all affected individuals whose personal information may have been compromised, and the notification will be accompanied by a description of the measures that will be taken to repair the damage caused by the data breach. Notifications will be sent as soon as possible after the violation is discovered.

 

USA Specific Provisions

The following applies to users located elsewhere in the United States. While we understand and appreciate that privacy and consumer data protection laws differ as they are subject to each state's legislature and that no data protection framework similar to the EU’s GDPR exists on a federal level, we are committed to follow and apply the for your state relevant privacy rules and regulations.

 

As of the day of drafting, the following states had enacted privacy and consumer data protection laws: California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. Under consideration of the similarities of the above provisions, no conflict should arise pursuing a uniform approach in granting all users in the USA the same rights and privileges as set out above. However, should ambiguity occur the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal information.

 

Further, the following also apply

 

  1. i) “Shine the Light”

“Shine the Light” law (Civil Code Section 1798.83) requires us to respond to requests from California asking about the business’s practices related to disclosing personal information to third parties for the third parties’ direct marketing purposes. You may make a request about our collection and disclosure of your personal information using the contact details provided.

 

  1. ii) COPPA (Children Online Privacy Protection Act)

When it comes to the collection of personal information from children under the age of 13 years old, the Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children’s privacy and safety online. We do not specifically market to children under the age of 13 years old.

 

  • iii) CAN SPAM Act

The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations. To be in accordance with CAN SPAM, we agree to the following: If at any time you would like to unsubscribe from receiving future emails, you can email us, and we will promptly remove you from ALL correspondence.

 

  1. iv) Telephone Consumer Protection Act (TCPA)

If we process your personal information for the purpose of sending you SMS marketing communications, you may manage your receipt of marketing and non-transactional communications from us by replying or texting ‘STOP’ if you receive our SMS communications. In this respect, the data processing is carried out solely on the basis of our consent in personalized direct advertising per SMS.

 

  1. v) Controls For Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track ('DNT') feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. At this stage, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, our website does not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this policy.

 

  1. vi) Right to complain

Finally, and in regard to the right to complain to a supervisory authority. You have the right to lodge a complaint about our processing of personal information with a supervisory authority responsible for data protection. Users based in the above mentioned States may lodge a complaint with the relevant district attorney or attorney general office. However, we would appreciate the opportunity to address your concerns before you contact any supervisory authority.

 

Canada and Mexico Specific Provisions

Both Canada and Mexico have introduced data protection laws that are similar to the GDPR, namely Federal Law for the Protection of personal information in the Possession of Private Parties (“LFPDPPP”) supplemented by the Rules of the Federal Law for the Protection of personal information in the Possession of Private Parties in Mexico and the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada. Under consideration that the GDPR has played a pivotal role, no conflict should arise pursuing a uniform approach in granting all users in Mexico or Canada the same rights and privileges as set out above. However, should ambiguity occur, the most stringent provision is chosen to ensure the most comprehensive approach when it comes to protecting your personal data.

 

In terms of your right to complain, Canada’s national supervisory authority is the Office of the Privacy Commissioner (www.priv.gc.ca) and the National Institute of Transparency, Access to Information and personal information Protection (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales) (“INAI”) is the national supervisory authority in Mexico (www.ifai.org.mx).

 

Help and Complaints

If you have any questions about this policy or about data protection at Imagine Living, you can contact us by email using info@hommagestore.com with “Data Protection” in the subject line.

 

Changes

The first version of this policy was issued on Wednesday, November 13th, 2024, and is the current version. Any prior versions are invalid, and if we make changes to this policy, we will revise the effective date.