GDPR Policy

GDPR Policy

General Data Protection Regulation (GDPR) Compliance Statement

Home Deco 99 ('Company', 'we', 'us', or 'our') is committed to ensuring the protection of personal data and compliance with the General Data Protection Regulation (GDPR), which came into effect on May 25, 2018.

Purpose of Data Collection

We collect personal data solely for legitimate purposes related to providing and improving our services. This includes processing transactions, providing customer support, sending communications related to our services, and enhancing the functionality of our website.

Lawful Basis for Processing

We process personal data in accordance with the lawful bases set out in the GDPR, including:

  1. Consent: Obtaining explicit consent from individuals before collecting and using their personal data.
  2. Contractual Necessity: Ensuring the processing is necessary to fulfill a contract or take steps linked to a contract.
  3. Legitimate Interests: Pursuing our legitimate interests, provided they do not override the interests or rights of individuals.

Data Minimization

We adhere to the principle of data minimization, ensuring that we only collect the necessary data for the purpose for which it was collected.

Rights of Individuals

Under GDPR, individuals have the following rights:

  1. Right to Access: Access their personal data.
  2. Right to Rectification: Correct inaccurate data.
  3. Right to Erasure (Right to be Forgotten): Erase data or restrict its processing.
  4. Right to Object: Object to our use of their data.
  5. Right to Data Portability: Transfer their data to another data controller.

We ensure these rights are fulfilled.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to potential risks, including accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

Data Transfers

For any transfer of personal data to third countries or international organizations, we ensure such transfers are compliant with the necessary safeguards and conditions required by the GDPR.

Data Breaches

In case of a data breach, we will notify the competent supervisory authority within 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

Data Protection Officer

Our Data Protection Officer is responsible for monitoring compliance with the GDPR and other data protection laws, dealing with data protection inquiries from supervisory authorities and data subjects.

Contact Information:

For more detailed information on our data handling practices, please review our Privacy Policy.

Jurisdiction and Governing Law

This GDPR Compliance Statement is governed by the laws of the United States of America, without regard to its conflict of laws principles.