We value your personal data ("personal data") and take all necessary measures to protect it. This Privacy Notice ("Notice") provides current information about your privacy rights.
You may be categorized as a user, client, potential client, or contractor in relation to us.
User
Any visitor to our website
Client
Individuals who use our services
Potential Client
Individuals showing interest in our products or services
Contractor
Providers who fulfill our clients' orders
What Is a Privacy Notice?
A Privacy Notice is a statement from us, as the Business (Controller), to you (data subject), describing how we collect, use, retain, and disclose personal data gathered through our website and mobile application(s).
As a data subject, you have specific privacy rights. To exercise these rights, please email us at homeshowerexpert.com@gmail.com.
Your rights may vary depending on the applicable laws but may include the following:
Right to Access
You can request information on how your personal data is processed.
California
Virginia
Ohio
Colorado
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Canada
Right to Rectification
You can correct or complete inaccurate or incomplete information.
California
Virginia
Colorado
Nevada
Massachusetts
Minnesota
New York
North Carolina
Delaware
Canada
Right to Deletion
You can request the removal of your personal data from our systems.
California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Canada
Right to Restriction
You can partially or completely restrict us from processing your personal data.
California
Massachusetts
New York
Canada
Right to Portability
You can request all data you provided to us and transfer it to another controller.
California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Canada
Right to Opt-Out
You can prohibit the sharing or selling of your data.
California
Virginia
Ohio
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Colorado
Canada
Right Against Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing if such decisions have legal effects or significantly affect you.
California
Virginia
Colorado
Massachusetts
Minnesota
North Carolina
New York
Canada
Right to Withdraw Consent
You can withdraw your consent at any time.
Default
Right to Lodge a Complaint
If your request is not satisfied, you can file a complaint with the regulatory authority.
Default
Note: Some states do not have specific privacy laws. In such cases, the rights of residents are governed by U.S. federal law. If your state is not listed, please contact homeshowerexpert.com@gmail.com.
The state of Oregon (Oregon Consumer Information Protection Act) and the state of Michigan (Identity Theft Protection Act (Act 452 of 2004)) do not currently have comprehensive privacy laws. However, they do have privacy requirements and the right for data subjects to opt out of advertising and other intrusive communications.
Note: Depending on state and legislative requirements, we have between 30 to 60 days to process your request, with the possibility of extending this period by an additional 30 days.
Data We Process
The data we process is categorized into technical information and data provided by users.
Technical Information
When you visit our website, certain data is collected automatically. This technical data is necessary to operate, maintain, and improve our website. It includes information such as IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, and session ID.
Data Provided by User
By default, we only process technical information. See the details in the table below:
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, and session ID.
To ensure smooth operation of the website
Data Provided by Potential Clients
We may collect the following: full name, email, phone number, ZIP code, home address, start time, important features, project type, and other data based on your individual project, as well as technical information. See the details in the table below:
Full name, email, phone number
To contact you
ZIP code, home address
To determine if we can provide services in your area and to research the average cost of similar services in your region
Important features, project type, start time
For proposal creation and finding suitable contractors
Other data related to your project
For proposal creation and finding suitable contractors
Email, phone
For marketing and promotional calls
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, and session ID.
To ensure smooth operation of the website
Note: We seek the best specialists for your project. To enable specialists to contact you and accommodate your preferences, we provide them with some of your personal data: the date and time of your request, full name, phone number, service type, user ID, and previous order history.
Data Provided by Clients
We may collect the following: full name, email, phone number, ZIP code, home address, insurance information, name and email of the person for whom an estimate is prepared, type of property, start time, order status, important features, project type, and other data based on your individual project, as well as technical information. See the details in the table below:
Full name, email, phone number
To contact you and provide services
ZIP code, home address
To determine if we can provide services in your area and to research the average cost of similar services in your region
Insurance information
To generate accurate quotes
Estimate details: name, email, type of property
For accurate billing
Start time, order status
To fulfill the contract
Other data related to your project
For work performance, proposal creation, and finding suitable contractors
Email, phone
For marketing and order status notifications
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, and session ID.
To ensure smooth operation of the website
Data Provided by Contractors
We may collect: name, registration number, contact details, position, business information, advertising details, payment information, and technical data. See the details in the table below:
Name, registration number, contact details
Contract formation and execution
Name of representative, contact details, position, business information
Contract formation and execution
Payment details
Contract execution
Advertising preferences
Advertising campaign settings
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, and session ID
Ensuring smooth operation of the website
Note: Some of the information we collect from contractors is gathered offline.
We retain data during the contract period (while interacting with our service) and for 36 months thereafter or until you withdraw your consent (if applicable). Upon request, your data will be deleted from our servers within 30 days.
Note: We do not knowingly process personal data of users under 16 years of age without consent from a legal representative. If you are such a user or a legal representative, please notify us by email.
Why Do We Collect Data?
We are committed to protecting your privacy. We collect and use your information to:
Provide, maintain, and improve our website and services;
Offer troubleshooting and customer support;
Protect our service for all users;
Contact you.
Sale of Data
We do not sell your information. However, we may share your personal data with our contractors as part of providing our services. Details are provided in the following sections.
Sharing and Transferring of Data
Your personal data is stored on servers located in the US (Michigan, Ohio, Virginia, Oregon, California), Brazil, and Canada. We may transfer your data to our employees to fulfill a contract. Data transfers may also occur for the following reasons:
Consent. We transfer your personal data based on your explicit consent.
Compliance with the Law.
We will not disclose your personal data to third parties unless necessary:
To comply with a government request, court order, or applicable law;
To prevent unlawful use of our website;
To protect against third-party claims;
To assist in fraud prevention or investigation.
Transfer to Third Parties.
We transfer your personal data to third parties based on a public offer or terms of service for processing on our behalf, with technical and organizational measures in place to protect your data.
We share your data with service providers who help us:
Operate, develop, and improve our website and features.
Advertise
Provide you with services
Process your payment transactions
Fulfill your support requests
Communicate with you as described elsewhere in this Privacy Notice
In more detail:
Employees and contractors
Contract performance
Contacting you
Support
Marketing
Processing payment transactions
Operating, developing, and improving our website and business
Data sets vary based on the roles performed by contractors or employees. We apply necessary organizational and technical safeguards. For details, see the Security section.
Advertising contractors
Service promotion in advertising
We transmit aggregate data only. Processing is done according to our instructions with necessary organizational and technical measures. Data transfer agreements are used if required. For details, see the Security section.
We use the following service providers:
Facebook
Website customization and usability
The data we share is purpose-limited and protected.
You can read about Facebook's data processing here.
Yahoo
and AOL (Yahoo product)
Use of online services and electronic bulletin boards
The data we share is purpose-limited and protected.
The data we transmit is purpose-limited and protected.
You can read about how Taboola processes personal data here.
Google
Advertising, online promotion, and analytics
The data we transmit is purpose-limited and protected.
You can read about how Google processes personal data here.
Hotjar
Identifying, consolidating, and addressing user needs
The data we transmit is purpose-limited and protected.
You can read about how Hotjar processes personal data here.
TikTok
Attracting new customers and advertising services
The data we transmit is purpose-limited and protected.
You can read about how TikTok processes personal data here.
Nextdoor
Advertising and service offerings
The data we transmit is purpose-limited and protected.
You can read about how Nextdoor processes personal data here.
Security
We employ physical, electronic, and procedural security measures to protect the personal data we process. We have implemented reasonable operational and technical measures to restrict access to your data:
Data is stored on our server and is accessible only to Home Mate Expert employees with access to the admin panel. Contractors may have limited access to certain information.
Internal instructions have been developed.
We have implemented TLS/SSL encryption, firewalls, and other security measures to ensure the safety of your data.
These measures help protect your personal data from loss, unauthorized access, disclosure, alteration, or destruction. If you believe that your interaction with us is no longer secure, please notify us immediately by contacting us in writing at homeshowerexpert.com@gmail.com.
Use of Cookies
We use cookies that are essential for the functioning of the website. By using cookies, we collect the technical information specified in the “Data We Process” section and our Cookie Policy.
If you wish to disable cookies, you can find instructions for managing your browser settings at the following links:
This Privacy Notice is governed by the GDPR and privacy laws in the United States, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act, the Virginia Consumer Data Protection Act, Colorado's Protect Personal Data Privacy, and Delaware's Online and Personal Privacy Protection. Laws and requirements regarding the processing of personal data are subject to change. We fulfill our obligation to keep you informed about updates to this Notice by posting the document on our website. Please check regularly to ensure you are aware of any changes.
California Legislation
This section provides information for California residents regarding the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act, including your privacy rights under these laws.
Opt-Out of Disclosure for Direct Marketing
California laws allow residents to learn the identities of entities that have received their personal data for marketing purposes and the categories of information disclosed. You may request this information by contacting us via email at homeshowerexpert.com@gmail.com.
Please note that opting out does not prevent us from disclosing personal data for purposes other than direct marketing. The data we process and share may include your name, address, email address, and phone number.
Automatic Collection of Information
We collect data you provide to us online and through websites operated by unaffiliated third parties.
Automatic Collection of Information by Third Parties
When you visit our websites, third parties may collect personal data about your online activities over time and across different websites.
Minors
A business must not sell personal information of customers under 16 unless the customer (if between 13 and 16) or their parent or guardian (if under 13) has authorized the sale. A business that ignores the customer's age will be deemed to have had actual knowledge of it. This right is known as the “right to opt-in.” If we do not have consent, we are prohibited from selling the minor’s personal information unless express authorization is later provided.
Do-Not-Track Requests
California residents visiting our websites may request that we do not automatically collect and track their online activities. Such requests are typically made through web browser settings that control signals or other mechanisms. Currently, we are unable to honor these requests, but we may update this Notice as our capabilities evolve.
Data Protection Rights for California Residents
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act provide California residents with the following additional rights:
Right to Know
You have the right to request that we disclose specific information about the personal data we have collected, used, disclosed, and sold about you in the past 12 months. This includes a request for:
The categories of personal information collected about you;
The categories of sources from which we collected your personal information;
The categories of personal information that we have sold or disclosed for business purposes;
The categories of third parties to whom your personal information was sold or disclosed for business purposes;
Our business or commercial purposes for collecting or selling your personal information;
The specific pieces of personal information we have collected about you.
Data Portability:
You have the right to request a copy of the personal information we have collected and maintained about you over the past 12 months.
Right to Deletion:
You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions. Please note that if you request the deletion of your personal information, we may refuse your request or retain certain information if it is necessary for us or our service providers to:
Complete the transaction for which the personal information was collected, provide a requested good or service, or reasonably anticipate within the context of our ongoing business relationship, or otherwise perform a contract between our business and you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activities, or prosecute those responsible for such activities.
Debug to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their right of free speech, or exercise another right provided by law.
Comply with the California Electronic Communications Privacy Act (Chapter 3.6, commencing with Section 1546, Title 12 of Part 2 of the Penal Code).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest, adhering to all applicable ethics and privacy laws, when deletion of the information would likely render such research impossible or significantly impair its achievement, provided you have given informed consent.
Conduct internal uses that are reasonably aligned with your expectations based on your relationship with us.
Comply with legal obligations.
Otherwise use the personal information internally in a manner that is lawful and consistent with the context in which you provided the information.
Right to Opt-Out/In:
You have the right to opt-out of the sale of your personal information. You also have the right to opt-in to the sale of personal information. However, we do not sell your personal information.
Right to Non-Discrimination:
You have the right not to receive discriminatory treatment for exercising your privacy rights under the CCPA. Unless permitted by the CCPA, we will not:
Deny you goods or services.
Charge different prices or rates for goods or services, including through discounts or other benefits, or impose penalties.
Provide a different level or quality of goods or services.
Suggest you might receive different prices or rates for goods or services or a different level or quality of goods or services.
Note that the CCPA includes specific requirements for exercising these data protection rights. In accordance with these requirements, we may:
Respond to your request within forty-five (45) days of receiving it.
Provide you with the personal information we collected about you no more than twice in a 12-month period (including categories and specific pieces of collected personal information, business purposes, sources of collection, and categories of third parties with whom personal information is shared).
Not provide you with personal information if we cannot verify your identity. You must provide sufficient information for us to verify your identity as the person about whom we collected personal information. However, requests made through your Account are considered sufficiently verified.
Not transmit your personal information to another entity.
Also, be aware that we are permitted to retain personal information after deletion requests are received as allowed by the CCPA (e.g., for security incident detection, error repair, legal compliance, or transaction completion).
We will not discriminate against you if you choose to exercise your rights under the CCPA. We are accessible to customers with disabilities. Users with disabilities may also contact us by email to request an alternative format of this Privacy Notice.
Virginia Legislation
We provide information for residents of Virginia about the Virginia Consumer Data Protection Act (VCDPA) and your privacy rights.
The VCDPA requires some businesses to provide consumers with access to and control over their personal data.
Minors:
Controllers and processors that comply with the verifiable parental consent requirements of COPPA are considered compliant with parental consent obligations under the CDPA.
A parent or legal guardian may exercise customer rights on behalf of a child regarding the processing of personal data belonging to that child.
No Discrimination:
A controller cannot process personal data in violation of state and federal anti-discrimination laws or discriminate against a customer for exercising rights under the CDPA.
Access Requests:
Controllers must establish secure and reliable methods for customers to submit requests to exercise their rights. These methods should consider how customers typically interact with the controller, ensure secure and reliable communication of requests, and enable the controller to authenticate the requests.
Controllers cannot require customers to create a new account to exercise their rights but may ask them to use an existing account.
Response Time
Controllers must respond to customer requests within 45 days. This period can be extended once by an additional 45 days if certain conditions are met.
No Charge for Information
Controllers are required to provide information in response to a customer request free of charge up to twice per year. If requests are manifestly unfounded, excessive, or repetitive, the controller may charge a reasonable fee or decline the request, but must prove the request's nature.
Right to Opt-Out
Residents of Virginia can request to opt-out of targeted advertising, the sale of personal data, or profiling. Virginia laws allow residents to learn which entities received their personal data for marketing purposes and the categories of information disclosed. To request this information, contact us via email at homeshowerexpert.com@gmail.com.
Colorado Legislation
This section provides information for Colorado residents about their privacy rights under the Colorado Privacy Act.
Minors
Controllers must obtain consent from a child’s parent or lawful guardian before processing the personal data of a known child.
Access Requests
Customers may exercise their rights by submitting a request using the method specified by the controller in the privacy notice. This method should consider:
How customers typically interact with the controller;
The need for secure and reliable communication;
The ability to authenticate the customer's identity.
Controllers cannot require customers to create a new account to exercise their rights but may require the use of an existing account.
Response Time
Controllers must respond to requests within 45 days. If necessary, this period may be extended by an additional 45 days.
No Charge for Information
Controllers must provide requested information free of charge once per year. For additional requests within a 12-month period, they may charge a fee.
Justification for Failure to Act
If a controller does not act on a request, they must inform the customer within 45 days of the reasons for not taking action and provide instructions on how to appeal the decision.
Denial of Requests
Controllers are not required to comply with requests if they cannot authenticate the request using commercially reasonable efforts. They may request additional information to verify the request.
Right to Appeal
Controllers must have an internal process for customers to appeal a refusal to act on their request. Appeals should be made within a reasonable time after being notified of the denial. The process must be clearly available and easy to use.
Responding to an Appeal
Controllers must inform customers of the appeal result and provide a written explanation within 45 days. This period may be extended by an additional 60 days in certain circumstances.
Delaware Legislation
This section provides information for Delaware residents about their privacy rights under the Delaware Online Privacy and Protection Act.
Advertising to Children
The Delaware Online Privacy Protection Act (DOPPA) regulates services targeting children but does not apply to services that merely link to or refer to children's services. Operators must not knowingly collect or disclose personal information from children and cannot advertise inappropriate content for children.
Do-Not-Track Requests
Delaware residents can request not to have their browsing information tracked across the Internet. These requests are usually made through browser settings. We currently cannot honor these requests but may update our notice as our capabilities evolve.
Nevada Legislation
This section provides information for Nevada residents about their privacy rights under Nevada Senate Bill 220.
Opt-Out of the Sale
Nevada residents can opt-out of the sale of "covered information" collected through online services. Covered information includes:
First and last name
Home or physical address
Email address
Telephone number
Social security number
Identifiers for contact purposes
Any other identifiable information collected through the operator's online service
Do-Not-Sell Request
Nevada does not require a "Do Not Sell My Personal Data" button but requires entities to provide a method, such as an email address or toll-free number, for verified opt-out requests.
Response Time
Businesses must respond to a "verified consumer request" within 45 days. This period can be extended by an additional 90 days if necessary, with notice to the consumer, for a total of 135 days.
Privacy Legislation
This Privacy Notice is governed by applicable privacy laws. It also references pending or enacted legislation to provide information about your rights. Here is a list of relevant laws:
California — California Consumer Privacy Act and California Privacy Rights Act;
Virginia — Consumer Data Protection Act;
Ohio — Ohio Personal Privacy Act*;
Colorado — Protect Personal Data Privacy;
Nevada — Nevada Privacy Law;
Massachusetts — Massachusetts Information Privacy Act*;
Minnesota — Minnesota Consumer Data Privacy Act*;
New York — New York Privacy Act*, Digital Fairness Act*;
North Carolina — Consumer Privacy Act*;
Pennsylvania — Pennsylvania House Bill 1126*;
Delaware — Online and Personal Privacy Protection;
Canada — Personal Data Protection and Electronic Documents Act 2000 and Canada's Anti-Spam Legislation.