This blog is a personal blog written and edited by me. This blog accepts forms of cash advertising, sponsorship, paid insertions or other forms of compensation.
This blog abides by word of mouth marketing standards. We believe in honesty of relationship, opinion and identity. The compensation received may influence the advertising content, topics or posts made in this blog. That content, advertising space or post will be clearly identified as paid or sponsored content.
The owner(s) of this blog is compensated to provide opinion on products, services, websites and various other topics. Even though the owner(s) of this blog receives compensation for our posts or advertisements, we always give our honest opinions, findings, beliefs, or experiences on those topics or products. The views and opinions expressed on this blog are purely the bloggers' own. Any product claim, statistic, quote or other representation about a product or service should be verified with the manufacturer, provider or party in question.
This blog does contain content which might present a conflict of interest. This content will always be
identified.
PRIVACY POLICY
Data protection is of a particularly high priority for us here at At Home With Nikki, and we pride ourself to operate in full compliance with the South Carolina Data Privacy Act (SCDPA) and the
EU`s General Data Protection Regulation (GDPR). We have chosen to implement both provisions to ensure that your Personal Data is not only processed in accordance with applicable law but handled in a manner that goes beyond the basic legislative requirements and as such process your data in line with the global gold standard.
Definitions
In order to make our Privacy Policy both easy to understand and to avoid complex legal jargon, we first need to explore the following definitions.
• Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
• Controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
• Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
• Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
• Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person
• Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
• Consent
Consent means any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
The Controller
The controller within the meaning of the SCDPA and the GDPR is: At Home With Nikki LLC of Summerville, SC 29485, USA (hereinafter "At Home With Nikki " or "we"), we operate the www.athomewithnikki.com website and can be reached at any time using athomewithnikki@gmail.com if you have any questions about how we process your personal data.
At Home With Nikki also has presence in social media and you can find our profiles at the following:
• Instagram https://www.instagram.com/athomewithnikki/
• Facebook https://www.facebook.com/AtHomeWithNikki/
• Twitter https://twitter.com/athomewithnikki
• Pinterest https://www.pinterest.com/athomewithnikki/_created/
• YouTube https://www.youtube.com/user/AtHomeWithNikki
General use of the At Home With Nikki website
The use of our website is possible without any indication of personal data. However, if a data subject wants to use our services via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
Security
As the controller, At Home With Nikki has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Collection of general data and information
The website of At Home With Nikki collects a series of general data and information whenever a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, At Home With Nikki does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
Therefore, At Home With Nikki analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so that we can ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
Cookies
Our website uses cookies. Cookies are text files, which are filed and stored on a computer system via an internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
Through the use of cookies, At Home With Nikki can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
Through the use of cookies, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user's computer system.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable. You can learn more about cookies in general when visiting www.allaboutcookies.org, and for more specific details on the cookies we use please refer to our Cookie Policy.
Contact possibility via the website
Based on statutory provisions, the website of At Home With Nikki contains information that enables a quick electronic contact (Contact Form), as well as direct communication with us (Social Media Plugins). If a data subject contacts us by e-mail or by using a contact form or social media, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
Downloadable Resources
When a data subject places an order in our online shop, we collect the information and data necessary to process and fulfil the contract concluded between a data subject and us. When placing an order all data necessary for execution and processing are requested by means of mandatory fields and may include a data subject`s full name, e-mail address, billing address. A data subject`s data will only be used to process your order. A data subject`s personal data will only be passed on to third parties within the scope of the online shop if it is necessary for the purpose of processing the contract, for accounting purposes or for the collection of the payment.
Use of payment service providers (payment services)
PayPal
If a data subject selects PayPal for payment processing, we will transmit the e-mail address a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via PayPal, without us having any further possibility to influence it.
For more information on PayPal's privacy policy, please click here:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Google Pay
The provider of Google Pay is Google INC. If a data subject selects Google Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Google Pay, without us having any further possibility to influence it.
For more information on Google Pay's privacy policy as a subsidiary of Google, please click here:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en-US
Shop Pay
The provider of Shop Pay is Shopify International Limited, If a data subject selects Shop Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Shop Pay, without us having any further possibility to influence it.
For more information on Shop Pay's privacy policy as a subsidiary of Shopify, please click here:
https://shop.app/privacy.
Testimonials
In addition to the above processing activities, we process personal data submitted by a data subject when you submit a Testimonial. The legal basis for this processing of personal data is that a data subject has given his/her consent for this processing (by sending us or allowing us to post a Testimonial). A data subject can withdraw his/her consent by contacting us at any time.
French Tulip Stationery
When following specific links on the www.athomewithnikki.com website, a data subject is at times redirected to our www.frenchtulipstationery.com website. Although, French Tulip Stationery is also operated by At Home With Nikki, the data processed through www.frenchtulipstationery.com is in accordance with the SCDPA and the GDPR a separated domain and thus subject to www.frenchtulipstationery.com `s own Privacy Policy.
Newsletter
If a data subject subscribes to our Newsletter, the data will be transmitted to us. The registration for our newsletter takes place in a so-called closed-loop authentication. That means, after the registration, the data subject will receive an e-mail asking him/her to confirm the registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
When registering for the newsletter, the IP address of the a data subject and the date and time of registration are saved. This is to prevent misuse of the service or the e-mail address of the person concerned. A transfer of the data to third parties does not take place. An exception exists if there is a legal obligation to disclose.
The data will be used exclusively for sending the newsletter. Subscription to the newsletter may be terminated by the data subject at any time. Similarly, the consent to the storage of personal data can be canceled at any time. For this purpose, there is a corresponding link in each newsletter.
Giveaways
When a data subject wishes to enter into our giveaway, he/she is redirected to Rafflecopter INC of PO Box 935, Boulder CO 80306. USA. The data entered into Rafflecopter`s from is subject to processing by Rafflecopter and thus Rafflecopter`s Privacy Policy can be found here https://www.rafflecopter.com/privacy-policy applies.
Affiliate programs
On the basis of our legitimate interests, we are participants various affiliate programs, which are designed to provide a means for websites to earn advertising fees by placing advertisements and links to affiliate programs (so-called affiliate system).
Typically affiliate systems use cookies to track the origin of orders. Among other things, affiliate partners can recognize that a data subject has clicked the affiliate link and subsequently purchased a product.
For more information about the relevant affiliate partners use of data and opt-out options, please refer to the relevant affiliate partner's privacy policy displayed on the relevant affiliate partner's website.
Social Media Plugins
On our website, so-called social plugins ("plugins") of the social network Instagram, Facebook, Twitter, Pinterest and YouTube are used. The plugins are marked with the relevant social network’s logo.
When a data subject calls up a page of our website that contains such a plugin, the browser establishes a direct connection to the relevant social network’s servers. The content of the plugin is transmitted by the relevant social network directly to your browser and integrated into the page. Through this integration, the relevant social network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in to the relevant social network. This information (including your IP address) is transmitted by your browser directly to a server of the relevant social network and stored there.
The described data processing operations are carried out on the basis of the relevant social network’s legitimate interests in displaying personalized advertising to inform other users of the social network about the data subjects` activities on our website and for the needs-based design of the relevant social networks.
If a data subject does not want the relevant social network to directly assign the data collected via our website to his/her profile, the data subject must log out of the relevant social network before visiting our website.
For the purpose and scope of the data collection and the further processing and use of the data by the relevant social network, as well as the rights in this regard and setting options for protecting the data subject’s privacy, please refer to the privacy policy of the relevant social network.
Social Media
The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.
If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.
As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
Routine erasure and blocking of personal data
The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of storage or insofar as this has been provided for in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the SCDPA and the GDPR expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Your Rights
GDPR Specific Rights
Under the GDPR you have a number of “Data Subject Rights” in particular you have the right to:
· information about the processing of your personal data;
· obtain access to the personal data held about you;
· ask for incorrect, inaccurate or incomplete personal data to be corrected;
· request that personal data be erased when it’s no longer needed or if processing it is unlawful;
· object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
· request the restriction of the processing of your personal data in specific cases;
· receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
· request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision; and
· Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
South Carolina Specific Rights
According to the South Carolina Consumer Data Protection Act, you have the right to:
· Confirmation whether your personal data is being processed by us;
· Correct inaccuracies in your data;
· Delete personal data obtained from or about you;
· Obtain a copy of the data you previously provided us in a portable and “readily usable” format; and
· Opt-out of data collection if the data is collected “for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning on you.
Legal basis of processing (GDPR)
Art. 6 I lit. a GDPR serves Us as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR.
The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
South Carolina Personal Identity Information (PII) Statement
Commercial Partners: Individual(s) or companies that have been approved by us as a recipient of organizational PII and from which At Home With Nikki has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to At Home With Nikki and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
PII Training: All new hires entering At Home With Nikki who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data
PII Audit(s): At Home With Nikki conducts audits of PII information maintained by At Home With Nikki in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Data Breaches/Notification: Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, At Home With Nikki will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.
Confirmation of Confidentiality: All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgment reminders annually attesting to their understanding of this company requirement.
Violations of PII Policies and Procedures: At Home With Nikki views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under At Home With Nikki’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in At Home With Nikki’s PII on-boarding and refresher training to reinforce At Home With Nikki’s continuing commitment to ensuring that this data is protected by the highest standards.
Duration for which the personal data are stored.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the performance of the contract or the initiation of the contract.
SSL encryption (https)
In order to protect your data transmitted via our website, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Transmission and disclosure of personal data
In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a web site. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the United States) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses, in the presence of certifications or binding internal data protection regulations.
Economic analyzes and market research
For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our website.
The analyzes are carried out for the purpose of business evaluations, marketing and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized, i.e., anonymized values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).
Provision of the website and web hosting
In order to provide our website securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the website can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in the course of providing the hosting service may include all information relating to the users of our online service that is generated in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of websites to browsers, and all entries made within our website or websites.
Online marketing
We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, "content") based on potential user interests and measuring its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.
The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the scope of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedure we use, and the network links the users' profiles with the aforementioned data. We ask you to note that users may enter into additional agreements with the providers, e.g., by giving their consent as part of the registration process.
In principle, we only receive access to summarized information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic and recipient-friendly services).
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfill the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defense and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defense and enforcement of our rights is our legitimate interest.
The purpose of processing your personal data in the context of legal defense and enforcement of our rights is the defense against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement of our rights. Consequently, there is no possibility for you to object.
Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
External Links
Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
Changes and updates to the privacy policy
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.
PRIVACY POLICY
Data protection is of a particularly high priority for us here at At Home With Nikki, and we pride ourself to operate in full compliance with the South Carolina Data Privacy Act (SCDPA) and the
EU`s General Data Protection Regulation (GDPR). We have chosen to implement both provisions to ensure that your Personal Data is not only processed in accordance with applicable law but handled in a manner that goes beyond the basic legislative requirements and as such process your data in line with the global gold standard.
Definitions
In order to make our Privacy Policy both easy to understand and to avoid complex legal jargon, we first need to explore the following definitions.
• Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
• Data subject
Data subject means any identified or identifiable natural person whose personal data are processed by the controller.
• Controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
• Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
• Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
• Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person
• Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
• Consent
Consent means any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
The Controller
The controller within the meaning of the SCDPA and the GDPR is: At Home With Nikki LLC of Summerville, SC 29485, USA (hereinafter "At Home With Nikki " or "we"), we operate the www.athomewithnikki.com website and can be reached at any time using athomewithnikki@gmail.com if you have any questions about how we process your personal data.
At Home With Nikki also has presence in social media and you can find our profiles at the following:
• Instagram https://www.instagram.com/athomewithnikki/
• Facebook https://www.facebook.com/AtHomeWithNikki/
• Twitter https://twitter.com/athomewithnikki
• Pinterest https://www.pinterest.com/athomewithnikki/_created/
• YouTube https://www.youtube.com/user/AtHomeWithNikki
General use of the At Home With Nikki website
The use of our website is possible without any indication of personal data. However, if a data subject wants to use our services via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
Security
As the controller, At Home With Nikki has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Collection of general data and information
The website of At Home With Nikki collects a series of general data and information whenever a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, At Home With Nikki does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
Therefore, At Home With Nikki analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so that we can ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
Cookies
Our website uses cookies. Cookies are text files, which are filed and stored on a computer system via an internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
Through the use of cookies, At Home With Nikki can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
Through the use of cookies, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user's computer system.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable. You can learn more about cookies in general when visiting www.allaboutcookies.org, and for more specific details on the cookies we use please refer to our Cookie Policy.
Contact possibility via the website
Based on statutory provisions, the website of At Home With Nikki contains information that enables a quick electronic contact (Contact Form), as well as direct communication with us (Social Media Plugins). If a data subject contacts us by e-mail or by using a contact form or social media, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
Downloadable Resources
When a data subject places an order in our online shop, we collect the information and data necessary to process and fulfil the contract concluded between a data subject and us. When placing an order all data necessary for execution and processing are requested by means of mandatory fields and may include a data subject`s full name, e-mail address, billing address. A data subject`s data will only be used to process your order. A data subject`s personal data will only be passed on to third parties within the scope of the online shop if it is necessary for the purpose of processing the contract, for accounting purposes or for the collection of the payment.
Use of payment service providers (payment services)
PayPal
If a data subject selects PayPal for payment processing, we will transmit the e-mail address a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via PayPal, without us having any further possibility to influence it.
For more information on PayPal's privacy policy, please click here:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Google Pay
The provider of Google Pay is Google INC. If a data subject selects Google Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Google Pay, without us having any further possibility to influence it.
For more information on Google Pay's privacy policy as a subsidiary of Google, please click here:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en-US
Shop Pay
The provider of Shop Pay is Shopify International Limited, If a data subject selects Shop Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Shop Pay, without us having any further possibility to influence it.
For more information on Shop Pay's privacy policy as a subsidiary of Shopify, please click here:
https://shop.app/privacy.
Testimonials
In addition to the above processing activities, we process personal data submitted by a data subject when you submit a Testimonial. The legal basis for this processing of personal data is that a data subject has given his/her consent for this processing (by sending us or allowing us to post a Testimonial). A data subject can withdraw his/her consent by contacting us at any time.
French Tulip Stationery
When following specific links on the www.athomewithnikki.com website, a data subject is at times redirected to our www.frenchtulipstationery.com website. Although, French Tulip Stationery is also operated by At Home With Nikki, the data processed through www.frenchtulipstationery.com is in accordance with the SCDPA and the GDPR a separated domain and thus subject to www.frenchtulipstationery.com `s own Privacy Policy.
Newsletter
If a data subject subscribes to our Newsletter, the data will be transmitted to us. The registration for our newsletter takes place in a so-called closed-loop authentication. That means, after the registration, the data subject will receive an e-mail asking him/her to confirm the registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
When registering for the newsletter, the IP address of the a data subject and the date and time of registration are saved. This is to prevent misuse of the service or the e-mail address of the person concerned. A transfer of the data to third parties does not take place. An exception exists if there is a legal obligation to disclose.
The data will be used exclusively for sending the newsletter. Subscription to the newsletter may be terminated by the data subject at any time. Similarly, the consent to the storage of personal data can be canceled at any time. For this purpose, there is a corresponding link in each newsletter.
Giveaways
When a data subject wishes to enter into our giveaway, he/she is redirected to Rafflecopter INC of PO Box 935, Boulder CO 80306. USA. The data entered into Rafflecopter`s from is subject to processing by Rafflecopter and thus Rafflecopter`s Privacy Policy can be found here https://www.rafflecopter.com/privacy-policy applies.
Affiliate programs
On the basis of our legitimate interests, we are participants various affiliate programs, which are designed to provide a means for websites to earn advertising fees by placing advertisements and links to affiliate programs (so-called affiliate system).
Typically affiliate systems use cookies to track the origin of orders. Among other things, affiliate partners can recognize that a data subject has clicked the affiliate link and subsequently purchased a product.
For more information about the relevant affiliate partners use of data and opt-out options, please refer to the relevant affiliate partner's privacy policy displayed on the relevant affiliate partner's website.
Social Media Plugins
On our website, so-called social plugins ("plugins") of the social network Instagram, Facebook, Twitter, Pinterest and YouTube are used. The plugins are marked with the relevant social network’s logo.
When a data subject calls up a page of our website that contains such a plugin, the browser establishes a direct connection to the relevant social network’s servers. The content of the plugin is transmitted by the relevant social network directly to your browser and integrated into the page. Through this integration, the relevant social network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in to the relevant social network. This information (including your IP address) is transmitted by your browser directly to a server of the relevant social network and stored there.
The described data processing operations are carried out on the basis of the relevant social network’s legitimate interests in displaying personalized advertising to inform other users of the social network about the data subjects` activities on our website and for the needs-based design of the relevant social networks.
If a data subject does not want the relevant social network to directly assign the data collected via our website to his/her profile, the data subject must log out of the relevant social network before visiting our website.
For the purpose and scope of the data collection and the further processing and use of the data by the relevant social network, as well as the rights in this regard and setting options for protecting the data subject’s privacy, please refer to the privacy policy of the relevant social network.
Social Media
The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.
If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.
As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
Routine erasure and blocking of personal data
The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of storage or insofar as this has been provided for in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the SCDPA and the GDPR expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Your Rights
GDPR Specific Rights
Under the GDPR you have a number of “Data Subject Rights” in particular you have the right to:
· information about the processing of your personal data;
· obtain access to the personal data held about you;
· ask for incorrect, inaccurate or incomplete personal data to be corrected;
· request that personal data be erased when it’s no longer needed or if processing it is unlawful;
· object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
· request the restriction of the processing of your personal data in specific cases;
· receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
· request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision; and
· Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
South Carolina Specific Rights
According to the South Carolina Consumer Data Protection Act, you have the right to:
· Confirmation whether your personal data is being processed by us;
· Correct inaccuracies in your data;
· Delete personal data obtained from or about you;
· Obtain a copy of the data you previously provided us in a portable and “readily usable” format; and
· Opt-out of data collection if the data is collected “for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning on you.
Legal basis of processing (GDPR)
Art. 6 I lit. a GDPR serves Us as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR.
The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
South Carolina Personal Identity Information (PII) Statement
Commercial Partners: Individual(s) or companies that have been approved by us as a recipient of organizational PII and from which At Home With Nikki has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to At Home With Nikki and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
PII Training: All new hires entering At Home With Nikki who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data
PII Audit(s): At Home With Nikki conducts audits of PII information maintained by At Home With Nikki in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Data Breaches/Notification: Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, At Home With Nikki will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.
Confirmation of Confidentiality: All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgment reminders annually attesting to their understanding of this company requirement.
Violations of PII Policies and Procedures: At Home With Nikki views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under At Home With Nikki’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in At Home With Nikki’s PII on-boarding and refresher training to reinforce At Home With Nikki’s continuing commitment to ensuring that this data is protected by the highest standards.
Duration for which the personal data are stored.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the performance of the contract or the initiation of the contract.
SSL encryption (https)
In order to protect your data transmitted via our website, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Transmission and disclosure of personal data
In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a web site. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the United States) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses, in the presence of certifications or binding internal data protection regulations.
Economic analyzes and market research
For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our website.
The analyzes are carried out for the purpose of business evaluations, marketing and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized, i.e., anonymized values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).
Provision of the website and web hosting
In order to provide our website securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the website can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in the course of providing the hosting service may include all information relating to the users of our online service that is generated in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of websites to browsers, and all entries made within our website or websites.
Online marketing
We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, "content") based on potential user interests and measuring its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.
The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the scope of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedure we use, and the network links the users' profiles with the aforementioned data. We ask you to note that users may enter into additional agreements with the providers, e.g., by giving their consent as part of the registration process.
In principle, we only receive access to summarized information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic and recipient-friendly services).
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfill the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defense and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defense and enforcement of our rights is our legitimate interest.
The purpose of processing your personal data in the context of legal defense and enforcement of our rights is the defense against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement of our rights. Consequently, there is no possibility for you to object.
Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
External Links
Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
Changes and updates to the privacy policy
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.
ble natural person whose personal data are processed by the controller.
• Controller
The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
• Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
• Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
• Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
• Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person
• Processor
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
• Consent
Consent means any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a declaration or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
The Controller
The controller within the meaning of the SCDPA and the GDPR is: At Home With Nikki LLC of Summerville, SC 29485, USA (hereinafter "At Home With Nikki " or "we"), we operate the www.athomewithnikki.com website and can be reached at any time using athomewithnikki@gmail.com if you have any questions about how we process your personal data.
At Home With Nikki also has presence in social media and you can find our profiles at the following:
• Instagram https://www.instagram.com/athomewithnikki/
• Facebook https://www.facebook.com/AtHomeWithNikki/
• Twitter https://twitter.com/athomewithnikki
• Pinterest https://www.pinterest.com/athomewithnikki/_created/
• YouTube https://www.youtube.com/user/AtHomeWithNikki
General use of the At Home With Nikki website
The use of our website is possible without any indication of personal data. However, if a data subject wants to use our services via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.
Security
As the controller, At Home With Nikki has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be vulnerable to security risks, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.
Collection of general data and information
The website of At Home With Nikki collects a series of general data and information whenever a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
When using these general data and information, At Home With Nikki does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimize the contents of our website and the advertising for these, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.
Therefore, At Home With Nikki analyzes anonymously collected data and information on one hand, and on the other hand, with the aim of increasing the data protection and data security of our enterprise so that we can ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.
Cookies
Our website uses cookies. Cookies are text files, which are filed and stored on a computer system via an internet browser. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID.
Through the use of cookies, At Home With Nikki can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.
Through the use of cookies, the information and offers on our website can be optimized for the user. Cookies enable us, as already mentioned, to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to re-enter his or her access data each time he or she visits the website, because this is handled by the website and the cookie stored on the user's computer system.
The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable. You can learn more about cookies in general when visiting www.allaboutcookies.org, and for more specific details on the cookies we use please refer to our Cookie Policy.
Contact possibility via the website
Based on statutory provisions, the website of At Home With Nikki contains information that enables a quick electronic contact (Contact Form), as well as direct communication with us (Social Media Plugins). If a data subject contacts us by e-mail or by using a contact form or social media, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller will be stored for the purposes of processing or contacting the data subject. There is no disclosure of this personal data to third parties.
Downloadable Resources
When a data subject places an order in our online shop, we collect the information and data necessary to process and fulfil the contract concluded between a data subject and us. When placing an order all data necessary for execution and processing are requested by means of mandatory fields and may include a data subject`s full name, e-mail address, billing address. A data subject`s data will only be used to process your order. A data subject`s personal data will only be passed on to third parties within the scope of the online shop if it is necessary for the purpose of processing the contract, for accounting purposes or for the collection of the payment.
Use of payment service providers (payment services)
PayPal
If a data subject selects PayPal for payment processing, we will transmit the e-mail address a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via PayPal, without us having any further possibility to influence it.
For more information on PayPal's privacy policy, please click here:
https://www.paypal.com/us/webapps/mpp/ua/privacy-full
Google Pay
The provider of Google Pay is Google INC. If a data subject selects Google Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Google Pay, without us having any further possibility to influence it.
For more information on Google Pay's privacy policy as a subsidiary of Google, please click here:
https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en-US
Shop Pay
The provider of Shop Pay is Shopify International Limited, If a data subject selects Shop Pay for payment processing, we will transmit the payment details a data subject provided to us during the ordering process to complete the order. The subsequent payment process takes place exclusively via Shop Pay, without us having any further possibility to influence it.
For more information on Shop Pay's privacy policy as a subsidiary of Shopify, please click here:
https://shop.app/privacy.
Testimonials
In addition to the above processing activities, we process personal data submitted by a data subject when you submit a Testimonial. The legal basis for this processing of personal data is that a data subject has given his/her consent for this processing (by sending us or allowing us to post a Testimonial). A data subject can withdraw his/her consent by contacting us at any time.
French Tulip Stationery
When following specific links on the www.athomewithnikki.com website, a data subject is at times redirected to our www.frenchtulipstationery.com website. Although, French Tulip Stationery is also operated by At Home With Nikki, the data processed through www.frenchtulipstationery.com is in accordance with the SCDPA and the GDPR a separated domain and thus subject to www.frenchtulipstationery.com `s own Privacy Policy.
Newsletter
If a data subject subscribes to our Newsletter, the data will be transmitted to us. The registration for our newsletter takes place in a so-called closed-loop authentication. That means, after the registration, the data subject will receive an e-mail asking him/her to confirm the registration. This confirmation is necessary so that nobody can register with external e-mail addresses.
When registering for the newsletter, the IP address of the a data subject and the date and time of registration are saved. This is to prevent misuse of the service or the e-mail address of the person concerned. A transfer of the data to third parties does not take place. An exception exists if there is a legal obligation to disclose.
The data will be used exclusively for sending the newsletter. Subscription to the newsletter may be terminated by the data subject at any time. Similarly, the consent to the storage of personal data can be canceled at any time. For this purpose, there is a corresponding link in each newsletter.
Giveaways
When a data subject wishes to enter into our giveaway, he/she is redirected to Rafflecopter INC of PO Box 935, Boulder CO 80306. USA. The data entered into Rafflecopter`s from is subject to processing by Rafflecopter and thus Rafflecopter`s Privacy Policy can be found here https://www.rafflecopter.com/privacy-policy applies.
Affiliate programs
On the basis of our legitimate interests, we are participants various affiliate programs, which are designed to provide a means for websites to earn advertising fees by placing advertisements and links to affiliate programs (so-called affiliate system).
Typically affiliate systems use cookies to track the origin of orders. Among other things, affiliate partners can recognize that a data subject has clicked the affiliate link and subsequently purchased a product.
For more information about the relevant affiliate partners use of data and opt-out options, please refer to the relevant affiliate partner's privacy policy displayed on the relevant affiliate partner's website.
Social Media Plugins
On our website, so-called social plugins ("plugins") of the social network Instagram, Facebook, Twitter, Pinterest and YouTube are used. The plugins are marked with the relevant social network’s logo.
When a data subject calls up a page of our website that contains such a plugin, the browser establishes a direct connection to the relevant social network’s servers. The content of the plugin is transmitted by the relevant social network directly to your browser and integrated into the page. Through this integration, the relevant social network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile or are not currently logged in to the relevant social network. This information (including your IP address) is transmitted by your browser directly to a server of the relevant social network and stored there.
The described data processing operations are carried out on the basis of the relevant social network’s legitimate interests in displaying personalized advertising to inform other users of the social network about the data subjects` activities on our website and for the needs-based design of the relevant social networks.
If a data subject does not want the relevant social network to directly assign the data collected via our website to his/her profile, the data subject must log out of the relevant social network before visiting our website.
For the purpose and scope of the data collection and the further processing and use of the data by the relevant social network, as well as the rights in this regard and setting options for protecting the data subject’s privacy, please refer to the privacy policy of the relevant social network.
Social Media
The data you enter on our social media pages, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is our legitimate interest. The data processing is carried out in the interest of our public relations and communication.
If you wish to object to certain data processing over which we have an influence, please contact us. We will then examine your objection. If you send us a request on the social media platform, we may also refer you to other secure communication channels that guarantee confidentiality, depending on the response required. You always have the option of sending us confidential enquiries to our address stated in the imprint.
As already stated, where the social media platform provider gives us the opportunity, we take care to design our social media pages to be as data protection compliant as possible. With regard to statistics that the provider of the social media platform makes available to us, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.
Routine erasure and blocking of personal data
The controller processes and stores personal data of the data subject only for the period of time necessary to achieve the purpose of storage or insofar as this has been provided for in laws or regulations to which the controller is subject.
If the storage purpose ceases to apply or if a storage period prescribed by the SCDPA and the GDPR expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.
Your Rights
GDPR Specific Rights
Under the GDPR you have a number of “Data Subject Rights” in particular you have the right to:
· information about the processing of your personal data;
· obtain access to the personal data held about you;
· ask for incorrect, inaccurate or incomplete personal data to be corrected;
· request that personal data be erased when it’s no longer needed or if processing it is unlawful;
· object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
· request the restriction of the processing of your personal data in specific cases;
· receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
· request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision; and
· Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time through our contact form.
South Carolina Specific Rights
According to the South Carolina Consumer Data Protection Act, you have the right to:
· Confirmation whether your personal data is being processed by us;
· Correct inaccuracies in your data;
· Delete personal data obtained from or about you;
· Obtain a copy of the data you previously provided us in a portable and “readily usable” format; and
· Opt-out of data collection if the data is collected “for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning on you.
Legal basis of processing (GDPR)
Art. 6 I lit. a GDPR serves Us as the legal basis for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for a delivery of goods or the provision of another service or consideration, the processing is based on Art. 6 I lit. b GDPR.
The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which a processing of personal data becomes necessary, such as for the fulfillment of tax obligations, the processing is based on Art. 6 I lit. c GDPR.
In rare cases, the processing of personal data might become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d GDPR.
Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
South Carolina Personal Identity Information (PII) Statement
Commercial Partners: Individual(s) or companies that have been approved by us as a recipient of organizational PII and from which At Home With Nikki has received confirmation of their data protection practices conformance with the requirements of this policy. Commercial Partners include all external providers of services to At Home With Nikki and include proposed Commercial Partners. No PII information can be transmitted to any vendor in any method unless the vendor has been pre-certified for the receipt of such information.
PII Training: All new hires entering At Home With Nikki who may have access to PII are provided with introductory training regarding the provisions of this policy, a copy of this policy and implementing procedures for the department to which they are assigned. Employees in positions with regular ongoing access to PII or those transferred into such positions are provided with training reinforcing this policy and procedures for the maintenance of PII data and shall receive annual training regarding the security and protection of PII data and company proprietary data
PII Audit(s): At Home With Nikki conducts audits of PII information maintained by At Home With Nikki in conjunction with fiscal year closing activities to ensure that this policy remains strictly enforced and to ascertain the necessity for the continued retention of PII information. Where the need no longer exists, PII information will be destroyed in accordance with protocols for destruction of such records and logs maintained for the dates of destruction.
Data Breaches/Notification: Databases or data sets that include PII may be breached inadvertently or through wrongful intrusion. Upon becoming aware of a data breach, At Home With Nikki will notify all affected individuals whose PII data may have been compromised, and the notice will be accompanied by a description of action being taken to reconcile any damage as a result of the data breach. Notices will be provided as expeditiously as possible after the breach was discovered.
Confirmation of Confidentiality: All company employees must maintain the confidentiality of PII as well as company proprietary data to which they may have access and understand that that such PII is to be restricted to only those with a business need to know. Employees with ongoing access to such data will sign acknowledgment reminders annually attesting to their understanding of this company requirement.
Violations of PII Policies and Procedures: At Home With Nikki views the protection of PII data to be of the utmost importance. Infractions of this policy or its procedures will result in disciplinary actions under At Home With Nikki’s discipline policy and may include suspension or termination in the case of severe or repeat violations. PII violations and disciplinary actions are incorporated in At Home With Nikki’s PII on-boarding and refresher training to reinforce At Home With Nikki’s continuing commitment to ensuring that this data is protected by the highest standards.
Duration for which the personal data are stored.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted, provided that it is no longer required for the performance of the contract or the initiation of the contract.
SSL encryption (https)
In order to protect your data transmitted via our website, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in the address line of your browser.
Transmission and disclosure of personal data
In the course of our processing of personal data, it may happen that the data is transmitted to other bodies, companies, legally independent organizational units or persons or that it is disclosed to them. Recipients of this data may include, for example, payment institutions in the context of payment transactions, service providers commissioned with IT tasks or providers of services and content that are integrated into a web site. In such cases, we observe the legal requirements and, in particular, conclude appropriate contracts or agreements that serve to protect your data with the recipients of your data.
Data processing in third countries
If we process data in a third country (i.e., outside the United States) or the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be done in accordance with the legal requirements.
Subject to express consent or contractually or legally required transfer, we only process or have data processed in third countries with a recognized level of data protection, contractual obligation through so-called standard contractual clauses, in the presence of certifications or binding internal data protection regulations.
Economic analyzes and market research
For business reasons and in order to be able to recognize market trends, wishes of contractual partners and users, we analyze the data we have on business transactions, contracts, inquiries, etc., whereby the group of persons concerned may include contractual partners, interested parties, customers, visitors and users of our website.
The analyzes are carried out for the purpose of business evaluations, marketing and market research (e.g., to determine customer groups with different characteristics). In doing so, we may, if available, take into account the profiles of registered users together with their details, e.g., regarding services used. The analyzes serve us alone and are not disclosed externally, unless they are anonymous analyzes with summarized, i.e., anonymized values. Furthermore, we take the privacy of the users into consideration and process the data for the analysis purposes as pseudonymously as possible and, if feasible, anonymously (e.g., as summarized data).
Provision of the website and web hosting
In order to provide our website securely and efficiently, we use the services of one or more web hosting providers from whose servers (or servers managed by them) the website can be accessed. For these purposes, we may use infrastructure and platform services, computing capacity, storage space and database services as well as security services and technical maintenance services.
The data processed in the course of providing the hosting service may include all information relating to the users of our online service that is generated in the course of use and communication. This regularly includes the IP address, which is necessary to be able to deliver the contents of websites to browsers, and all entries made within our website or websites.
Online marketing
We process personal data for online marketing purposes, which may include, in particular, marketing advertising space or displaying promotional and other content (collectively, "content") based on potential user interests and measuring its effectiveness.
For these purposes, so-called user profiles are created and stored in a file (so-called "cookie") or similar procedures are used, by means of which the information about the user relevant to the presentation of the aforementioned content is stored. This information may include, for example, content viewed, websites visited, online networks used, but also communication partners and technical information such as the browser used, the computer system used and information on usage times. If users have consented to the collection of their location data, this may also be processed.
The IP addresses of users are also stored. However, we use available IP masking procedures (i.e., pseudonymization by shortening the IP address) to protect users. In general, no clear user data (such as e-mail addresses or names) is stored within the scope of the online marketing process, but pseudonyms. This means that we as well as the providers of the online marketing procedures do not know the actual identity of the users, but only the information stored in their profiles.
The information in the profiles is usually stored in the cookies or by means of similar procedures. These cookies can generally also be read later on other websites that use the same online marketing procedure and analyzed for the purpose of displaying content as well as supplemented with further data and stored on the server of the online marketing procedure provider.
Exceptionally, clear data can be assigned to the profiles. This is the case if, for example, the users are members of a social network whose online marketing procedure we use, and the network links the users' profiles with the aforementioned data. We ask you to note that users may enter into additional agreements with the providers, e.g., by giving their consent as part of the registration process.
In principle, we only receive access to summarized information about the success of our advertisements. However, within the framework of so-called conversion measurements, we can check which of our online marketing procedures have led to a so-called conversion, i.e., for example, to a conclusion of a contract with us. The conversion measurement is used solely to analyze the success of our marketing measures.
Unless otherwise stated, we ask you to assume that cookies used will be stored for a period of two years.
Notes on legal basis: If we ask users for their consent to use third-party providers, the legal basis for processing data is consent. Otherwise, users' data is processed on the basis of our legitimate interests (i.e., interest in efficient, economic and recipient-friendly services).
When you send a data subject access request
The legal basis for the processing of your personal data in the context of handling your data subject access request is our legal obligation and the legal basis for the subsequent documentation of t data subject access request is both our legitimate interest and our legal obligation.
The purpose of processing your personal data in the context of processing data when you send a data subject access request is to respond to your request. The subsequent documentation of the data subject access request serves to fulfill the legally required accountability.
Your personal data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the processing of a data subject access request, this is three years after the end of the respective process.
You have the possibility at any time to object to the processing of your personal data in the context of the processing of a data subject access request for the future. In this case, however, we will not be able to further process your request. The documentation of the legally compliant processing of the respective data subject access request is mandatory. Consequently, there is no possibility for you to object.
Legal defense and enforcement of our rights
The legal basis for the processing of your personal data in the context of legal defense and enforcement of our rights is our legitimate interest.
The purpose of processing your personal data in the context of legal defense and enforcement of our rights is the defense against unjustified claims and the legal enforcement and assertion of claims and rights. Your personal data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected.
The processing of your personal data in the context of legal defense and enforcement is mandatory for legal defense and enforcement of our rights. Consequently, there is no possibility for you to object.
Existence of automated decision-making
As a responsible company, we do not use automated decision-making or profiling.
Accuracy
It is important that the data we hold about you is accurate and current, therefore please keep us informed of any changes to your personal data.
External Links
Our website contains links to the online offers of other providers. We hereby point out that we have no influence on the content of the linked online offers and the compliance with data protection regulations by their providers.
Changes and updates to the privacy policy
We kindly ask you to regularly inform yourself about the content of our privacy policy. We will amend the privacy policy as soon as changes to the data processing activities we carry out make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g., consent) or other individual notification.
Concerns and Contact
If you have any concerns about a possible compromise of your privacy or misuse of your personal data on our part, or any other questions or comments, you can contact us.