We are committed to protecting your personal data ("personal data") and ensuring its security. This Privacy Notice ("Notice") provides up-to-date information about your privacy rights and how we handle your personal data.
In our context, you may be a user, client, potential client, or contractor.
User
A visitor to our website
Client
Individuals who use our services
Potential Client
An individual who shows interest in our products or services
Contractor
A service provider fulfilling client orders
What is a Privacy Notice?
A Privacy Notice is a document that acts as a statement from us, as the Business (Controller), to you, the data subject. It describes how we collect, use, retain, and disclose personal data that we gather through http://www.homeshowerexpert.com and our mobile applications.
As a data subject, you have specific privacy rights. To exercise these rights, please email us at homeshowerexpert.com@gmail.com.
Your rights may vary depending on the applicable laws but generally include:
Right to Access
You can request information about how your personal data is processed.
California
Virginia
Ohio
Colorado
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Canada
Right to Rectification
You can correct inaccurate or incomplete information.
California
Virginia
Colorado
Nevada
Massachusetts
Minnesota
New York
North Carolina
Delaware
Canada
Right to Deletion
You can request that we delete your personal data from our systems.
California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Canada
Right to Restriction
You may request a partial or complete restriction on the processing of your personal data.
California
Massachusetts
New York
Canada
Right to Portability
You can request all data you provided and ask for its transfer to another controller.
California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Canada
Right to Opt-Out
You have the right to opt-out of data sharing or selling.
California
Virginia
Ohio
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Colorado
Canada
Right Against Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing that produce significant effects.
California
Virginia
Colorado
Massachusetts
Minnesota
North Carolina
New York
Canada
Right to Withdraw Consent
You can withdraw your consent at any time.
Default
Right to Lodge a Complaint
If your request is not addressed, you can file a complaint with the relevant regulatory authority.
Default
Note: Some states lack specific privacy laws. In such cases, federal U.S. laws apply. If your state is not listed, please contact homeshowerexpert.com@gmail.com
The state of Oregon (Oregon Consumer Information Protection Act) and the state of Michigan (Identity Theft Protection Act (Act 452 of 2004)) currently do not have comprehensive privacy laws. However, they do have privacy requirements and provide data subjects with the right to opt out of advertising and other intrusive calls/messages.
Note: Depending on state and legislative requirements, we have between 30 to 60 days to respond to your request, with a possible 30-day extension.
Data We Process
The data we process is categorized into two types: technical information and data provided by users.
Technical Information
When you visit our website, certain data is automatically collected. This technical data is necessary for the operation, maintenance, and improvement of our website. This includes information such as IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, and session ID.
Data Provided by Users
By default, we only process technical information. Refer to the table below for more details:
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, session ID
Ensure smooth operation of the website
Data Provided by Potential Clients
We may collect: full name, email, phone number, ZIP code, home address, start time, key features, project type, and other project-specific data. See the table below for details:
Full name, email, phone number
To contact you
ZIP code, home address
Determine service availability in your area and assess average costs for similar services
Key features, project type, start time
For proposal preparation and contractor search
Other project-specific data
For proposal preparation and contractor search
Email, phone
For marketing and follow-up calls
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, session ID
Ensure smooth operation of the website
Note: To find the best specialists for your project, we may share some of your personal data with them, including the date and time of your request, full name, phone number, type of service, user ID, and previous order history.
Data Provided by Clients
We may collect: full name, email, phone number, ZIP code, home address, insurance information, estimate recipient details (name, email), property type, start time, order status, key features, project type, and other project-specific data. See the table below for details:
Full name, email, phone number
To contact you and provide services
ZIP code, home address
Determine service availability and average costs in your region
Insurance information
To provide accurate quotes
Estimate details: name, email
Property type
For proper billing
Start time, order status
To perform the contract
Other project-specific data
For proposal writing and contractor search
To execute the work and prepare proposals
Email, phone
For marketing and order status notifications
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, session ID
Ensure smooth operation of the website
Data Provided by Contractors
We may collect the following types of information: name, registration number, contact details, position, business information, advertising preferences, payment details, and technical data. For more details, see the table below:
Name, registration number, contact details
To conclude and fulfill contracts
Name of representative, contact details, position, business information
To conclude and fulfill contracts
Payment details
To fulfill contracts
Advertising preferences
To set up advertising campaigns
IP address, UTM parameters, geolocation, device type, browser type, cookies, user agent, user ID, and session ID
To ensure the smooth operation of the website
Note: Some of the information from contractors is collected offline.
We retain data during the contract period (while you interact with our service) and for 36 months afterward, or until you withdraw your consent (if applicable). In such cases, your data will be deleted from our servers within 30 days of your request.
Note: We do not knowingly process personal data of users under 16 without consent from a legal representative. If you are such a user or a legal representative, please contact us via email.
Why Do We Collect Data?
We are committed to protecting your privacy. We use the information we collect to:
Provide, maintain, and improve our website and services;
Offer troubleshooting and customer support;
Protect our service for all users;
Contact you.
Sale of Data
We do not sell your information. However, we may transfer your personal data to some contractors as part of providing our services. Learn more in the following section.
Sharing and Transferring Data
Your personal data is stored in our databases on servers located in the US (Michigan, Ohio, Virginia, Oregon, California), Brazil, and Canada. We may transfer your data to our employees to fulfill contracts. Additionally, data may be transferred for the following reasons:
Consent: We transfer personal data based on your explicit consent.
Compliance with the Law:
We will not disclose your personal data to third parties unless necessary to:
Comply with government requests, court orders, or applicable laws;
Prevent unlawful use of our website;
Protect against claims from third parties;
Assist in preventing or investigating fraud.
Transfer to Third Parties:
We may transfer your personal data to third parties for processing on our behalf, subject to appropriate technical and organizational measures to protect your data.
We share your data with service providers who assist us with:
Operating, developing, and improving the website and its features;
Advertising;
Providing their services;
Completing payment transactions;
Fulfilling support requests;
Communicating with you as described elsewhere in this Privacy Notice.
In Detail:
Employees and Contractors
Contract performance
Contact with you
Support
Marketing
Payment transactions
Operating, developing, and improving our website and business
Depending on their role, the data shared varies. We apply necessary safeguards. Read more in the Security section.
Advertising Contractors
Service promotion
We transmit aggregate data only, according to our instructions, with appropriate safeguards. If necessary, we use a data transfer agreement. Read more in the Security section.
We use the following service providers:
Facebook
Website customization and usability
The data we transmit is purpose-limited and protected.
You can learn about Facebook's data processing here.
Yahoo and AOL (Yahoo product)
Online services and bulletin boards
The data we transmit is purpose-limited and protected.
The data we transmit is purpose-limited and protected.
You can learn about Taboola's data processing here.
Google
Advertising, online promotion, and analytics
The data we transmit is purpose-limited and protected.
You can learn about Google's data processing here.
Hotjar
Understanding and addressing user needs
The data we transmit is purpose-limited and protected.
You can learn about Hotjar's data processing here.
TikTok
Customer attraction and service advertising
The data we transmit is purpose-limited and protected.
You can learn about TikTok's data processing here.
Nextdoor
Advertising and service offerings
The data we transmit is purpose-limited and protected.
You can learn about Nextdoor's data processing here.
Security
We employ a combination of physical, electronic, and procedural security measures to protect the personal data we handle. We have implemented reasonable operational and technical safeguards to restrict access to your data:
Data is stored on servers and is accessible only to authorized New Bath Today employees who have access to the admin panel. Contractors may have limited access to specific information.
Internal instructions and guidelines have been developed.
Encryption methods such as TLS/SSL, firewalls, and other security measures have been implemented to ensure the protection of your data.
These measures are designed to protect your personal data from loss, unauthorized access, disclosure, alteration, or destruction. If you believe that your interaction with us is no longer secure, please inform us immediately by contacting us in writing at homeshowerexpert.com@gmail.com.
Use of Cookies
We use cookies that are essential for the functioning of our website. Through cookies, we collect technical information as outlined in the "Data We Process" section and our Cookie Policy.
If you wish to disable cookies, you can find instructions for managing your browser settings at the following links:
This Privacy Notice and its applicable relationships are governed by GDPR and various U.S. privacy laws, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act, Virginia Consumer Data Protection Act, Colorado Privacy Act, and Delaware Online Privacy and Protection Act. As laws and requirements for personal data processing evolve, we will keep you informed of any updates by posting the revised document on our website. Please check regularly to stay updated.
California Legislation
This section provides information for California residents about privacy rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act.
Opt-Out of Disclosure for Direct Marketing Purposes
California law allows residents to learn about entities that have received their personal data for marketing purposes and the types of information disclosed. To request this information, please contact us via email at homeshowerexpert.com@gmail.com
Note that opting out does not prevent us from disclosing personal data for purposes other than direct marketing. The data we process and share may include your name, address, email address, and phone number.
Automatic Information Collection
We collect data that you provide online, as well as data collected from unaffiliated third-party websites.
Automatic Information Collection by Third Parties
When you visit our websites, third parties may collect personal data about your online activities across different websites and over time.
Minors
We do not sell personal information of individuals under 16 years old unless the individual, if aged 13 to 15, or their parent or guardian, if under 13, has consented to the sale. Businesses that disregard this requirement are deemed to have had actual knowledge of the individual's age. This is referred to as the "right to opt-in." Without consent, we are prohibited from selling the personal information of minors unless consent is subsequently provided.
Do-Not-Track Requests
California residents may request that we do not automatically collect and track their online browsing activities. Such requests are typically made through browser settings. Currently, we do not have the capability to honor these requests, but we may update our practices as technology advances.
California Residents’ Data Protection Rights
The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act grant California residents the following additional rights:
Right to Know
You have the right to request information about the personal data we have collected, used, disclosed, or sold about you in the past 12 months. This includes information on:
The categories of personal information collected about you;
The sources of the personal information collected;
The categories of personal information sold or disclosed for business purposes;
The categories of third parties to whom your personal information was sold or disclosed;
The business purposes for collecting or selling your personal information;
The specific pieces of personal information collected about you.
Data Portability
You have the right to request a copy of the personal information we have collected and maintained about you in the past 12 months.
Right to Deletion
You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions. If you request deletion, we may deny the request or retain certain information if necessary for us or our service providers to:
Complete transactions, provide requested goods or services, or perform a contract with you;
Detect and prevent security incidents or fraudulent activities;
Debug and repair errors affecting intended functionality;
Exercise free speech, ensure another's right to free speech, or fulfill other legal rights;
Comply with the California Electronic Communications Privacy Act;
Conduct scientific, historical, or statistical research in the public interest, if deletion would impair research, provided you consent;
Use data internally in ways reasonably aligned with your expectations based on our relationship;
Comply with legal obligations;
Otherwise use the data in a lawful manner compatible with the context of collection.
Right to Opt-Out/In
You have the right to opt out of the sale of your personal information. You also have the right to opt in to the sale of personal information. However, we do not sell your personal information.
Right to Non-Discrimination:
You have the right to not receive discriminatory treatment from us for exercising your CCPA privacy rights. Unless permitted by the CCPA, we will not:
Refuse to provide you with goods or services.
Charge you different prices or rates for goods or services, including through discounts or other benefits, or impose penalties.
Offer you a different level or quality of goods or services.
Suggest that you may receive a different price or rate for goods or services, or a different level or quality of goods or services.
Note that the CCPA includes specific requirements for exercising these data protection rights. Consequently, we may:
Respond to your request within forty-five (45) days of receiving it.
Provide you with the personal information we have collected about you no more than twice within a 12-month period (including categories and specific pieces of collected personal information, business purpose and sources of collection, and categories of third parties with whom personal information is shared).
NOT provide personal information if we cannot verify your identity. You must provide sufficient information for us to verify you as the person about whom we collected personal information. Requests made through your Account are considered sufficiently verified.
NOT transfer your personal information to another entity.
Additionally, please be aware that we are allowed to retain personal information after deletion requests are received as permitted by the CCPA (e.g., for detecting security incidents, correcting errors, complying with legal obligations, completing transactions).
We will not discriminate against you for choosing to exercise your rights under the CCPA. We are committed to accessibility for customers with disabilities. Users with disabilities may also contact us by email to request an alternative format of this Privacy Notice.
Virginia Legislation
This section provides information for residents of Virginia about the legislation and privacy rights granted under the Virginia Consumer Data Protection Act (VCDPA).
The VCDPA requires some businesses to give consumers the ability to access and control personal data collected about them.
Minors.
Controllers and processors that comply with the verifiable parental consent requirements of COPPA are deemed compliant with any obligations to obtain parental consent under the VCDPA.
A known child’s parent or legal guardian may exercise customer rights on behalf of the child regarding the processing of personal data belonging to the known child.
No Discrimination.
A controller must not process personal data in violation of state and federal anti-discrimination laws or discriminate against a customer for exercising rights under the VCDPA.
Access Requests.
Controllers must establish and describe in a privacy notice secure and reliable methods for customers to submit requests to exercise their rights. The method should consider how customers typically interact with the controller, the need for secure and reliable communication, and the controller's ability to authenticate requests.
Controllers are prohibited from requiring customers to create a new account to exercise their rights but may require the use of an existing account.
Response Time.
Controllers must respond to customer requests within 45 days. This period may be extended once by an additional 45 days if certain requirements are met.
No Charge for Information.
Controllers are required to provide information in response to a customer request free of charge, up to twice annually per customer. The controller may charge a reasonable fee or decline to act on the request if it is manifestly unfounded, excessive, or repetitive. However, the burden of demonstrating that a request is manifestly unfounded, excessive, or repetitive lies with the controller.
Right to Opt Out.
Virginia residents visiting our websites may request to opt out of targeted advertising, the sale of personal data, or profiling. Virginia laws allow residents to learn the identities of entities that received their personal data for marketing purposes and the categories of information disclosed. You may request such information by contacting us via email at homeshowerexpert.com@gmail.com
Colorado Legislation
This section provides information for residents of Colorado about the legislation and privacy rights granted under the Colorado Privacy Act.
Minors.
A controller must not process the personal data of a known child without first obtaining consent from the child's parent or lawful guardian.
Access Requests.
Customers may exercise their rights by submitting a request using a method specified by the controller in the required privacy notice. The method must consider:
The typical ways customers interact with the controller;
The need for secure and reliable communication regarding requests; and
The controller's ability to authenticate the identity of the customer making the request.
Controllers should not require customers to create a new account to exercise their rights. However, a controller may require customers to use an existing account.
Response Time
In brief: 45 days to respond. The controller must notify the customer of any actions taken on a request within 45 days. In certain cases, this 45-day period may be extended by an additional 45 days.
No Charge for Information
Controllers are required to provide requested information free of charge once per year. For additional requests within a 12-month period, the controller may charge an extra fee.
Justification for Inaction
If a controller does not act on a customer’s request, they must inform the customer within 45 days of receiving the request, explaining the reasons for inaction and providing instructions for appealing the decision.
Denial of Requests
The controller is not obligated to comply with a request if they cannot authenticate it with commercially reasonable efforts and may request additional information to verify the request.
Right to Appeal
Controllers must have an internal process for customers to appeal a refusal to act on their request. Customers must appeal within a reasonable timeframe after being notified of the denial. The appeal process must be easily accessible and user-friendly.
Responding to an Appeal
The controller must inform the customer of the appeal's outcome and provide a written explanation within 45 days of receiving the appeal. This period may be extended by an additional 60 days in certain circumstances.
Delaware Legislation
This section provides information for Delaware residents about the Delaware Online Privacy and Protection Act (DOPPA) and your privacy rights.
Advertising to Children
DOPPA regulates operators only if they provide services or platforms primarily targeting children. It does not cover services that merely refer to or link to other child-directed services.
Operators may also be liable under DOPPA if they knowingly allow children to access their services. In such cases, operators must not use, disclose, or compile the child’s personal information. They must also avoid advertising inappropriate content, including alcohol, tobacco, firearms, fireworks, tanning equipment, lotteries, gambling, tattoos, drug paraphernalia, and pornography. Operators using advertising services must ensure compliance with DOPPA.
Do-Not-Track Requests
Delaware residents can request that we do not automatically collect and track their online browsing data. These requests are typically made through browser settings that control tracking signals. Currently, we do not have the capability to honor these requests, but we may update this notice as our capabilities change.
Nevada Legislation
This section provides information for Nevada residents about the Nevada privacy law Senate Bill 220 and your privacy rights.
Opt-Out of Sale
Nevada law allows consumers to opt-out of the sale of “covered information” collected through websites or online services. “Covered information” includes:
First and last name.
A home or physical address, including street name and city or town.
An email address.
A telephone number.
A social security number.
An identifier that allows contact either physically or online.
Any other information collected from the person that is personally identifiable when combined with an identifier.
Do-Not-Sell Request
Nevada does not require a “Do Not Sell My Personal Data” button or link on websites. Instead, it requires entities to provide an email address, a toll-free phone number, or a website for submitting verified opt-out requests.
Response Time
Upon receiving a “verified consumer request,” businesses have 45 days to respond, with a possible 90-day extension if “reasonably necessary,” for a total of up to 135 days.
Privacy Legislation
This Privacy Notice is governed by applicable privacy laws. It also references pending or not yet enacted state laws to indicate your rights. You can see a list of these laws here:
California — California Consumer Privacy Act and California Privacy Rights Act;
Virginia — Consumer Data Protection Act;
Ohio — Ohio Personal Privacy Act*;
Colorado — Protect Personal Data Privacy;
Nevada — Nevada Privacy Law;
Massachusetts — Massachusetts Information Privacy Act*;
Minnesota — Minnesota Consumer Data Privacy Act*;
New York — New York Privacy Act*, Digital Fairness Act*;
North Carolina — Consumer Privacy Act*;
Pennsylvania — Pennsylvania House Bill 1126*;
Delaware — Online and Personal Privacy Protection;
Canada — Personal Data Protection and Electronic Documents Act 2000 and Canada’s Anti-Spam Legislation.