GDPR Compliance

01 — Introduction

Our Commitment To Your Privacy

Home Wall Trends is published from the United States, but we welcome readers from across the European Union, the European Economic Area, and the United Kingdom. If you visit our site from any of these regions, your personal information is protected by the General Data Protection Regulation (GDPR) and, where applicable, the UK GDPR.

This page explains, in plain language, how we comply with these regulations, what data we process, and the rights available to you. It should be read alongside our Privacy Policy, which describes our general data practices in more detail.

02 — Data Controller

Who Is Responsible For Your Data

For the purposes of the GDPR, the data controller is Home Wall Trends, the editorial team that publishes this journal. The data controller decides why and how your personal information is processed.

Data Controller: Home Wall Trends
Email: [privacy@yourdomain.com]
Mailing Address: [Street Address, City, State, ZIP, United States]

As a small editorial publication, we are not required to appoint a Data Protection Officer (DPO) under Article 37 of the GDPR. For all data-related inquiries, please contact our editorial team using the details above or at the bottom of this page.

03 — Lawful Basis

Lawful Basis For Processing

Article 6 of the GDPR requires us to identify a lawful basis for every kind of personal-data processing we carry out. We rely on the following bases:

• Consent (Article 6(1)(a)): When you subscribe to The Sunday Letter, leave a comment, or accept non-essential cookies, we process your data on the basis of your freely given, specific, informed consent. You may withdraw consent at any time.
• Legitimate interests (Article 6(1)(f)): We process limited data, such as analytics and security logs, to keep the site running, prevent abuse, and understand which articles resonate with readers. We balance our interests against your rights and freedoms before doing so.
• Legal obligation (Article 6(1)(c)): Where applicable law requires us to retain or disclose information, for example in response to a valid legal request, we process data to meet that obligation.

04 — What We Process

Personal Data We Process

We try to keep what we collect to a minimum, in line with the principle of data minimisation under Article 5(1)(c). The categories of personal data we may process include:

• Identity data: Your name, where provided when subscribing or commenting.
• Contact data: Your email address, used to deliver the newsletter or respond to inquiries.
• Technical data: IP address, browser type, operating system, device type, and approximate location, used for analytics and security.
• Usage data: Pages viewed, time on page, referring website, and date and time of visits.
• Communication data: The content of comments, contact-form messages, and reader submissions.

We do not knowingly process special-category data under Article 9 (such as data concerning health, ethnicity, political opinions, or religious beliefs). Please do not submit such information through our forms or comments.

05 — Your Rights

Your Rights Under The GDPR

If you are located in the EU, EEA, or UK, the GDPR grants you the following rights with respect to your personal data. We honor each of these rights free of charge, in the manner described below.

Right Of Access (Article 15)

You may request confirmation of whether we hold personal data about you and ask for a copy of that data, along with information about how it is processed.

Right To Rectification (Article 16)

You may ask us to correct inaccurate or incomplete information we hold about you.

Right To Erasure (Article 17)

Also known as the “right to be forgotten.” You may request that we delete your personal data when it is no longer necessary, when you withdraw consent, or in other circumstances permitted by law.

Right To Restrict Processing (Article 18)

You may ask us to limit how we use your data while a request or dispute is being resolved.

Right To Data Portability (Article 20)

Where processing is based on consent or a contract, you may request your data in a structured, commonly used, machine-readable format and have it transferred to another controller.

Right To Object (Article 21)

You may object to processing based on our legitimate interests, including any direct-marketing activity. Where direct marketing is concerned, we will stop processing your data without exception.

Right To Withdraw Consent (Article 7)

Where processing is based on consent, you may withdraw it at any time. The unsubscribe link at the bottom of every Sunday Letter is the simplest way to do so for newsletter subscriptions.

Right To Lodge A Complaint (Article 77)

If you believe our processing of your personal data is unlawful, you may lodge a complaint with your local supervisory authority. UK readers may contact the Information Commissioner’s Office (ICO) at ico.org.uk. EU readers can find their national authority through the European Data Protection Board at edpb.europa.eu. We would, however, appreciate the chance to address your concerns directly first.

06 — Exercising Rights

How To Exercise Your Rights

To exercise any of the rights listed above, please email us at [privacy@yourdomain.com] with the subject line “GDPR Request.” Include enough information for us to identify you, the right you wish to exercise, and any supporting details.

• We will respond within one calendar month, as required by Article 12.
• For complex or numerous requests, we may extend the response period by an additional two months, and we will let you know within the first month if so.
• We may ask for proof of identity to ensure that we are responding to the right person.
• There is no fee for a request unless it is manifestly unfounded or excessive.

07 — Cookies

Cookies And Consent

When you visit Home Wall Trends from the EU, EEA, or UK, you will see a consent banner the first time you arrive. The banner asks for your specific consent before we set any non-essential cookies, in line with the ePrivacy Directive and Article 7 of the GDPR.

• Essential cookies are loaded by default because they are strictly necessary for the site to function. They cannot be disabled.
• Analytics, advertising, and other non-essential cookies are loaded only after you give consent through the banner.
• You can change or withdraw your cookie preferences at any time by clicking the “Cookie Settings” link in our website footer.
• Refusing non-essential cookies is just as easy as accepting them, and refusal will not affect your access to the journal.

08 — International Transfers

International Data Transfers

Home Wall Trends is operated from the United States, and several of our service providers (including hosting, analytics, and email-delivery vendors) are based in the U.S. or other countries outside the EEA. When personal data is transferred outside the EEA or UK, we rely on one or more of the following safeguards under Chapter V of the GDPR:

• EU-U.S. Data Privacy Framework certifications, where the recipient organization is certified.
• Standard Contractual Clauses (SCCs) approved by the European Commission, where applicable.
• UK International Data Transfer Agreement or UK Addendum for transfers from the United Kingdom.

If you would like more information about the specific safeguards in place for any transfer, please contact us using the details at the bottom of this page.

09 — Retention

Data Retention And Storage

In line with Article 5(1)(e), we keep personal data only for as long as it is needed for the purposes described in our Privacy Policy.

• Newsletter subscriber data is retained until you unsubscribe, after which it is deleted within 30 days.
• Comments remain on the site as part of the public editorial record unless you request removal.
• Contact-form submissions are retained for up to 24 months for reference and follow-up.
• Analytics data is anonymised or aggregated where possible and held for no longer than 26 months.

10 — Security

Security And Breach Notification

Under Article 32, we are required to put in place appropriate technical and organisational measures to protect personal data. Our measures include SSL/TLS encryption for data in transit, restricted access controls, secure hosting, and routine review of the third-party services we rely on.

In the unlikely event of a personal-data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of it, in line with Article 33. Where the breach is likely to result in a high risk to you, we will also notify you directly without undue delay, as required by Article 34.

11 — Updates

Changes To This Statement

We may update this GDPR Compliance statement from time to time to reflect regulatory developments, changes to our practices, or new editorial services. The “Last Updated” date at the top of this page will always show when the most recent revision took effect. For material changes that affect your rights, we will notify subscribers by email or through a prominent notice on the site.