DATA & PRIVACY POLICY

We store your data in multiple Tier III data centers across the United States. We serve images and other static assets via multiple geographically distributed content delivery networks (CDNs). This system ensures that the data in each page view is served from the data center closest to the visitor’s location.

Our site is hosted across a private cloud with full redundancy. If a primary service fails, we can switch to a backup service. Our Operations team monitors Squarespace sites 24x7 and is ready to respond to incidents within minutes of detecting an anomaly.

MONEY LAUNDERING

What are the money laundering regulations in the UK?

We request personal information to comply with UK Money laundering and data regulations to safeguard our agency and its individuals. If you have not completed the form in its correct format we may ask you to fill it in at a later stage.

In UK law money laundering is defined in the Proceeds of Crimes Act 2002 (POCA) and includes all forms of handling or possessing criminal property, including possessing the proceeds of one's own crime, and facilitating any handling or possession of criminal property.

GDPR

The General Data Protection Regulation, or GDPR, is a European privacy law that went into effect May 25, 2018. The GDPR regulates how individuals and organizations may collect, use, and retain personal data, which affects Squarespace and sites run on our platform. References to the GDPR and its provisions include the law as it applies to the United Kingdom (UK).

What’s considered personal data?

Under the GDPR, personal data is any information that can reasonably identify a specific living person, either alone or with other information. This broad definition includes traditional personal data—like dates of birth, names, physical addresses, email addresses—and location data, biometric data, financial information, and more.

Cookies and similar technologies

A cookie (or such similar technology) is a text file containing small amounts of information that may be stored on your computer or mobile device ("terminal equipment”). For example, such technologies can be used by websites to:

Identify visitors

Enable the website to function efficiently

Personalize content

Permit online behavioral target advertising

Similar technologies include pixels, tags, local storage, and device fingerprinting.

In the EU, cookie laws are currently governed by the E-Privacy Directive. The cookie laws in the EU require website owners to take certain steps before dropping non-essential cookies on EU visitors. Websites that drop non-essential cookies must, through the use of a cookie banner, take the following minimum steps:

Provide clear and comprehensive information regarding the websites cookie usage.

Display that information prominently so visitors can easily access it.

Obtain consent from the website visitor to drop the non-essential cookies.

The GDPR changed the concept of consent required from visitors. Before the GDPR, websites relied on implied consent, where continued use of the website was considered sufficient consent to drop non-essential cookies. Now, unambiguous consent is required, meaning the visitor must provide “clear affirmative action consent” to the use of non-essential cookies. You must obtain affirmative consent before placing non-essential cookies on visitors' devices. The website must also allow the visitor to manage their cookies preferences.

The General Data Protection Regulation, or GDPR, is a European privacy law that went into effect May 25, 2018. The GDPR regulates how individuals and organizations may collect, use, and retain personal data, which affects AWB Interiors and sites run on our platform. References to the GDPR and its provisions include the law as it applies to the United Kingdom (UK).

If you have visitors or customers in the European Economic Area (EEA), the UK, or Switzerland, this guide covers what you should know as a AWB Interiors user. For general information about data privacy in other parts of the world, visit Data privacy and AWB Interiors.

Note: This guide is available as a resource, but should not be construed or relied upon as legal advice. Per our Terms of Service, AWB Interiors doesn't provide advice or recommendations regarding laws applicable to your site or business.

Who is affected by the GDPR?

While the GDPR is an EU/UK regulation, it extends to organizations in other countries that service EU/UK residents. So, it affects:

Organizations based in the EU, the UK, and Switzerland

Organization outside of the EU, the UK, and Switzerland offering goods or services to, or monitoring, EU, UK, or Swiss residents

Keeping in mind that the Internet is global in nature, if you use AWB Interiors products, you should review your practices and decide if you fall within the scope of the GDPR.

What’s considered personal data?

For more information about what is considered personal data in the EU and UK, please see the information pages of the European Commission, Data Protection Commission of Ireland, and Information Commissioner's Office.

What did AWB Interiors do before the GDPR to ensure compliance?

Over the months leading up to May 2018, we worked across the company to successfully prepare for the GDPR. This included reviewing how we store and use data about our customers and on behalf of our customers.

Specifically, we:

Updated our Terms of Service and Privacy Policy to be more transparent about our use and treatment of data.

Published a Data Processing Addendum, or DPA, to address how we process data on your behalf.

Entered appropriate data processing agreements with vendors that process personal data on our behalf.

Trained all employees on our privacy and GDPR obligations.

Updated our processes to consider data subject rights introduced under the GDPR.

Made product changes to give you more control over data. For example, you can disable Activity Log and analytics cookies.

Added the ability for customers in the EU and UK to opt out of marketing emails at signup. All customers can unsubscribe from these emails from the Account Dashboard.

Do I need to sign a DPA with AWB Interiors?

When you agreed to our Terms of Service, you also agreed to our DPA when you signed up for AWB Interiors. You don't need to request or sign a separate physical document. Review our Privacy Policy and DPA.

Cookies and similar technologies

Identify visitors

Enable the website to function efficiently

Personalize content

Permit online behavioral target advertising

Similar technologies include pixels, tags, local storage, and device fingerprinting.

Provide clear and comprehensive information regarding the websites cookie usage.

Display that information prominently so visitors can easily access it.

Obtain consent from the website visitor to drop the non-essential cookies.

For more information on cookies and similar technologies, see the UK’s Information Commissioner’s Office recent and detailed guidance on cookies and similar technologies.

How does AWB Interiors help me comply with the GDPR and

EU cookie requirements for my website?

By default, we use cookies to run your site and obtain information about your visitors for AWB Interiors analytics. To help you comply with legal requirements, you can:

Disable Activity Log so you don’t collect or see visitors’ IP addresses or other personal data.

Disable AWB Interiors analytics cookies so you don’t place these non-essential cookies on visitors’ browsers.

Display a customizable cookie banner so visitors can opt into your use of cookies.

AWB Interiors gives you the editing tools to post your own legal terms or privacy policies. For example, you can:

Add content that informs visitors about when and how you collect data anywhere you can add your own customizable text, like in text blocks.

Customize the newsletter block with a disclaimer.

Get consent to send marketing emails.

Add a cookie banner with customized consent language and a link to your policies.

To learn about how to add these to your site, visit Sharing policies and terms on your site.

Note: We built tools for you to manage the cookies your AWB Interiors site uses, but we can’t control third-party services you use through connected accounts or code-based modifications. Review the policies for all services connected to your AWB Interiors site to understand your site’s cookie use.

How does Scheduling help me comply with the GDPR?

Scheduling has tools to help you comply with the GDPR, but being GDPR compliant is ultimately up to you. How you use and configure your account, and what data you collect from clients, will factor into your compliance. In Scheduling, you can:

Display terms and conditions in your scheduling instructions.

Use intake forms to get consent to your terms from your clients, and you can require clients to agree to your terms before buying a package or signing up for a subscription.

Delete client information in the Client List. You can also delete inactive clients, and delete clients in bulk.

Export client data to comply with a client's data portability request.

Using AWB Interiors with third-party services

The GDPR not only affects how the AWB Interiors products you use process personal data, but also how other services process data on your behalf. You can use built-in integrations to connect the AWB Interiors products to third-party services, and other methods for integrating additional services, including:

Connected accounts

Code Block

Code Injection (Which lets you use services like Google AdSense)

Embed Blocks

Facebook Pixel

Form block storage (Email, Google Drive, Mailchimp)

Google Analytics

Payment processors (Stripe or PayPal)

Social Blocks

Specific integrations or blocks (e.g., Acuity, ChowNow, Mailchimp)

Typically, third-party services accept data from, or embed content into, your site, Scheduling, or other AWB Interiors products, with AWB Interiors acting as a pass-through for the data or displaying the content. These services may have their own terms of service, privacy policies, and other practices which are different from ours. It’s important to carefully review the policies of all services connected to your AWB Interiors products.

European Commission Standard Contractual Clauses

We use Standard Contractual Clauses (also known as Model Contractual Clauses) as the legal basis for transferring personal data to third countries, including the United States.

The European Commission updated the Standard Contractual Clauses on June 4, 2021 to reflect how data processing happens in the modern world, the requirements of the GDPR, recommendations from the European Data Protection Board, and the Schrems II decision by the Court of Justice of the European Union. In response, we updated our Data Processing Addendum effective September 27, 2021, to comply with the updated Standard Contractual Clauses.

We protect your personal data and have put appropriate technical and organizational safeguards in place to meet these standards. To learn more, visit our Security Measures page.

Privacy Shield principles

On July 16, 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield. We no longer use the Privacy Shield Frameworks as the legal basis for transferring personal data to the United States. However, we continue to apply these principles for additional protection.

Other transfer requirements

Articles 45 to 50 of the GDPR set the various requirements for the lawful transfers of personal data to third countries or international organizations that provide an adequate level of protection. These include:

Adequacy

Third countries, specified sectors within third countries, or international organizations have adequacy if the EU Commission determined they provide an adequate level of data protection.

In the absence of an adequacy decision, the GDPR allows a transfer if the controller or processor has provided “appropriate safeguards,” which may include:

Approved Codes of Conduct or Approved Certification Mechanisms

Binding Corporate Rules

Standard Contractual Clauses

Exceptions for specific situations

Exceptions allow transfers in specific situations, like if consent is obtained, or:

For the performance or conclusion of a contract

For the exercise of legal claims

To protect the vital interests of the data subject when they can't give consent or for reasons of public interest

For more information, visit this guidance document from the European Data Protection Board.

We may use other transfer mechanisms to ensure adequate data protection and we'll provide more information, as appropriate, if other transfer mechanisms are used for the lawful transfers of personal data to third countries.

GDPR best practices for AWB Interiors

Personal data audit

Review your website, your scheduler, and other AWB Interiors products and look for areas where you collect personal data, bearing in mind the modified the GDPR definition of “personal data.”

Do you collect personal data via AWB Interiors products using third-party services? (e.g., Google Analytics, a form block connected to Mailchimp and Google Drive). You should read the privacy policies of those services.

Do you download or export data from your AWB Interiors website or email into another system? Yes

Do you combine the personal data you collect with other sources of data? No

Are you gathering information you don’t need? No

What information we collect.

We collect information for the purposes of creating proposals, invoices and sales. We never share your data to a marketing or 3rd party partner or sister company unless instructed by the client.

Where can I get more information about the GDPR?

Regulators within the EU and UK provide specific guidance on the GDPR and Cookies. You can view their documentation here:

The European Data Protection Board (EDPB)

Official EU GDPR website

Bundesministerium des Innern (Germany)

Commission Nationale de l’Informatique et des Libertés (France)

Data Protection Commission (Ireland)

Information Commissioner’s Office (UK)

Agencia Española de Protección de Datos (Spain)

Full text of the GDPR