Privacy Policy
1. Introduction
Welcome to GuestSelects ("we," "us," or "our"). We are committed to protecting your personal information and your right to privacy.
This Privacy Policy applies to our website and any related services (collectively, the "Platform"). It explains what information we collect, how we use it, and your rights in relation to it.
We are based in Romania (European Union) and operate under the General Data Protection Regulation (GDPR).
This provides a high standard of data protection for all our users, regardless of location. We also comply with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents.
2. Information We Collect
2.1 Information You Provide to Us
We only collect personal information that you voluntarily provide to us:
- Lead Capture Forms: If you submit a form to request a showroom, request information about an item, or otherwise contact us, we collect your email address, name (if provided), and the details of your request.
- Form Processing: Form submissions are processed via Formspree, Inc. ("Formspree"), a third-party form processor. Formspree acts as our data processor and stores submitted data on servers located in the United States.
2.2 Information Automatically Collected (Analytics & Behavioral Data)
We use PostHog, Inc. ("PostHog") for analytics to improve our Platform. PostHog collects the following types of data:
- Pageview Events: We record when you visit pages and navigate between them.
- Pageleave Events: We record when you navigate away from pages to understand session duration.
- Property Engagement Metrics: We record specific property views to understand showroom traffic.
- Click Interactions & CTR: We record button clicks, interactions with shoppable items, and product click-through rates (CTR) to understand what items generate the most interest.
- Session Recording: We may record your browsing sessions, including mouse movements, clicks, scrolls, and form interactions. All text inputs are masked for privacy.
- Scroll Depth (Heatmaps): We aggregate scroll data to understand content engagement.
- Device & Browser Information: We collect device type, operating system, browser type, and approximate geographic location (country/region level).
Cookieless Mode
If you reject cookies or choose "Essential Only," we activate cookieless mode: no analytics cookies are set, tracking is anonymous and non-persistent, and no session recordings or heatmaps are captured. See Section 5 for full consent options.
2.3 Categories of Personal Information (CCPA/CPRA Disclosure)
For California residents, we disclose the following categories of personal information collected in the preceding 12 months:
- Identifiers: Email address, IP address (truncated/anonymized)
- Internet Activity: Browsing history on our Platform, interactions with content, session recordings
- Geolocation Data: Approximate location (country/region level only)
- Inferences: Preferences and interests derived from browsing behavior
3. Legal Basis for Processing (GDPR)
We process your personal information under the following legal bases:
- Consent: For session recording and advanced analytics features. You may withdraw consent at any time.
- Legitimate Interest: For basic analytics, Platform security, fraud prevention, and responding to inquiries. Our legitimate interests do not override your fundamental rights and freedoms.
- Contractual Necessity: When you submit a form requesting our services, processing is necessary to respond to your request.
4. How We Use Your Information
We use your information for the following purposes:
- To respond to requests: We use the email you provide solely to respond to your specific inquiry or item request.
- To improve our Platform: We use analytics data (page views, session recordings, heatmaps) to identify usability issues and optimize user experience.
- To detect and prevent fraud: We analyze usage patterns to identify and prevent abusive or malicious activity.
- To comply with legal obligations: We may process data to comply with applicable laws, regulations, or legal requests.
We do NOT sell your personal information to third parties. We do NOT share your personal information for cross-context behavioral advertising.
5. Cookies and Tracking Technologies
5.1 Cookie Consent Banner
Upon your first visit, you will be presented with a cookie consent banner offering three choices:
- Accept All: Enables analytics cookies, session recordings, heatmaps, and full event tracking
- Essential Only: Only essential storage (consent preference) - no analytics cookies
- Reject All: Cookieless mode activated; anonymous, non-persistent tracking only
You can change your preferences at any time using the "Cookie Preferences" link.
5.2 Types of Cookies
- Essential Cookies: Strictly necessary for Platform functionality. These do not require consent.
- Analytics Cookies (PostHog): Used for analytics, session recording, and heatmaps. Under EU ePrivacy Directive and GDPR, these require prior consent.
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
| gs_cookie_consent | Stores your cookie preference | 365 days | Essential |
| ph_* | PostHog analytics session | Session/1 year | Analytics (requires consent) |
Cookieless Mode
If you reject cookies, we activate cookieless mode: no cookies or persistent storage are used for analytics, tracking is anonymous and non-persistent, and no session recordings or heatmaps are captured.
6. Third-Party Services & Data Processors
We share data with the following third-party service providers who act as our data processors:
| Provider | Purpose | Data Location | Data Shared |
|---|---|---|---|
| Formspree, Inc. | Form processing | United States | Email, name, form responses |
| PostHog, Inc. | Analytics, session recording, heatmaps | EU (Frankfurt) or US | IP address, device info, browsing behavior, session recordings |
| Vercel Inc. | Website hosting | Global (Edge network) | Server logs, IP address |
Affiliate Partners: When you click a product link ("Hotspot"), you are redirected to third-party retailers (e.g., Amazon, Etsy, Wayfair). These third parties are independent data controllers and may collect their own data once you leave our Platform. We are not responsible for their privacy practices.
7. International Data Transfers
Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. When such transfers occur, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our US-based processors.
- Data Processing Agreements: All processors are bound by contractual obligations to protect your data.
- EU-US Data Privacy Framework: Where applicable, we rely on processors certified under the EU-US Data Privacy Framework.
8. Data Retention
We retain personal information only for as long as necessary to fulfill the purposes described in this policy:
- Form Submissions: Retained for up to 24 months, or until you request deletion.
- Analytics Data: Session recordings and event data are retained for up to 12 months.
- Legal Obligations: Data may be retained longer if required by law (e.g., tax records, legal disputes).
9. Your Data Rights
Depending on your location, you have the following rights regarding your personal information:
9.1 Rights Under GDPR (EU/EEA Residents)
- Right to Access: Request a copy of the personal information we hold about you.
- Right to Rectification: Request correction of inaccurate information.
- Right to Erasure: Request deletion of your personal information ("right to be forgotten").
- Right to Restrict Processing: Request that we limit how we use your data.
- Right to Data Portability: Receive your data in a machine-readable format.
- Right to Object: Object to processing based on legitimate interests.
- Right to Withdraw Consent: Withdraw consent at any time (for consent-based processing).
- Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., Romania's ANSPDCP).
9.2 Rights Under CCPA/CPRA (California Residents)
- Right to Know: Request disclosure of personal information collected, sources, purposes, and third parties with whom it was shared.
- Right to Delete: Request deletion of your personal information.
- Right to Correct: Request correction of inaccurate information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your data for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Personal Information: We do not collect sensitive personal information as defined under CPRA.
- Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
To exercise any of these rights, please contact us at: marius@guestselects.com. We will respond within 30 days (GDPR) or 45 days (CCPA/CPRA).
10. Security
We implement appropriate technical and organizational security measures to protect your personal information, including:
- Encryption in transit (HTTPS/TLS)
- Secure access controls and authentication
- Regular security assessments and updates
- Data minimization and pseudonymization where appropriate
However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
11. Children's Privacy
Our Platform is not directed to individuals under the age of 16 (or 13 in the US). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
12. Updates to This Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Effective Date" and will be effective as soon as it is accessible. We encourage you to review this policy periodically. Material changes will be notified via a prominent notice on our Platform.
13. Contact Us
If you have questions, concerns, or wish to exercise your data rights, please contact us: