Privacy Policy
How we collect, use, and protect your personal data
Last Updated: February 15, 2026
1. Introduction & Data Controller
Holiday Lights Decor Massachusetts ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website, use our services, or communicate with us.
This policy applies to all visitors, customers, applicants, and business partners. It complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable privacy laws.
Data Controller
Holiday Lights Decor Massachusetts
12 Westgate Dr, Woburn, MA 01801
Email: holidaylightsdecorma@gmail.com
Phone: (781) 778-8086
The Data Controller is responsible for deciding how your personal data is processed and for what purposes.
2. Information We Collect
2.1 Information You Provide Directly
We collect personal data that you voluntarily provide when you:
- Fill out a contact or quote request form (name, email, phone, address, project details)
- Submit a job or partner application (name, contact details, employment history, resume)
- Subscribe to marketing communications (email address)
- Communicate with us by email, phone, or social media
- Enter into a service contract (billing information, property details)
2.2 Information Collected Automatically
When you visit our website, we may collect the following only after you consent via our cookie banner:
- IP address (anonymized where possible)
- Browser type, version, and operating system
- Pages visited, time spent, and navigation paths
- Referring website or campaign source
- Device type and screen resolution
See our Cookie Policy for full details on tracking technologies used.
2.3 Information from Third Parties
We may receive information from Google (search/advertising data), social media platforms, and review websites, only in connection with services you have consented to.
3. Legal Basis for Processing (GDPR Article 6)
We process your personal data only when we have a valid legal basis:
| Purpose | Legal Basis |
|---|---|
| Responding to inquiries and quote requests | Contractual necessity / Legitimate interest |
| Providing and managing services | Performance of a contract |
| Processing payments | Performance of a contract |
| Marketing emails and promotions | Consent (opt-in) |
| Website analytics | Consent (cookie banner) |
| Targeted advertising | Consent (cookie banner) |
| Processing applications | Consent / Pre-contractual measures |
| Legal compliance | Legal obligation |
| Business interest protection | Legitimate interest (balanced against your rights) |
4. How We Use Your Information
- Providing, managing, and improving our services
- Processing and responding to quote requests and inquiries
- Processing payments and managing billing
- Sending service confirmations, updates, and scheduling communications
- Sending marketing communications (only with your explicit consent)
- Analyzing website usage to improve content and user experience
- Processing job and partner applications
- Complying with applicable legal and regulatory obligations
- Preventing fraud and protecting system security
5. Information Sharing & Disclosure
We do not sell, trade, or rent your personal information. We may share data with:
- Service Providers: Payment processors, email platforms, CRM systems — under GDPR-compliant data processing agreements.
- Analytics Providers: Google Analytics (only with your consent) for website usage analysis.
- Advertising Partners: Google Ads, Meta (only with your consent) for targeted campaigns.
- Legal Requirements: When required by law, regulation, or legal process.
- Business Transfers: In connection with a merger, acquisition, or asset sale, with appropriate safeguards.
6. Data Retention
We retain personal data only as long as necessary:
| Data Category | Retention Period |
|---|---|
| Contact form submissions | 2 years from last communication |
| Customer/contract records | 7 years (tax/legal requirement) |
| Job applications (unsuccessful) | 6 months from decision |
| Partner applications | 2 years or duration of partnership |
| Marketing consent records | Duration of consent + 1 year |
| Cookie consent records | 365 days (then re-prompted) |
| Analytics data | 26 months (Google Analytics default) |
When no longer needed, data is securely deleted or anonymized.
7. Your Rights (GDPR Articles 15–22)
You have the following rights regarding your personal data:
- Right of Access (Art. 15): Request a copy of your data and information about how it is processed.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to Erasure (Art. 17): Request deletion of your data when no longer necessary or when you withdraw consent.
- Right to Restrict Processing (Art. 18): Request temporary limitation of processing while a dispute is resolved.
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
- Right to Withdraw Consent: Withdraw consent at any time. This does not affect lawfulness of processing before withdrawal.
- Right to Lodge a Complaint: File a complaint with a supervisory authority.
To exercise these rights, contact us at holidaylightsdecorma@gmail.com. We will respond within 30 days as required by GDPR. Identity verification may be required.
8. Cookies & Tracking Technologies
Non-essential cookies (analytics and marketing) are only activated after explicit consent via our cookie banner. You can manage preferences at any time via the "Cookie Settings" link in our footer.
For full details on cookies used, see our Cookie Policy.
9. International Data Transfers
Our operations are based in the United States. If you access our website from the EEA, UK, or other regions with data protection laws, your data may be transferred to and processed in the US.
We ensure appropriate safeguards including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-U.S. Data Privacy Framework, where applicable
- Data Processing Agreements with all third-party providers
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
- SSL/TLS encryption for all data transmission
- Secure storage with access controls
- Regular security assessments
- Employee training on data protection
- Incident response procedures
In the event of a data breach posing high risk to your rights, we will notify you and the relevant supervisory authority within 72 hours (GDPR Article 33).
11. Third-Party Links & Services
Our website may contain links to third-party websites. We are not responsible for their privacy practices and encourage you to read their privacy policies.
12. Children's Privacy
Our services are not directed to individuals under 16. We do not knowingly collect data from children. If we become aware of such collection, we will promptly delete the data. Contact us at holidaylightsdecorma@gmail.com if you believe a child has provided us data.
13. Additional Rights for California Residents (CCPA)
- Right to Know: Request details about categories and specific personal information collected.
- Right to Delete: Request deletion of collected personal information.
- Right to Opt-Out: We do not sell personal information.
- Right to Non-Discrimination: We will not discriminate for exercising CCPA rights.
14. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via website notice or email. If changes affect cookie consent, the consent version will be updated to prompt a new request.
15. Contact Us
For questions about this policy, to exercise your data protection rights, or to raise concerns:
Holiday Lights Decor Massachusetts — Data Protection
12 Westgate Dr, Woburn, MA 01801
Email: holidaylightsdecorma@gmail.com
Phone: (781) 778-8086
EU residents also have the right to lodge a complaint with their local Data Protection Authority (DPA).