Your privacy is important to Reimagines. Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use, and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
1. Who We Are
Reimagines collects, uses and is responsible for certain personal information about you.
2. Children’s Online Privacy Protection Act
This website and any products and services offered herein are not intended for persons under the age of 13. Reimagines does not knowingly collect information from anyone under 13 years of age. Reimagines prohibits children under the age of 13 from using all interactive portions of this website, including leaving any comments, filling out forms, or otherwise submitting information. Reimagines will not knowingly collect personally identifiable information from children under 13. If Reimagines learns it has any information or content from anyone under the age of 13, it will delete that information.
3. The Personal Information We Collect and Use
a. Information Collected by Us
Reimagines may collect, use, and is responsible for certain personal information that you provide when you voluntarily sign up for e-mails or free gifts, leave comments, order a service or product, fill out any type of form, access private membership pages, or otherwise contact Reimagines via an online form or e-mail. The information collected may include your name, e-mail, address, phone number, and/or billing information. You are not required to provide any personally identifiable information to merely access or visit this website.
Reimagines may collect domain information and “cookies” (small files saved on your hard drive by your web browser) to analyze website and advertisement performance, track user patterns, save information from your previous visits and customize your experience. We will ask for your consent to allow us to use cookies. Reimagines or its third-party vendors may collect nonpersonal information through the use of these technologies. Nonpersonal information might include the browser you use, the type of computer you use and technical information about your means of connection to this website such as the operating systems and the Internet service providers utilized and other similar information. Reimagines’ systems may also automatically gather information about the areas you visit and search terms you use on this website and about the links you may select from within this website to other areas of the Internet.
If you are located in the European Economic Area (EEA), we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as controller of that personal information for the purposes of those laws.
b. Information Collected from Other Sources
We also obtain personal information, sign ups, and opinions from other sources, such as Survey Monkey and Google Forms.
c. How we use your personal information
Reimagines collects such information in order to send e-mails, fulfill orders, deliver services and products, complete customer transactions, oversee contests and promotions and improve website performance and customer service.
d.Who We Share Your Personal Information With
Reimagines respects your privacy and will never sell, trade or transfer your personally identifiable information to third parties (beyond what is necessary for fulfilling a customer transaction or for the basic functionality of an online service) without your consent.
We do, however, share your name and delivery address details with our third-party suppliers, credit card processors or shipping companies. This data sharing enables payments and shipment of goods.
Our third party payment provider is Stripe. They collect individual payment information (such as debit or credit card number, or bank account information), purchase amount, date of purchase and payment method. See Stripe’s full privacy policy here.
Our third party shipping provider, USPS, uses personal information like city, state, and zip code to calculate shipping rates. See the full privacy policy for USPS here.
Those third-party recipients are based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see Transfer of your information out of the EEA.
Reimagines may release personal information to enforce its Website Terms and Conditions of Use, other Terms and Conditions, manage its business, protect users or the general public, or to otherwise comply with legal obligations.
If you give Reimagines your permission, it may also use personal identification information for internal or external marketing and promotional purposes.
On occasion, Reimagines may collect personal identification information from you in connection with optional contests, special offers or promotions. Reimagines will share such information with necessary third parties for the purpose of carrying out the contest, special offer or promotion. We will ask for your consent to such disclosure and use of such information, prior to your participation in the contest, special offer or promotion.
We will not share your personal information with any other third party.
e. Whether Information Has to Be Provided by You and Why
The provision of personal data including name, address, billing address, delivery address, payment information, and email address are required from you in order to complete your order. We do not require you to provide any personal data in order to view information on our website. We will inform you when we collect it whether you are required to provide the information to us.
f. How Long Your Personal Information Will Be Kept
We will hold your name, address, payment and contact information for six years.
g. Reasons We Can Collect and Use Your Personal Information
Reimagines collects and uses your personal information to further the following legitimate interests. Information is used and edited to send e-mails, fulfill orders, deliver services and products, complete customer transactions, oversee contests and promotions and improve website performance and customer service.
4. Use and Transfer of Your Information Out of the EEA
This website is operated in the United States and third parties with whom we might share your personal information as explained above are also located in the United States. If you are located in the EEA or elsewhere outside of the United States, please be aware that any information you provide will be transferred to the United States. By using this website, participating in any of its services and/or providing your information, you consent to this transfer.
These countries do not have the same data protection laws as the United Kingdom and EEA. While the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to standard data protection clauses adopted by the commission as permitted under GDPR Articles 46-47 and Recitals 108-110 and 114.
Article 46: Transfers subject to appropriate safeguards
1. In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
2. The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorisation from a supervisory authority, by:
(a) a legally binding and enforceable instrument between public authorities or bodies;
(b) binding corporate rules in accordance with Article 47;
(c) standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2);
(d) standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);
(e) an approved code of conduct pursuant to Article 40 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights; or
(f) an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights.
3. Subject to the authorisation from the competent supervisory authority, the appropriate safeguards referred to in paragraph 1 may also be provided for, in particular, by:
(a) contractual clauses between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organisation; or
(b) provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights.
4. The supervisory authority shall apply the consistency mechanism referred to in Article 63 in the cases referred to in paragraph 3 of this Article.
5. Authorisations by a Member State or supervisory authority on the basis of Article 26(2) of Directive 95/46/EC shall remain valid until amended, replaced or repealed, if necessary, by that supervisory authority. Decisions adopted by the Commission on the basis of Article 26(4) of Directive 95/46/EC shall remain in force until amended, replaced or repealed, if necessary, by a Commission Decision adopted in accordance with paragraph 2 of this Article.
Article 47: Binding corporate rules
1. The competent supervisory authority shall approve binding corporate rules in accordance with the consistency mechanism set out in Article 63, provided that they:
(a) are legally binding and apply to and are enforced by every member concerned of the group of undertakings, or group of enterprises engaged in a joint economic activity, including their employees;
(b) expressly confer enforceable rights on data subjects with regard to the processing of their personal data; and
(c) fulfil the requirements laid down in paragraph 2.
2. The binding corporate rules referred to in paragraph 1 shall specify at least:
(a) the structure and contact details of the group of undertakings, or group of enterprises engaged in a joint economic activity and of each of its members;
(b) the data transfers or set of transfers, including the categories of personal data, the type of processing and its purposes, the type of data subjects affected and the identification of the third country or countries in question;
(c) their legally binding nature, both internally and externally;
(d) the application of the general data protection principles, in particular purpose limitation, data minimisation, limited storage periods, data quality, data protection by design and by default, legal basis for processing, processing of special categories of personal data, measures to ensure data security, and the requirements in respect of onward transfers to bodies not bound by the binding corporate rules;
(e) the rights of data subjects in regard to processing and the means to exercise those rights, including the right not to be subject to decisions based solely on automated processing, including profiling in accordance with Article 22, the right to lodge a complaint with the competent supervisory authority and before the competent courts of the Member States in accordance with Article 79, and to obtain redress and, where appropriate, compensation for a breach of the binding corporate rules;
(f) the acceptance by the controller or processor established on the territory of a Member State of liability for any breaches of the binding corporate rules by any member concerned not established in the Union; the controller or the processor shall be exempt from that liability, in whole or in part, only if it proves that that member is not responsible for the event giving rise to the damage;
(g) how the information on the binding corporate rules, in particular on the provisions referred to in points (d), (e) and (f) of this paragraph is provided to the data subjects in addition to Articles 13 and 14;
(h) the tasks of any data protection officer designated in accordance with Article 37 or any other person or entity in charge of the monitoring compliance with the binding corporate rules within the group of undertakings, or group of enterprises engaged in a joint economic activity, as well as monitoring training and complaint-handling;
(i) the complaint procedures;
(j) the mechanisms within the group of undertakings, or group of enterprises engaged in a joint economic activity for ensuring the verification of compliance with the binding corporate rules. Such mechanisms shall include data protection audits and methods for ensuring corrective actions to protect the rights of the data subject. Results of such verification should be communicated to the person or entity referred to in point (h) and to the board of the controlling undertaking of a group of undertakings, or of the group of enterprises engaged in a joint economic activity, and should be available upon request to the competent supervisory authority;
(k) the mechanisms for reporting and recording changes to the rules and reporting those changes to the supervisory authority;
(l) the cooperation mechanism with the supervisory authority to ensure compliance by any member of the group of undertakings, or group of enterprises engaged in a joint economic activity, in particular by making available to the supervisory authority the results of verifications of the measures referred to in point (j);
(m) the mechanisms for reporting to the competent supervisory authority any legal requirements to which a member of the group of undertakings, or group of enterprises engaged in a joint economic activity is subject in a third country which are likely to have a substantial adverse effect on the guarantees provided by the binding corporate rules; and
(n) the appropriate data protection training to personnel having permanent or regular access to personal data.
3. The Commission may specify the format and procedures for the exchange of information between controllers, processors and supervisory authorities for binding corporate rules within the meaning of this Article. Those implementing acts shall be adopted in accordance with the examination procedure set out in Article 93(2).
Recital 108: Appropriate Safeguards
1In the absence of an adequacy decision, the controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. 2Such appropriate safeguards may consist of making use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by a supervisory authority or contractual clauses authorised by a supervisory authority. 3Those safeguards should ensure compliance with data protection requirements and the rights of the data subjects appropriate to processing within the Union, including the availability of enforceable data subject rights and of effective legal remedies, including to obtain effective administrative or judicial redress and to claim compensation, in the Union or in a third country. 4They should relate in particular to compliance with the general principles relating to personal data processing, the principles of data protection by design and by default. 5Transfers may also be carried out by public authorities or bodies with public authorities or bodies in third countries or with international organisations with corresponding duties or functions, including on the basis of provisions to be inserted into administrative arrangements, such as a memorandum of understanding, providing for enforceable and effective rights for data subjects. 6Authorisation by the competent supervisory authority should be obtained when the safeguards are provided for in administrative arrangements that are not legally binding.
Recital 109: Standard Data Protection Clauses
The possibility for the controller or processor to use standard data-protection clauses adopted by the Commission or by a supervisory authority should prevent controllers or processors neither from including the standard data-protection clauses in a wider contract, such as a contract between the processor and another processor, nor from adding other clauses or additional safeguards provided that they do not contradict, directly or indirectly, the standard contractual clauses adopted by the Commission or by a supervisory authority or prejudice the fundamental rights or freedoms of the data subjects. Controllers and processors should be encouraged to provide additional safeguards via contractual commitments that supplement standard protection clauses.
Recital 110: Binding Corporate Rules
A group of undertakings, or a group of enterprises engaged in a joint economic activity, should be able to make use of approved binding corporate rules for its international transfers from the Union to organisations within the same group of undertakings, or group of enterprises engaged in a joint economic activity, provided that such corporate rules include all essential principles and enforceable rights to ensure appropriate safeguards for transfers or categories of transfers of personal data.
Recital 114: Safeguarding of Enforceability of Rights and Obligations in the Absence of an Adequacy Decision
In any case, where the Commission has taken no decision on the adequate level of data protection in a third country, the controller or processor should make use of solutions that provide data subjects with enforceable and effective rights as regards the processing of their data in the Union once those data have been transferred so that that they will continue to benefit from fundamental rights and safeguards.
If you would like further information, (see “How to contact us” below. We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organization (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
5. Your Rights
If you want to unsubscribe from receiving e-mails from Reimagines, you may do so at any time. Each e-mail from Reimagines includes instructions for unsubscribing from these e-mail communications.
If you are covered by the General Data Protection Regulation, you have a number of important rights free of charge. In summary, those include rights to:
• Fair processing of information and transparency over how we use your use personal information
• Access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
• Require us to correct any mistakes in your information which we hold
• Require the erasure of personal information concerning you in certain situations
• Receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• Object at any time to processing of personal information concerning you for direct marketing
• Object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• Object in certain other situations to our continued processing of your personal information
• Otherwise restrict our processing of your personal information in certain circumstances
You may also have the right to claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation, available at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ .
If you would like to exercise any of those rights, please:
• Email, call, or write to us
• Provide us enough information to identify you (e.g., account number, user name, registration details)
• Provide us proof of your identity and address (a copy of your driver’s license or passport and a recent utility or credit card bill)
• Provide us with the information to which your request relates including any account or reference numbers, if you have them.
6. Keeping Your Personal Information Secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorized way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable authorities of a suspected data security breach where we are legally required to do so.
Please note that any comments or information that you post on the website, including the Reimagins site and social media pages, become public and third parties may use your information. Reimagines is not responsible for any unauthorized uses by third parties in such context. You disclose such information at your own risk.
7. Links to Other Sites
You may see advertising or other content on this website that links to the sites and services of our partners, suppliers, advertisers, sponsors, licensors or other third parties. Any products or services reached through a third-party link are subject to separate privacy policies. Reimagines is not responsible for or liable for any content on or actions taken by such third-party websites.
8. How to Complain
We hope that we can resolve any question or concern you raise about our use of your information.
If you are covered by the General Data Protection Regulation, you may lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live, or where any alleged infringement of data protection laws occurred.
9. Changes to This Privacy Notice
This policy is effective as of September 7, 2019. We may change, modify or update this Privacy Policy at any time and will notify you of any such changes by email or postal mail.
10. How to Contact Us
If you have any questions or concerns about this Privacy Policy, the information we hold about you, or you wish to change your personal information in our records, please contact Reimagines via email at elizabeth@reimagines.com or by mail at
126 S Main St, Suite 100
Somerset, Kentucky 42501
11. Do You Need Extra Help?
If you would like this notice in another format (for example: audio, large print, braille) please contact us (see “How to contact us” above).