Personal data & GDPR rights

1. Overview of Your Rights

As a registered user with Dreamwall (customer, newsletter recipient, support contact), you have seven specific rights under the EU's General Data Protection Regulation (GDPR). Here, you will find a brief description of each — and further down, a precise guide on how to exercise them.

The full description of what data we process, why, and for how long can be found in our privacy policy.

2. Right to Access (GDPR Art. 15)

You have the right to know what personal data we hold about you and to receive a copy of it.

What You Will Receive

• Your contact details (name, address, email, phone)
• Your order history with products, dates, and amounts
• Your account data (username, creation date, last seen)
• Wallet balance and transactions
• Marketing consents and their status
• Correspondence with customer service
• Information about which recipients we have shared your data with

You will receive the data in a structured PDF or machine-readable file (CSV/JSON), making it easy to review.

3. Rectification (GDPR Art. 16)

If you discover that we have incorrect or incomplete information about you, you have the right to have it corrected.

You can correct most information yourself via My Account. If that is not possible — for example, because there is an incorrect order in the history — please contact us, and we will fix it.

4. Deletion, "Right to be Forgotten" (GDPR Art. 17)

You have the right to have your personal data deleted when:

• The data is no longer necessary for the purposes for which it was collected
• You withdraw your consent
• You object to processing (see section 7)
• The processing is unlawful
• Deletion is required to comply with a legal obligation

Important Exceptions

We cannot delete data that is necessary for:

• Legal Obligations — accounting data is retained for 5 years (accounting law)
• Legal Claims — ongoing or potential disputes
• Tax & VAT — invoice copies for up to 5 years

When you request deletion, we will anonymise data where legal obligations prevent full deletion, so they can no longer be linked to you as an individual.

5. Restriction of Processing (GDPR Art. 18)

You can ask us to temporarily "freeze" the processing of your data — for example, while a dispute is being resolved. We will continue to store the data but will not actively use it until the matter is resolved.

6. Data Portability (GDPR Art. 20)

Your own uploaded data — contact details, orders, uploaded images, AI prompts — can be provided to you in a machine-readable format (typically JSON or CSV) for transfer to another service.

7. Objection (GDPR Art. 21)

You can object to the processing of your data that is based on our legitimate interests. Specifically, this includes:

• Marketing-based profiling
• Direct marketing
• Site analysis via cookies

When you object, we will immediately stop processing — unless we can demonstrate compelling legitimate grounds that override your interests.

8. Withdrawal of Consent

If we process your data based on your consent (typically for marketing and non-essential cookies), you can withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

How to Withdraw

• Newsletter: click "unsubscribe" at the bottom of any email, or write to us
• Cookies: click "Cookie settings" in the footer and deselect the types you do not want
• Other: write to info@dreamwall.art

9. How to Submit a Request

Send an email to info@dreamwall.art with the subject:

"GDPR — [type of right]"
e.g. "GDPR — access", "GDPR — deletion", "GDPR — data portability"

In the email, please provide:

• Your full name
• The email address associated with your account/order
• Order number if relevant
• What you specifically want (correction of incorrect information, deletion of specific data, etc.)

Verification

To protect you from others exploiting your GDPR rights against you, we may in some cases ask for documentation of your identity. This may include:

• Confirmation via the email you registered with us
• Login to your account with a password
• For particularly sensitive requests: a copy of ID (with irrelevant fields crossed out)

10. Processing Time

We will respond to your request without undue delay and no later than 30 days from receipt.

For particularly complicated or numerous simultaneous requests, the deadline may be extended by an additional 2 months. In such cases, you will be informed within the first 30 days.

The processing is free of charge. However, we may charge a reasonable fee for clearly unfounded or excessive requests (e.g., the same request repeated over and over).

11. If We Cannot Comply

In rare cases, we may need to refuse all or part of your request. This may occur if:

• Legal obligations prevent it (accounting data, tax, legal claims)
• The request overrides the rights of others
• The request is clearly unfounded or excessive

We will always provide you with a written explanation — and you can always complain to the Data Protection Authority, as outlined in the section below.

12. Right to Complain

If you are dissatisfied with our processing of your personal data or our handling of your GDPR request, we encourage you to first contact us directly — we would like to find a good solution.

If we cannot reach an agreement, you can file a complaint with:

Data Protection Authority
Carl Jacobsens Vej 35
2500 Valby
Phone: 33 19 32 00
Email: dt@datatilsynet.dk
Web: datatilsynet.dk