Introduction to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union, regardless of where the organization is located.
At SminuGunpa Wear, we are committed to protecting your personal data and respecting your privacy rights under GDPR. This page outlines how we comply with GDPR requirements and explains your rights as a data subject.
Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:
Consent
We may process your data when you have given explicit consent for specific purposes, such as receiving marketing communications or participating in surveys.
Contract Performance
We process your data to fulfill our contractual obligations, such as processing and delivering your orders.
Legal Obligation
We may process your data to comply with legal requirements, such as tax regulations or responding to legal requests.
Legitimate Interests
We may process your data based on our legitimate business interests, such as fraud prevention, network security, or improving our services, provided these interests do not override your rights and freedoms.
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right to Access
You have the right to request access to your personal data and receive information about how we process it. We will provide you with a copy of your personal data in a commonly used electronic format.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data in certain circumstances, such as:
- The data is no longer necessary for the purposes it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restriction of Processing
You have the right to request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
Right to Object
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.
Right to Withdraw Consent
When processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us at:
Email: [email protected]
Subject Line: "GDPR Data Subject Request"
We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months and will inform you of the extension and reasons for delay.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:
Email: [email protected]
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:
- Order and customer service data: 7 years (for tax and accounting purposes)
- Marketing communications: Until you withdraw consent or we determine it is no longer relevant
- Account information: Until account deletion or 3 years of inactivity
- Website analytics: 26 months
International Data Transfers
We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Transfers to countries with an adequacy decision from the European Commission
- Binding Corporate Rules for transfers within multinational organizations
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Pseudonymization and encryption of personal data
- Regular testing and assessment of security measures
- Ensuring confidentiality, integrity, and availability of systems
- Ability to restore data availability in case of incidents
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach.
Children's Data
We do not knowingly process personal data of individuals under 16 years of age without parental consent. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete that information.
Automated Decision-Making and Profiling
We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you.
Updates to This Policy
We may update this GDPR compliance statement from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email.
Contact Information
For questions about our GDPR compliance or to exercise your rights, please contact us:
SminuGunpa Wear
1285 West Pender Street, Suite 600
Vancouver, BC V6E 4B1
Canada
Email: [email protected]
DPO Email: [email protected]