Last updated: May 2026
This page explains your privacy rights under the General Data Protection Regulation (GDPR) for EU/EEA residents and the California Consumer Privacy Act (CCPA) for California residents. These rights apply in addition to our Privacy Policy.
1. Your Rights Under GDPR (EU/EEA Residents)
If you are located in the European Union or EEA, you have the following rights regarding your personal data:
1.1 Right to Access
You may request a copy of the personal data we hold about you.
1.2 Right to Rectification
You may request corrections to inaccurate or incomplete data.
1.3 Right to Erasure (“Right to Be Forgotten”)
You may request deletion of your data when:
- It is no longer needed
- You withdraw consent
- Processing is unlawful
1.4 Right to Restrict Processing
You may request that we limit how your data is used.
1.5 Right to Data Portability
You may request your data in a structured, machine‑readable format.
1.6 Right to Object
You may object to:
- Direct marketing
- Profiling
- Processing based on legitimate interests
1.7 Right to Withdraw Consent
You may withdraw consent at any time without affecting prior lawful processing.
1.8 Right to Lodge a Complaint
You may file a complaint with your local Data Protection Authority (DPA).
2. Legal Basis for Processing (GDPR)
We process your data under the following legal bases:
- Contract performance
- Legitimate interest
- Consent
- Legal obligation
Details are available in our Privacy Policy.
3. Your Rights Under CCPA (California Residents)
If you are a resident of California, you have the following rights:
3.1 Right to Know
You may request disclosure of:
- Categories of personal data collected
- Sources of data
- Purpose of collection
- Third parties with whom data is shared
3.2 Right to Access
You may request a copy of your personal information.
3.3 Right to Deletion
You may request deletion of your personal data, with certain exceptions (fraud prevention, legal compliance, etc.).
3.4 Right to Opt‑Out of Data Sale
We do not sell personal information. If this changes, we will provide a “Do Not Sell My Personal Information” link.
3.5 Right to Non‑Discrimination
We will not deny services, charge different prices, or provide different levels of service if you exercise your CCPA rights.
4. Categories of Data We Collect (GDPR + CCPA)
We may collect the following categories of information:
- Identifiers (name, email, address)
- Commercial information (orders, transactions)
- Internet activity (cookies, IP address, analytics)
- Geolocation data
- Device information
- Customer support messages
Full details are in our Privacy Policy.
5. How to Exercise Your Rights
You may submit GDPR or CCPA requests by contacting us:
Email: [Your Support Email] Subject Line: “Data Request – GDPR” or “Data Request – CCPA”
We will respond within:
- 30 days for GDPR requests
- 45 days for CCPA requests (extendable once by 45 days)
To protect your data, we may request identity verification.
6. Verification Requirements
To process your request, we may ask for:
- Order number
- Email address used for purchase
- Proof of identity (if required by law)
We will never request sensitive documents unless legally necessary.
7. Authorized Agents (CCPA)
California residents may designate an authorized agent to submit requests on their behalf. We may require:
- Written authorization
- Identity verification of the consumer
8. International Data Transfers
Your data may be transferred to and processed in countries outside your residence, including China, the EU, and the United States. We implement safeguards such as:
- Standard Contractual Clauses (SCCs)
- Secure data processing agreements
- Encryption and access controls
9. Updates to This Page
We may update this GDPR/CCPA page to reflect changes in regulations or our data practices. Changes will be posted with an updated “Last Updated” date.