EU GDPR Compliance
This website is compliant with the privacy and data protection standards of the European Union known as GDPR.
Conduct an information audit to determine what information you process and who has access to it.
Organizations that have at least 250 employees or conduct higher-risk data processing are required to keep an up-to-date and detailed list of their processing activities and be prepared to show that list to regulators upon request. The best way to demonstrate GDPR compliance is using a data protection impact assessment Organizations with fewer than 250 employees should also conduct an assessment because it will make complying with the GDPR's other requirements easier. In your list, you should include: the purposes of the processing, what kind of data you process, who has access to it in your organization, any third parties (and where they are located) that have access, what you're doing to protect the data (e.g. encryption), and when you plan to erase it (if possible).
Have a legal justification for your data processing activities.
Processing of data is illegal under the GDPR unless you can justify it according to one of six conditions listed in Article 6. There are other provisions related to children and special categories of personal data in Articles 7-11. Review these provisions, choose a lawful basis for processing, and document your rationale. Note that if you choose "consent" as your lawful basis, there are extra obligations, including giving data subjects the ongoing opportunity to revoke consent. If "legitimate interests" is your lawful basis, you must be able to demonstrate you have conducted a privacy impact assessment.
GDPR Article 6:
Processing shall be lawful only if and to the extent that at least one of the following applies:
a. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
c. processing is necessary for compliance with a legal obligation to which the controller is subject;
The collection of personal customer data in regards to orders and transactions placed on this website is fully compliant with the GDPR regulations due to the requirements of tax authorities and invoice record keeping. Customers consent to giving this information after filling out the form and willfully submitting the information along with their order.
GDPR Article 12:
1. The controller shall take appropriate measures to provide any information referred to in Articles 13 and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.
3. The controller shall provide information on action taken on a request under Articles 15 to 22 to the data subject without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
Please fill out this form to request all the data we have collected on you or this form to delete your data under the "Right to be Forgotten" policy.
To comply with the regulations governing cookies under the GDPR and the ePrivacy Directive you must:
a. Receive users’ consent before you use any cookies except strictly necessary cookies.
b. Provide accurate and specific information about the data each cookie tracks and its purpose in plain language before consent is received.
c. Document and store consent received from users.
d. Allow users to access your service even if they refuse to allow the use of certain cookies.
e. Make it as easy for users to withdraw their consent as it was for them to give their consent in the first place.