General Data Protection Regulation (GDPR) Policy

 

This GDPR Policy outlines the principles and practices we follow concerning the collection, processing, and protection of personal data in compliance with the General Data Protection Regulation (GDPR).

 

1. Data Controller and Data Processor:

ShamanicSarah.com acts as the data controller for the personal data collected through our website. ShamanicSarah.com may also engage third-party service providers as data processors for specific services.

2. Information We Collect:

We collect and process personal data for the following purposes:

Name, email address, and other contact details for communication purposes.

 

3. Lawful Basis for Processing:

We will only process personal data when we have a lawful basis to do so, such as the data subject’s consent, the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, the performance of a task carried out in the public interest or in the exercise of official authority, and legitimate interests pursued by the data controller or a third party.

4. Data Minimization:

We collect and process only the personal data that is necessary for the intended purpose. We do not retain personal data for longer than is necessary.

5. Rights of Data Subjects:

Individuals have the right to access, rectify, erase, restrict processing, and port their personal data. They also have the right to object to the processing of their data.

6. Security Measures:

We implement appropriate technical and organizational measures to ensure the security and confidentiality of personal data, preventing unauthorized access, disclosure, alteration, and destruction.

7. Data Breach Response:

In the event of a data breach that poses a risk to individuals’ rights and freedoms, we will promptly assess the situation, notify the relevant supervisory authority, and communicate with affected data subjects as required by law.

8. International Data Transfers:

If personal data is transferred to countries outside the European Economic Area (EEA), we ensure that adequate safeguards are in place to protect the data in accordance with GDPR requirements.

9. Updates to the GDPR Policy:

This GDPR Policy may be updated periodically to reflect changes in our data processing activities or legal requirements. Any updates will be posted on our website.

10. Contact Information:

For inquiries or requests related to personal data, please contact: hello@shamanicsarah.com

Updated: 1 January 2024