PRIVACY POLICY
Data privacy statement pursuant to GDPR
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation of the EU (GDPR) and other national data protection laws of the Member States, as well as other data protection provisions:
Name: Griffin Hearts LTD
Email: hello@griffinhearts.com
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
Description and scope of data processing
There is a contact form on our website that can be used to contact us electronically. If the user makes use of this opportunity, the data entered in the input mask are transmitted to us and stored. These data comprise:
1. Name
2. Email
The following data are also stored at the time the message is sent:
1. The user’s IP address
2. Date and time of the registration
For the purpose of processing the data, your consent is obtained and reference is made to this data privacy statement as part of the registration process.
Alternatively, you can contact us by using the email address provided. In this case, the user’s personal data transmitted with the email will be stored.
The data are exclusively used to process the conversation.
Legal basis for the data processing
If the user has given his or her consent, Art. 6 (1) (a) GDPR forms the legal basis for the data processing.
Art. 6 (1) (f) GDPR forms the legal basis for processing the data transmitted while an email is being sent. If the email contact is aimed at concluding a contract, Art. 6 (1) (b) GDPR forms an additional legal basis for the data processing.
Purpose of the data processing
Processing of the personal data from the input mask is exclusively for the purpose of processing the contact process. If we are contacted by email, the necessary legitimate interest in processing the data also lies in this contact.
The other personal data processed during the sending process serve to prevent abuse of the contact form and to ensure the security of our information technology systems.
Duration of storage
The data shall be erased without undue delay when they are no longer necessary in relation to the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user is ended. The conversation is ended when the circumstances indicate that the matter concerned is finally resolved.
The personal data collected additionally during the sending process will be erased after not later than a period of seven days.
Option of objection and removal
The user has the option of withdrawing his or her consent to the processing of the personal data at any time. If the user contacts us by email, he or she can object to the storage of his or her personal data at any time. In that case, the conversation cannot be continued.
Cancellation by email: hello@griffinhearts.com
All the personal data stored in the course of the contact process will be erased in this case.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Rights of the data subject
The following list comprises all the rights of the data subjects pursuant to GDPR. Rights that are not relevant for one’s own website do not need to be mentioned. In that regard, the list can be shortened.
If your personal data are processed, you are the data subject within the meaning of GDPR and you have the following rights vis-à-vis the controller:
Right to information
You may request confirmation from the controller about whether personal data concerning you are being processed by us.
If such processing is taking place, you can request information from the controller about the following:
- The purposes for which the personal data are being processed;
- The categories of personal data that are being processed;
- The recipients or the categories of recipients to whom the personal data concerning you were disclosed or are yet to be disclosed;
- The planned duration of the storage of the personal data concerning you or, if it is not possible to obtain specific information about this, the criteria for determining the duration of storage;
- The existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to objection to this processing;
- The existence of a right to complain to a supervisory authority;
- All available information about the origin of the data, if the personal data were not collected from the data subject;
- The existence of automated decision-making including profiling pursuant to Art. 22 (1) and (4) GDPR and – at least in these cases – meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject.
You also have the right to request information about whether the personal data concerning you are being transferred to a third country or an international organization. In this regard, you can request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
Right to rectification
You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller shall carry out the rectification without undue delay.
Right to restriction of processing
You may request restriction of processing of the personal data concerning you under the following conditions:
- If you dispute the accuracy of the personal data concerning you for a period of time that enables the controller to verify the accuracy of the personal data;
- The processing is unlawful and you reject erasure of the personal data and instead request restriction of the use of the personal data;
- The Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
- If you have objected to the processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of the personal data concerning you has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of the processing was restricted in accordance with the above-mentioned conditions, you will be informed by the controller before the restriction is lifted.
Right to erasure
Obligation to erase
You may demand that the controller erase the relevant personal data without undue delay, and the controller is obligated to promptly erase the data if one of the following applies:
- The personal data concerning you are no longer necessary in relation to the purpose for which they were collected or otherwise processed.
- You withdraw your consent on which the processing is based pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and there is no other legal ground for the processing.
- You object to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 (2) GDPR.
- The personal data concerning you have been unlawfully processed.
- The personal data concerning you have to be erased to comply with a legal obligation under Union or Member State law to which the controller is subject.
- The personal data concerning you were collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.
Information to third parties
If the controller has made the personal data concerning you public and is obligated to erase them pursuant to Art. 17 (1) GDPR, the controller, taking account of available technology and the cost of implantation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject request the erasure by such controllers of any links to, or copy or replication of, those personal data.
Exceptions
There is no right to erasure if the processing is necessary
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- For reasons of public interest in the area of public health pursuant to Art. 9 (2) (h) and (i) as well as Art. 9 (3) GDPR;
- For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 (1) GDPR, to the extent that the right referred to in subsection (3) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- To establish, exercise or defend legal claims.
Right to notification
If you have claimed the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obligated to communicate this rectification or erasure of the data or restriction of processing to all recipients to whom the personal data concerning you were disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed of these recipients by the controller.
Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition, you have the right to have these data transmitted to another controller without hindrance from the controller to which the personal data were provided, if
- The processing is based on consent pursuant to Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR or a contract pursuant to Art. 6 (1) (b) GDPR and
- The processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another if this is technically feasible. This may not adversely affect the freedoms and rights of others.
The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6 (1) (e) or (f) GDPR; including profiling based on these provisions.
The controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of establishing, exercising or defending legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for the purpose of such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for these purposes.
In the context of the use of information society services, you have the opportunity – notwithstanding Directive 2002/58/EC – to exercise your right to object by automated means using technical specifications.
Right to withdraw the declaration of consent regarding data privacy
You have the right to withdraw your declaration of consent regarding data privacy at any time. A withdrawal of consent does not affect the lawfulness of any processing done up to the time of withdrawal.
Automated individual decision-making, including profiling
You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision
- Is necessary to enter into or perform a contract between you and the controller;
- Is authorised by Union or Member State law to which the controller is subject, and these legal provisions also lay down suitable measures to safeguard your rights and freedoms and legitimate interests, or
- Is based on your explicit consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 (1) GDPR unless Art. 9 (2) (a) or (g) GDPR apply and suitable measures have been taken to protect your rights and freedoms and legitimate interests.
In the cases referred to in sections 1 and 3, the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your own point of view and to contest the decision.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you are of the opinion that the processing of personal data relating to you violates the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.