GDPR Compliance

Our Commitment to GDPR

mauve-cascade is committed to complying with the General Data Protection Regulation (GDPR), which governs the processing of personal data for individuals within the European Economic Area (EEA).

Although we are based in Canada, we recognize the importance of protecting the privacy rights of all individuals, regardless of location, and have implemented comprehensive data protection measures that meet GDPR standards.

Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of a contract with you
• Legal Obligation: Processing is necessary to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies beyond the first request.

Right to Rectification

You have the right to request correction of any personal data you believe is inaccurate or incomplete.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request restriction of processing your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to request transfer of your personal data to another organization or directly to you in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interests as the legal basis for processing.

Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with your request. We will respond to your request within one month, though this period may be extended by two additional months for complex requests.

We may request proof of identity to verify your request and ensure we do not disclose personal data to unauthorized individuals.

Data Protection Measures

We have implemented the following technical and organizational measures to protect your personal data:

• Encryption of personal data both in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication systems
• Employee training on data protection and privacy
• Data minimization practices to collect only necessary information
• Regular backup procedures and disaster recovery plans

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Implementation of appropriate technical and organizational security measures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

The notification will include the nature of the breach, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.

Supervisory Authority

If you are located in the EEA and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

Contact Information

For questions about our GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Address: 1247 Granville Street, Vancouver, BC V6Z 1M3, Canada