GDPR Notice

Last Updated: November 24, 2024

Introduction

If you're visiting PowderDash from the European Union (EU), European Economic Area (EEA), or United Kingdom (UK), you have specific data protection rights under the General Data Protection Regulation (GDPR). This notice explains those rights and how we comply.

For general privacy information, see our full Privacy Policy. This page focuses specifically on GDPR requirements.

Who We Are (Data Controller)

PowderDash, owned and operated by Nataliia Ofitserova, operates powderdash.com and is the data controller for personal information collected via the Site. As the data controller, we determine how and why your data is processed.

Data Controller Information

Name: Nataliia Ofitserova

Trading As: PowderDash

Registered Address: 71–75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ

Country: United Kingdom (England and Wales)

Contact: For GDPR-related inquiries, use our Contact page. We'll respond within 30 days as required by law.

What Personal Data We Collect

We collect minimal personal data from EU visitors:

  • Contact Form Submissions: Name, email address, message content (voluntarily provided when you contact us).
  • Newsletter Subscriptions: Email address (voluntarily provided when you subscribe).
  • Automatically Collected: IP address, browser type, device type, pages visited, referral source (collected via analytics tools).

We do not collect special categories of personal data (health, race, religion, etc.) or data from children under 16.

Legal Basis for Processing

Under GDPR, we must have a lawful basis to process your data. Here are the legal bases we rely on:

  • Consent: When you submit a contact form or subscribe to our newsletter, you consent to us processing your data for those purposes. You can withdraw consent anytime.
  • Legitimate Interests: We use analytics cookies to understand Site usage and improve content. This serves our legitimate business interests without overriding your privacy rights. You can opt out of analytics (see Cookie Policy).
  • Legal Obligation: If required by law (e.g., responding to court orders), we process data to comply.

Your Rights Under GDPR

EU/EEA/UK residents have the following data protection rights:

1. Right to Access

You can request a copy of the personal data we hold about you. This is called a Subject Access Request (SAR). We'll provide the data in a commonly used, machine-readable format (e.g., PDF or CSV).

2. Right to Rectification

If the data we hold about you is inaccurate or incomplete, you can request correction. We'll update it promptly.

3. Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data if:

  • It's no longer necessary for the purpose it was collected.
  • You withdraw consent and there's no other legal basis for processing.
  • You object to processing and there are no overriding legitimate grounds.
  • The data was unlawfully processed.

Note: We may retain data if required by law (e.g., for tax records or legal disputes).

4. Right to Restriction of Processing

You can request we stop processing your data (but not delete it) in certain circumstances, such as:

  • You contest the accuracy of the data.
  • Processing is unlawful but you don't want erasure.
  • We no longer need the data but you need it for a legal claim.

5. Right to Data Portability

You can request your data in a structured, commonly used format and transmit it to another controller. This applies when processing is based on consent or contract and is carried out by automated means.

6. Right to Object

You can object to processing based on legitimate interests (e.g., analytics). We'll stop unless we demonstrate compelling legitimate grounds that override your interests.

You also have an absolute right to object to processing for direct marketing purposes (e.g., unsubscribe from newsletters).

7. Right to Withdraw Consent

If processing is based on your consent, you can withdraw it anytime. This doesn't affect the lawfulness of processing before withdrawal.

How to withdraw consent:

  • Newsletter: Click "unsubscribe" in any email.
  • Contact Form: Email us requesting we stop processing your submission data.
  • Analytics: Opt out via browser settings or Google Analytics Opt-out.

8. Right to Lodge a Complaint

If you believe we've mishandled your data, you have the right to complain to your local data protection authority (DPA):

  • EU/EEA: Find your DPA here.
  • UK: Information Commissioner's Office (ICO) at ico.org.uk.

We'd appreciate the opportunity to address your concerns directly before you contact a DPA, but you have the right to complain at any time.

How to Exercise Your Rights

To exercise any of the above rights, contact us via our Contact page with:

  • Your name and email address
  • Which right you're exercising (e.g., "I request deletion of my data")
  • Details to help us locate your data (e.g., date of contact form submission)

We'll respond within 30 days (extended to 60 days for complex requests, with notification). If we refuse a request, we'll explain why and inform you of your right to complain to a DPA.

Verification: To protect your privacy, we may ask for proof of identity before fulfilling requests.

Data Retention

We retain personal data only as long as necessary:

  • Contact Form Submissions: 2 years, then deleted.
  • Newsletter Subscriptions: Until you unsubscribe.
  • Analytics Data: Anonymized and retained per provider policy (typically 26 months), then deleted.
  • Server Logs: 90 days, then auto-deleted.

If you request deletion, we'll comply promptly (subject to legal obligations to retain certain records).

Data Transfers Outside the EU

Some third-party services we use (e.g., hosting, analytics) may process data outside the EU/EEA/UK. When this happens, we ensure adequate safeguards:

  • Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring data protection.
  • Adequacy Decisions: Data transferred to countries deemed adequate by the EU (e.g., Canada for commercial organizations under PIPEDA).

For details on specific services and safeguards, contact us.

Automated Decision-Making & Profiling

We do not use automated decision-making or profiling. No algorithms make decisions about you based on personal data. Analytics are aggregated and used only for improving the Site, not targeting individuals.

Updates to This Notice

We may update this GDPR Notice to reflect changes in law or practices. Updates will be posted here with a new "Last Updated" date. Check back periodically if you're concerned about GDPR compliance.

Questions?

For GDPR-specific questions or to exercise your rights, contact us via our Contact page. For general privacy questions, see our Privacy Policy.