GDPR Compliance

GDPR Compliance

Last updated: January 27, 2025

Your Data Protection Rights

Under the General Data Protection Regulation (GDPR), you have several rights regarding your personal data. This page explains how you can exercise these rights.

Your Rights Under GDPR

1. Right to Access (Article 15)

You have the right to request copies of your personal data that we hold.

What you can request:

  • Confirmation that we are processing your personal data
  • Copies of your personal data
  • Information about how we use your data
  • Information about who we share your data with

2. Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

What you can request:

  • Correction of incorrect information
  • Completion of incomplete information

3. Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances.

When you can request deletion:

  • Your data is no longer necessary for the original purpose
  • You withdraw consent and there’s no other legal basis
  • Your data has been unlawfully processed
  • You object to processing and there are no overriding legitimate grounds

4. Right to Restrict Processing (Article 18)

You have the right to request limitation of processing of your personal data.

When you can request restriction:

  • You contest the accuracy of your data
  • Processing is unlawful but you don’t want deletion
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format.

What you can request:

  • Your data in a machine-readable format
  • Transfer of your data to another service provider (where technically feasible)

6. Right to Object (Article 21)

You have the right to object to processing of your personal data.

When you can object:

  • Processing based on legitimate interests
  • Direct marketing
  • Processing for research or statistical purposes

7. Right to Withdraw Consent (Article 7)

You have the right to withdraw consent at any time where processing is based on consent.

How to Exercise Your Rights

Contact Us

To exercise any of your rights, please contact us:

  • Email: info@esotericwitch.com
  • Subject Line: “GDPR Data Request - [Your Right]”
  • Include: Your full name and email address used on our site

Response Time

We will respond to your request within 30 days of receipt. In complex cases, we may extend this period by up to 60 days, and we will inform you of any extension.

Verification

We may need to verify your identity before processing your request to protect your privacy and security.

Data We Process

Personal Data We Collect

  1. Contact Information: Email address (if you subscribe to our newsletter)
  2. Usage Data: IP address, browser type, pages visited, time spent on site
  3. Cookie Data: Preferences, analytics data, advertising data
  • Legitimate Interest: Website functionality and security
  • Consent: Analytics, marketing cookies, newsletter subscription
  • Legal Obligation: Compliance with applicable laws

Data Retention

  • Newsletter Data: Until you unsubscribe
  • Analytics Data: Up to 26 months
  • Cookie Data: As specified in our Cookie Policy

Data Transfers

Some of our service providers may transfer your data outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

  • Standard Contractual Clauses: With service providers
  • Adequacy Decisions: For countries with adequate protection
  • Consent: Where appropriate safeguards are not available

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance with GDPR:

Complaints

If you are not satisfied with our response to your data protection request, you have the right to lodge a complaint with your local data protection authority:

Finland

Other EU Countries

You can find your local data protection authority at: edpb.europa.eu

Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

Children’s Data

Our website is not intended for children under 13. We do not knowingly collect personal data from children under 13. If you are a parent and believe your child has provided us with personal data, please contact us.

Updates to This Page

We may update this GDPR Compliance page from time to time. We will notify you of any material changes by posting the updated page on our website.

Contact Information

For any questions about your data protection rights or this page:

This GDPR Compliance page is effective as of January 27, 2025, and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.