willow-deer

willow-deer is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

Our Commitment to GDPR

Although willow-deer is based in Canada, we recognize and respect the privacy rights of individuals in the European Economic Area (EEA). We are committed to processing personal data in accordance with GDPR principles when serving clients from the EEA.

Data Controller

For the purposes of GDPR, willow-deer acts as the data controller for personal data collected through our website and services. Our contact information is:

willow-deer
1847 Granville Street, Suite 405
Vancouver, BC V6Z 1K7
Canada
[email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Consent: When you have given clear consent for us to process your personal data for a specific purpose
Contract: When processing is necessary for the performance of a contract with you
Legitimate Interests: When processing is necessary for our legitimate business interests, provided these do not override your rights and freedoms
Legal Obligation: When processing is necessary to comply with legal requirements

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of the personal data we hold about you and to receive information about how it is processed.

Right to Rectification

You have the right to request correction of inaccurate personal data or completion of incomplete data.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You have the right to request that we limit our processing of your personal data under certain circumstances.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have it transmitted to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time without affecting the lawfulness of processing prior to withdrawal.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In certain circumstances, we may extend this period by two additional months, in which case we will inform you of the extension and the reasons for it.

We may request verification of your identity before processing your request to ensure the security of your personal data.

International Data Transfers

As a Canadian company, any personal data transferred from the EEA to Canada benefits from the European Commission's adequacy decision regarding Canada's Personal Information Protection and Electronic Documents Act (PIPEDA). We take appropriate safeguards to ensure your data is protected during any international transfers.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data. These measures include:

Encryption of data in transit and at rest
Access controls and authentication
Regular security assessments
Staff training on data protection

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When personal data is no longer needed, we securely delete or anonymize it.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where feasible. If the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Children's Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

Complaints

If you believe that we have not handled your personal data properly or have infringed your privacy rights, you have the right to lodge a complaint with a supervisory authority. You may also contact us directly to address your concerns.

Changes to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

Contact Us

For questions about GDPR compliance or to exercise your rights, please contact us at: