GDPR Compliance

Our commitment to protecting the rights of EU residents

Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to the processing of personal data of individuals in the European Union. While Shiny Gear is based in Canada, we recognize the importance of GDPR compliance when serving EU residents and maintain practices that align with these requirements.

Data Controller

For the purposes of GDPR, Shiny Gear acts as the data controller for personal information collected through our website and services. Our contact details:

Shiny Gear
457 Queen Street West, Suite 301
Toronto, ON M5V 2A9
Canada
Email: [email protected]

Lawful Basis for Processing

We process personal data of EU residents only when we have a lawful basis to do so. The legal grounds we rely on include:

Consent

When you explicitly agree to our processing your data for specific purposes, such as subscribing to newsletters or agreeing to cookies beyond essential ones. You have the right to withdraw this consent at any time.

Contract Performance

When processing is necessary to fulfill our contractual obligations to you, such as delivering journalism or writing services you have engaged us to provide.

Legitimate Interests

When we have legitimate business reasons to process your data that do not override your fundamental rights. This includes maintaining our website, preventing fraud, and improving our services.

Legal Compliance

When we must process your data to comply with legal obligations, such as tax reporting or responding to lawful requests from authorities.

Your Rights Under GDPR

If you are an EU resident, you have the following rights regarding your personal data:

Right to Access

You have the right to request confirmation of whether we process your personal data and to obtain a copy of that data along with supplementary information about how we use it.

Right to Rectification

You can request correction of inaccurate personal data and completion of incomplete personal data.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes it was collected or when you withdraw consent.

Right to Restriction of Processing

You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not engage in this type of automated decision-making.

How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. Include sufficient information to identify yourself and specify which right you wish to exercise.

We will respond to your request within one month, though this period may be extended by two additional months for complex requests. We will inform you of any extension within the initial month along with reasons for the delay.

We do not charge a fee for processing rights requests unless the request is clearly unfounded, repetitive, or excessive.

Data We Collect

The personal data we may collect from EU residents includes:

  • Contact information (name, email address, company details)
  • Communication content (emails, project briefs, feedback)
  • Technical data (IP address, browser information, device data)
  • Usage data (pages visited, interaction patterns)
  • Professional information (industry, role, project requirements)

How We Use Personal Data

We use personal data for purposes including:

  • Providing journalism and writing services
  • Responding to inquiries and communications
  • Improving our website and services
  • Sending service-related updates
  • Marketing communications (with consent)
  • Complying with legal obligations
  • Protecting against fraud and security threats

Data Sharing and Transfers

We do not sell personal data. We may share data with:

  • Service providers who assist with our operations (subject to data processing agreements)
  • Professional advisors when necessary
  • Legal authorities when required by law

When transferring personal data outside the EU, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and testing
  • Access controls and authentication requirements
  • Staff training on data protection
  • Incident response procedures

Data Retention

We retain personal data only as long as necessary for the purposes it was collected or as required by law. Retention periods vary based on the type of data and purpose:

  • Client project data: Seven years after project completion
  • Communication records: Three years from last contact
  • Marketing consent records: Until consent is withdrawn
  • Website analytics: 26 months

When data is no longer needed, we securely delete or anonymize it.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach poses a high risk, we will also notify affected individuals without undue delay.

Children's Data

We do not knowingly collect or process personal data of individuals under 16 years of age. If we discover we have collected such data, we will delete it promptly.

Updates to This Information

We may update this GDPR compliance information periodically. Significant changes will be communicated through our website or direct notification to registered users.

Supervisory Authority

If you are unsatisfied with how we handle your personal data, you have the right to lodge a complaint with your local supervisory authority. However, we encourage you to contact us first so we can address your concerns.

Contact Us

For questions about our GDPR compliance or to exercise your rights, contact us at:

Email: [email protected]
Subject line: GDPR Inquiry