This section supplements our main Privacy Policy and applies specifically to individuals located within the European Economic Area (EEA). It outlines your rights under the General Data Protection Regulation (GDPR) and explains how Olivia’s Table (“we,” “us,” or “our”) collects, uses, and safeguards your personal data in compliance with this regulation.
1. Data Controller
For the purposes of the GDPR, the Data Controller responsible for your personal data is:
-
Name: Olivia (representing Olivia’s Table)
-
Contact Email: oliviatable01@gmail.com
If you have any questions or wish to exercise your data protection rights, this is the primary point of contact.
2. Legal Basis for Processing Your Personal Data
We will only process your personal data when we have a lawful basis to do so. Our processing activities are typically based on the following legal grounds:
-
Consent: When you have given clear, affirmative consent for a specific purpose (e.g., subscribing to our newsletter, accepting cookies).
-
Contractual Necessity: When processing is necessary to perform a contract with you (e.g., providing access to a service you requested).
-
Legitimate Interests: When processing is necessary for our legitimate business interests, such as improving our website’s functionality, security, and content, or for direct marketing purposes, provided your interests and fundamental rights do not override those interests.
-
Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.
3. Your Data Protection Rights Under GDPR
If you are a resident of the EEA, you are entitled to the following rights. To exercise any of these rights, please contact us using the details in Section 1.
-
The Right to Access: You have the right to request copies of the personal data we hold about you.
-
The Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
-
The Right to Erasure (the “Right to be Forgotten”): You have the right to request that we erase your personal data, under certain conditions (e.g., if the data is no longer necessary for the purposes it was collected).
-
The Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions (e.g., while we verify the accuracy of your data).
-
The Right to Object to Processing: You have the right to object to our processing of your personal data, particularly where we rely on legitimate interest as the legal basis. This includes objecting to direct marketing.
-
The Right to Data Portability: You have the right to request that we transfer the data we have collected about you to another organization, or directly to you, in a structured, commonly used, machine-readable format, where our processing is based on consent or contract and is carried out by automated means.
-
The Right to Withdraw Consent: You have the right to withdraw your consent at any time where we relied on your consent to process your personal data. This does not affect the lawfulness of processing that occurred before your withdrawal.
4. How We Facilitate Your Rights & Timeframe
We will respond to all legitimate requests within one month of receipt. Occasionally, it may take us longer if your request is particularly complex or you have made multiple requests. In this case, we will notify you and keep you updated.
We may request specific information from you to help us confirm your identity and ensure your right to access your data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
5. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside the EEA (e.g., when we use service providers located in the United States). We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this GDPR Notice and applicable data protection law, including using standard contractual clauses approved by the European Commission where required.
6. Lodging a Complaint
If you believe that our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority in the EEA member state of your habitual residence, place of work, or place of the alleged infringement. We would, however, appreciate the chance to address your concerns first. Please contact us using the details in Section 1.