Privacy Notice - The PrivacyCraft Blog
This website is owned by, and the controller for the processing of your personal data is, me – Andreea Lisievici, with registered address at Smörgatan 18, 41276 Göteborg, Sweden, VAT number SE830614618701.
In this Privacy Notice you can find information on what personal data is processed, why, for how long, who else has access to it, what rights you have under the EU General Data Protection Regulation and how to exercise them.
When you browse my blog (blog.privacycraft.pro)
Accessing this website will collect information from your device. Some of the data stored and accessed is necessary for the operation of the website, while all others are stored or accessed provided you consent to this through the cookie banner. Information on the actual cookies and technologies used, who sets them and for how long can be found in the cookie declaration (which is also available from the banner):
You can change your options at any time through the dedicated button which is available on each page.
Your choices are stored for 12 months. This processing uses CookieBot as a processor. The cookies themselves have different periods for storage which are indicated in the cookie declaration.
When you subscribe to my newsletter
My newsletter includes articles I post on the blog, as well as information on my courses, discounts, and events and due to this it is considered marketing.
Subscribing to the newsletter means your name and email address that you provide will be stored in my CRM, which is my processor ActiveCampaign, and the storage location is the United States. This data is processed based on your consent (GDPR Art. 6.1.a), and the transfer to the United States is performed under the Data Privacy Framework (GDPR Art. 45). The data is processed for as long as you are a subscriber. You can unsubscribe from each email and, if you do, your email address will be added to a suppression list that I process for the legitimate interest of ensuring you don’t receive newsletters going forward (GDPR Art. 6.1.f).
Who else has access to your data
Your personal data is processed through processors indicated in the relevant sections. All of such third parties are limited by contract in their ability to use your personal data for any purpose other than to provide services for me in compliance with each data processing agreement in place. Where the processing involves a transfer of data outside of the European Economic Area, this is performed under the EU-US Data Privacy Framework (if applicable) or the Standard Contractual Clauses approved by the European Commission.
Your rights under GDPR
As a data subject you have specific legal rights granted by the General Data Protection Regulation relating to the personal data we process about you. These are briefly explained below, and you can exercise them by sending an email to hello[at]privacycraft.pro.
Right to withdraw consent: Where you have given consent for the processing of your personal data, you may withdraw your consent at any moment with effect for the future.
Right to access your personal data: You may ask for information regarding personal data that I hold about you. A copy will be provided to you upon request.
Right to rectification: You can request rectification of incorrect or incomplete personal data concerning you.
Right to restriction: You can request restriction of processing of your personal data, if:
- you contest the accuracy of your personal data, for the period I need to verify the accuracy,
- the processing is unlawful and you request the restriction of processing rather than erasure of your personal data,
- I no longer need your personal data for the processing purpose but you require them for the establishment, exercise or defense of legal claims, or
- you object to the processing while I verify whether my legitimate grounds override yours.
Right to portability: You have the right to receive your personal data that you have provided to me and, where technically feasible, request that I transmit your personal data (that you have provided to me) to another organization, if:
- I process your personal data by automated means; and
- I base the processing of your personal data on your consent, or the processing of your personal is necessary for the execution or performance of a contract to which you are a party; and
- your personal data is provided by you; and
- your right to portability does not adversely affect the rights and the freedoms of other persons.
You have the right to receive your personal data in a structured, commonly used and machine-readable format. Your right to receive your personal data must not adversely affect the rights and the freedoms of other persons. Your right to have your personal data transmitted to another organization is a right you have if such transmission is technically feasible.
Right to erasure: You have the right to request that I delete the personal data I process about you, unless processing is necessary:
- for exercising the right of freedom of expression and information;
- for compliance with a legal obligation which requires processing by EU law or EU Member State law to which I am subject;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or
- for the establishment, exercise or defense of my legal claims.
Right to object: You may object at any time to the processing of your personal data due to your particular situation, provided that the processing is not based on your consent but on my legitimate interests or those of a third party. In this event I shall no longer process your personal data, unless there are compelling legitimate grounds and an overriding interest for the processing, or for the establishment, exercise or defense of legal claims. If you object to the processing, please specify whether you also wish the erasure of your personal data, otherwise I will only restrict it.
You may object – at any time – to the processing of your personal data for direct marketing purposes.
Right to lodge a complaint: You can lodge a complaint to your local data protection supervisory authority or with any other data protection authority in the EU. However, I will appreciate if you first contact me to try and solve your problem – you can find the contact details above.