GDPR Compliance | shimmering-ideas

Shimmering-ideas is committed to protecting the personal data of individuals in the European Union and European Economic Area in accordance with the General Data Protection Regulation (GDPR). This page outlines our commitment to GDPR compliance and your rights as a data subject.

Our Role as Data Controller

When you use our website or services, Shimmering-ideas acts as the data controller for your personal information. This means we determine the purposes and means of processing your personal data and are responsible for compliance with GDPR requirements.

Lawful Basis for Processing

We process personal data based on the following lawful bases:

Contract: Processing necessary for the performance of our archival services agreement
Consent: Where you have given explicit consent for specific processing activities
Legitimate interests: Processing necessary for our legitimate business interests, provided these do not override your fundamental rights
Legal obligation: Processing necessary to comply with legal requirements

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to obtain confirmation of whether we process your personal data and to access that data along with information about how it is processed.

Right to Rectification

You may request correction of inaccurate personal data or completion of incomplete data we hold about you.

Right to Erasure

In certain circumstances, you have the right to request deletion of your personal data, also known as the "right to be forgotten."

Right to Restrict Processing

You may request that we limit the processing of your personal data in specific situations.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

Right to Object

You may object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at:

Email: [email protected]

International Data Transfers

When transferring personal data outside the EEA, we ensure appropriate safeguards are in place, including:

Standard Contractual Clauses approved by the European Commission
Adequacy decisions for countries deemed to provide adequate protection
Binding Corporate Rules where applicable

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to your rights, we will also notify you directly.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in high risk to individuals, particularly when implementing new technologies or processing sensitive data at scale.

Record Keeping

We maintain comprehensive records of our processing activities as required by Article 30 of the GDPR, including purposes of processing, data categories, recipients, and retention periods.

Exercising Your Rights

To exercise any of your GDPR rights, please submit a request to:

Email: [email protected]
Address: Shimmering-ideas, 425 Adelaide Street West, Suite 700, Toronto, ON M5V 3C1, Canada

We will respond to your request within one month. This period may be extended by two further months for complex requests, in which case we will inform you of the extension and reasons for it.

Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of alleged infringement.