GDPR Compliance

Last updated: June 5, 2026

witty-stone is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines our compliance measures and your rights under GDPR.

Data Controller

For the purposes of GDPR, witty-stone acts as the data controller for personal data we collect through our website and services. Our contact information is:

witty-stone
427 Maple Heritage Lane
Vancouver, British Columbia V6B 3K9
Canada
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request access to your personal data and receive information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we restrict processing of your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though in complex cases this may be extended by up to two additional months with notification.

When making a request, please provide sufficient information to allow us to verify your identity and locate your data in our systems.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by law. Our retention periods are based on:

International Data Transfers

If we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as:

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by GDPR.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

Children's Data

We do not knowingly process personal data of children under 16 without parental consent. If we become aware of such processing, we will take immediate steps to delete the data.

Updates to This Policy

We may update this GDPR compliance information from time to time. Material changes will be communicated through our website or directly to you where appropriate.

Contact Our Data Protection Officer

For questions or concerns about our GDPR compliance or data protection practices, please contact us at [email protected].