GDPR Compliance

Last Updated: June 16, 2026

Our Commitment to GDPR

misty-finch is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and your rights as a data subject.

Legal Basis for Processing

We process your personal data on the following legal bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract: When processing is necessary to fulfill our contractual obligations to you
• Legitimate Interest: When we have legitimate business interests that do not override your rights
• Legal Obligation: When we must process data to comply with legal requirements

Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request confirmation of whether we process your personal data and, if so, to access that data along with information about how it is processed.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

Right to Restriction

You can request that we restrict processing of your personal data in specific situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Data Protection Officer

For questions regarding data protection or to exercise your GDPR rights, please contact us at [email protected].

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

International Data Transfers

When we transfer personal data outside the European Economic Area, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with your request. We will respond within one month of receiving your request, or inform you if we require an extension.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred.