Privacy Policy

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union (EU) that came into effect on May 25, 2018. Its primary objective is to protect the personal data of EU residents and to enhance their privacy rights. Here are some key aspects of the GDPR:

• Personal Data: GDPR defines personal data as any information relating to an identified or identifiable natural person. This includes names, email addresses, IP addresses, and other data that can identify an individual.
• Data Subject Rights: GDPR grants individuals several rights regarding their personal data, including the right to access, rectify, erase, restrict processing, and data portability. Individuals also have the right to object to data processing and automated decision-making.
• Lawful Basis for Processing: Under GDPR, personal data must be processed lawfully, fairly, and transparently. Organizations must have a valid legal basis for processing personal data, such as consent, contract performance, legal obligation, vital interests, public task, or legitimate interests.
• Data Protection by Design and by Default: GDPR requires organizations to implement data protection measures from the outset of designing systems and processes (by design) and to ensure that personal data is protected by default.
• Data Breach Notification: Organizations must notify the relevant supervisory authority of a personal data breach within 72 hours of becoming aware of it. If the breach poses a high risk to individuals' rights and freedoms, they must also inform the affected individuals.
• International Data Transfers: GDPR imposes strict rules on transferring personal data outside the EU. Such transfers are only allowed if adequate safeguards are in place, such as Standard Contractual Clauses or an adequacy decision by the European Commission.
• Penalties: Non-compliance with GDPR can result in significant fines, up to 20 million euros or 4% of the organization's global annual turnover, whichever is higher.

California Privacy Rights Act (CPRA)

The California Privacy Rights Act (CPRA) is a data privacy law enacted by the state of California, USA. It builds upon the California Consumer Privacy Act (CCPA) and introduces additional protections for California residents. CPRA went into effect on January 1, 2023. Here are some key aspects of the CPRA:

• Expanded Consumer Rights: CPRA grants California residents enhanced rights over their personal data, including the right to access, correct, delete, and opt out of the sale or sharing of their personal information. It also introduces the right to limit the use of sensitive personal information.
• Sensitive Personal Information: CPRA defines sensitive personal information and provides consumers with the right to restrict its use. Sensitive personal information includes data such as social security numbers, driver's license numbers, precise geolocation, racial or ethnic origin, and health information.
• Data Minimization and Storage Limitation: CPRA requires businesses to collect, use, retain, and share personal information only to the extent necessary to achieve the purposes for which it was collected. It also mandates that businesses inform consumers about the retention period for their data.
• Contractual Requirements with Service Providers: CPRA requires businesses to have written contracts with service providers that outline the processing of personal information and impose obligations to protect consumer data.
• Automated Decision-Making: CPRA introduces regulations related to automated decision-making and profiling, requiring businesses to disclose meaningful information about the logic involved and the potential consequences of such processing.
• Enforcement and Penalties: CPRA establishes the California Privacy Protection Agency (CPPA) as the primary enforcement authority. Non-compliance with CPRA can result in fines of up to $7,500 per intentional violation or violation involving minors' data.

Commitment to Compliance

We are committed to protecting your privacy and ensuring compliance with GDPR and CPRA. We have implemented measures to safeguard your personal data and provide you with control over your information. If you have any questions or concerns about our privacy practices, please contact us at admin@happybirthdaywiki.com.