GDPR
What is GDPR?
The General Data Protection Regulation (GDPR) is a law enacted by the European Union (EU) to regulate how organizations inside and outside the EU handle the personal data of EU residents.
It was adopted in 2016 and came into effect on May 25, 2018.
GDPR is designed to give individuals more control over their personal data, ensure transparency in how it is used, and unify data protection rules across all EU member states. It applies not only to companies based in the EU but also to those that offer goods or services to, or monitor the behavior of, individuals within the EU.
Our Commitment at RedSacre
At RedSacre, we take your privacy seriously and are fully committed to complying with the principles of the GDPR.
We believe in transparency, fairness, and accountability in how we handle your personal data.
We promise to:
- Be Transparent and Lawful
We clearly explain what data we collect, why we collect it, how it’s used, and how long we keep it. All processing activities are based on a lawful basis such as consent, contract, or legitimate interest. - Collect Only What’s Necessary
We only collect the information we need to provide our services or fulfill our obligations. - Maintain Accuracy
We keep your personal data accurate and up to date, and you have the right to correct any inaccuracies. - Limit Data Retention
We store personal data only for as long as necessary to fulfill the purpose for which it was collected. Once it’s no longer needed, we securely delete or anonymize it. - Ensure Security and Confidentiality
We use appropriate technical and organizational measures to safeguard your data against unauthorized access, disclosure, alteration, or destruction. - Respect User Rights
We fully respect the rights of data subjects under GDPR, including access, correction, deletion, restriction, data portability, and objection. - Protect Cross-Border Transfers
When transferring personal data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent protection mechanisms. - Be Accountable
We maintain detailed processing records, perform regular security reviews, and ensure our partners also comply with data protection standards.
How We Process Your Data
Below is an overview of how and why we collect and use your data:
| Type of Data | Purpose / Use | Legal Basis | Retention Period | Protection Measures |
|---|---|---|---|---|
| Account information (name, email, address) | To register and manage your account, fulfill orders | Contract / Consent | As long as the account is active | Encrypted storage, restricted access |
| Order and transaction data | To process payments, deliveries, and invoicing | Contract / Legal obligation | Legal retention period | Access control, audit logs |
| Newsletter subscriptions | To send marketing emails and brand updates | Consent | Until unsubscribed | Easy opt-out available |
| Customer support messages | To provide assistance and improve services | Legitimate interest | Reasonable period after resolution | Secure storage |
| Website cookies / analytics data | To improve user experience and website performance | Consent / Legitimate interest | Short-term or as required | Aggregated or anonymized data |
Your Rights Under GDPR
If you are an EU resident, you have the following rights regarding your personal data:
- Right to Be Informed
You have the right to know how and why your personal data is being used. - Right of Access
You can request a copy of the personal data we hold about you and details of how it’s processed. - Right to Rectification
You can request corrections or updates if your personal data is inaccurate or incomplete. - Right to Erasure (Right to Be Forgotten)
You can request the deletion of your personal data when it is no longer necessary, or you withdraw consent. - Right to Restrict Processing
You may request that we limit how your personal data is processed under specific conditions. - Right to Data Portability
You can receive your data in a structured, commonly used format and transfer it to another service provider. - Right to Object
You can object to data processing for specific purposes, such as direct marketing. - Rights Related to Automated Decision-Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, if it significantly affects you.
We will respond to all GDPR-related requests within one month of receiving them.
Our Compliance Measures
To ensure GDPR compliance, we have implemented the following measures:
- Data Protection Impact Assessments (DPIA):
We evaluate the potential risks of high-impact processing activities and implement safeguards to minimize them. - Privacy by Design and Default:
We integrate privacy protection into our systems and workflows from the very beginning. - Third-Party Contracts:
We work only with service providers who meet GDPR standards and sign Data Processing Agreements (DPAs). - Data Breach Notification:
In case of a data breach, we will notify the relevant authorities within 72 hours and inform affected individuals when necessary. - Regular Audits and Training:
We conduct regular privacy and security audits and train our employees to handle data responsibly.
Consequences of Non-Compliance
Organizations that fail to comply with GDPR can face serious penalties, including fines of up to €20 million or 4% of annual global turnover, whichever is higher.
RedSacre is dedicated to maintaining full compliance to protect both our customers and our business integrity.
How to Contact Us
If you are an EU resident or believe your data falls under GDPR protection, you can contact us to exercise your rights or ask questions about your data.
Email: services@redsacre.com
Subject Line: “GDPR Request — [Access / Correction / Deletion / Restriction / Portability / Objection]”
For security reasons, we may need to verify your identity before fulfilling your request.
We aim to respond to all GDPR-related inquiries within 30 days.