Our Commitment to GDPR
Violet Wren is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and outlines your rights as a data subject.
Data Controller Information
For the purposes of GDPR, the data controller is:
- Company: Violet Wren
- Address: 1847 Granville Street, Suite 412, Vancouver, BC V6Z 1K7, Canada
- Email: [email protected]
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: Where you have given clear consent for us to process your personal data for specific purposes, such as marketing communications
- Contract: Where processing is necessary to fulfill our contractual obligations to you, such as delivering purchased programs
- Legitimate Interests: Where processing is necessary for our legitimate business interests, provided these do not override your rights
- Legal Obligation: Where processing is necessary to comply with legal requirements
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information free of charge within one month of your request.
Right to Rectification
You have the right to request correction of any inaccurate personal data we hold about you. We will respond to rectification requests within one month.
Right to Erasure
You have the right to request deletion of your personal data in certain circumstances, including:
- When the data is no longer necessary for its original purpose
- When you withdraw consent and there is no other legal basis for processing
- When you object to processing and there are no overriding legitimate grounds
- When data has been unlawfully processed
Right to Restrict Processing
You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of the data or object to processing.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You may also request that we transmit this data directly to another controller where technically feasible.
Right to Object
You have the right to object to processing based on legitimate interests or for direct marketing purposes. When you object to marketing, we will stop processing your data for that purpose.
Rights Related to Automated Decision-Making
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.
Data Transfers
As a Canadian company, we may transfer personal data outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place, including:
- Standard contractual clauses approved by the European Commission
- Compliance with adequacy decisions where applicable
- Other legally recognized transfer mechanisms
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our standard retention periods are:
- Customer account data: Duration of account plus 7 years
- Transaction records: 7 years for tax and legal compliance
- Marketing preferences: Until you withdraw consent
- Website analytics: 26 months
Data Protection Measures
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security assessments
- Staff training on data protection
- Incident response procedures
Data Breach Notification
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in high risk, we will also notify affected individuals without undue delay.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us:
- Email: [email protected]
- Subject Line: GDPR Request - [Your Request Type]
We will respond to all legitimate requests within one month. In complex cases, we may extend this period by an additional two months, but we will inform you within the first month if this is necessary.
Complaints
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. For EU residents, this is typically the data protection authority in your country of residence.
Updates to This Information
We may update this GDPR compliance information from time to time. We will notify you of any significant changes through our website or by email.
Last updated: June 2, 2026