Adult Industry GDPR Compliance


Introduction

This GDPR Addendum notice is served by www.mistresskym.com. The purpose of this policy is to explain to you how we handle and protect your personal information. If you do not agree with the following policy you may wish to cease viewing/using this website and refrain from submitting your personal data to us.

www.mistresskym.com is committed to safeguard, protect, safely and securely process your Personal Data in accordance with GDPR.

GDPR Addendum is an implementation and addendum of the existing Terms of Service and Privacy Policy.

We may supplement or amend this addendum from time to time, and every change takes effect immediately. Therefore, please take the time to review it every now and then.

 

Personal Data Definition

Personal data is a piece of information aimed to identify an individual. There are unique identifiers (e.g.: email address) or other information (e.g.: uploaded photo), and all of those are considered personal data.

 

Key principles of GDPR

www.mistresskym.com shall comply with the principles of data protection enumerated in the EU General Data Protection Regulation. Our GDPR policy embodies the following key principles; (a) Lawfulness, fairness, and transparency, (b) Purpose limitation, (c) Data minimization, (d) Accuracy, (e) Storage limitation, (f) Integrity and confidence, (g) Accountability.

  • (a) Lawfulness, fairness, and transparency: data collection must be fair, for a legal purpose and must be open and transparent as to how the data will be used.
  • (b) Purpose limitation: data can only be collected for a specific purpose.
  • (c) Data minimization: any data collected must be necessary and not excessive for its purpose.
  • (d) Accuracy: the data we hold must be accurate and kept up to date.
  • (e) Storage limitation: we cannot store data longer than necessary.
  • (f) Integrity and confidentiality: the data we hold must be kept safe and secure.
  • (g) Accountability: we guarantee compliance with the Data Protection Principles.

 

Legitimate reason to be GDPR compliant

At least one of the following lawful bases set out in GDPR must apply whenever a company processes Personal Data:

  • Consent: the person has given consent to the processing of his or her Personal Data for one or more specific purposes.
  • Contract: the processing is necessary for the performance of a contract to which the visitor is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal obligation: the processing is necessary to comply with the law.
  • Vital interests: the processing is necessary to protect the vital interests of the visitor.
  • Public task: the processing is necessary to perform a task in the public interest or an official function with a clear basis in law.
  • Legitimate interests: the processing is necessary for the organizations’ legitimate interests or those of a third party unless there is a good reason to protect the individual’s Personal Data.

 

Accuracy and relevance

We will ensure that any Personal Data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process Personal Data obtained for one purpose for any unconnected purpose unless the individual concerned has agreed to this, or would otherwise reasonably expect this.

Individuals may ask that we correct inaccurate Personal Data relating to them. If you believe that information is inaccurate you should inform us through our contact form.

 

Data security

We ensure a high level of security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement. In assessing the appropriate level of security, we shall take account in particular of the risks that are presented by processing, in particular from a Personal Data Breach.

 

Data retention

We must retain Personal Data for no longer than is necessary. As long as you are our customer we reserve the right to keep all the data we need to fulfill our contractual obligation. Nothing more than that. But, you can at any time download your data, ask us which data we have, download this data and withdraw your consent for this data to sit on our servers. You can do that easily from your “my account” section or contacting us via our contact form. If you decide to cancel your subscription with us, then we will cancel most of the personal data regarding your persona within a few hours. We only keep financial records until we meet our legal obligations.

 

Rights of individuals

Individuals have rights which we must respect and comply with to the best of our ability. We must ensure individuals can exercise their rights in the following ways:

 

  • The right to be informed about the collection and processing of your personal data.
  • The right of access to the personal data held about you.
  • The right to rectification of incorrect, inaccurate or incomplete personal data.
  • The right to erasure (“to be forgotten”) to delete your personal data when there is no real need to possess and process them.
  • The right to restrict processing your personal data in specific cases.
  • The right to data portability allows you to obtain your personal data in a machine-readable format and send it to third-parties.
  • The right to object the processing of your personal data for marketing purposes.
  • Rights in relation to automated decision making and profiling to be able to obtain human intervention, express point of view, and obtain explanations.

 

How and why we process Personal Data

The GDPR law allows organizations to use personal data only if that complies with the regulations. Mainly, Personal Data are used to make sure that services perform good for users and to fulfill their legitimate interests or those of other parties, when these interests are not overridden by the individual’s rights.

In general, the Personal Data processing includes a large range of operations performed on personal information, including collection, storage, use, or to make them available to individuals for rectification, restriction, erasure or destruction of personal data.

 

Retaining and deleting Personal Data

We may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect vital interests or the vital interests of another natural person.

Be aware that if you request the complete deletion of your Personal Data, also your account and subscription will be deleted and deactivated.

 

About cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies do not typically contain any information that personally identifies a user.

For more information about that, you can refer to the GDPR highlights.

 

Contact Information

To ask any other questions or comment about this GDPR Policy and our privacy practices on subjects in which a process for making a request is not already provided above, contact us through our contact form.

 

Updated July 1, 2019