Legal

Privacy Policy

This policy explains how Gorgeousmyelbow collects, uses, and protects personal data under the GDPR, the Dutch UAVG, and other applicable Netherlands law.

Last updated:

1. Scope and Applicable Law

This Privacy Policy applies to visitors of this website in the Netherlands and the European Economic Area (EEA). We process personal data in accordance with:

  • Regulation (EU) 2016/679 — the General Data Protection Regulation (GDPR);
  • the Dutch GDPR Implementation Act (Uitvoeringswet Algemene verordening gegevensbescherming, UAVG); and
  • other applicable Netherlands privacy legislation.

2. Data Controller

The data controller (verwerkingsverantwoordelijke) responsible for processing your personal data is:

Gorgeousmyelbow
Kwikstaartlaan 7, 3704 GS Zeist, Netherlands
Email: request@gorgeousmyelbow.world
Phone: +31 85 250 0505

We do not sell products or paid services on this website. For more information about our organisation, see About Us.

3. Data We Collect

We collect personal data only when necessary and proportionate. Categories include:

  • Contact form data: name, email address, and message content when you submit an enquiry.
  • Technical and server log data: IP address, browser type, device type, referring URL, and timestamps — collected automatically when you visit the site for security and operational purposes.
  • Cookie and similar technology data: only where you have given consent for non-essential cookies, or where strictly necessary (e.g. storing your cookie choice). See our Cookie Policy.

We do not collect special categories of personal data (Article 9 GDPR). We do not knowingly process data from children under 16 without parental consent.

4. Legal Basis for Processing

Under GDPR Article 6, we rely on the following legal bases:

  • Consent (Art. 6(1)(a)): for optional analytics and marketing cookies, and for the privacy checkbox on the contact form.
  • Pre-contractual steps / legitimate enquiry (Art. 6(1)(b)): to handle and respond to messages you send us.
  • Legitimate interests (Art. 6(1)(f)): for website security, fraud prevention, and maintaining the technical operation of the site — balanced against your rights and freedoms.
  • Legal obligation (Art. 6(1)(c)): where we must retain or disclose data under Netherlands or EU law.

Where we rely on legitimate interests, you may object at any time (see Section 11).

5. Purposes of Processing

We use personal data only for:

  • responding to contact form enquiries;
  • operating, securing, and maintaining this website;
  • measuring and improving site use (analytics cookies, only with your consent);
  • measuring advertising effectiveness (marketing/conversion cookies, only with your consent);
  • complying with legal obligations and defending legal claims.

We do not use automated decision-making or profiling that produces legal or similarly significant effects (Article 22 GDPR).

6. Data Retention

We retain personal data only as long as necessary:

  • Contact enquiries: up to 12 months after the enquiry is resolved, unless a longer period is required by law.
  • Server logs: typically up to 90 days, unless needed longer for security investigations.
  • Cookie and analytics data: as stated in our Cookie Policy, or until you withdraw consent.

After retention periods expire, data is deleted or irreversibly anonymised.

7. Processors and Third Parties

We do not sell your personal data. We may use processors (verwerkers) who process data on our behalf, including:

  • website hosting and infrastructure providers;
  • email or communication services used to handle enquiries;
  • analytics or advertising technology providers (only if you consent to the relevant cookies).

Processors are bound by written agreements requiring GDPR-compliant handling. A current list of main processor categories is available on request via request@gorgeousmyelbow.world.

We may disclose data when required by a competent authority or court in the Netherlands or the EU.

8. Data Transfers Outside the EEA

We aim to process data within the EEA. Where transfer outside the EEA is necessary (for example, certain CDN or analytics providers), we implement appropriate safeguards under GDPR Chapter V, such as EU Standard Contractual Clauses or an adequacy decision.

9. Security and Data Breaches

We implement appropriate technical and organisational measures, including HTTPS encryption, access controls, and secure hosting practices, to protect personal data against unauthorised access, loss, or disclosure.

If a personal data breach is likely to pose a risk to your rights, we will notify the Autoriteit Persoonsgegevens within 72 hours where required, and inform you without undue delay when the risk is high.

10. Your Rights Under GDPR and the UAVG

You have the following rights regarding your personal data:

  • Right of access (Art. 15): obtain confirmation and a copy of your data.
  • Right to rectification (Art. 16): correct inaccurate or incomplete data.
  • Right to erasure (Art. 17): request deletion where data is no longer necessary or consent is withdrawn.
  • Right to restriction (Art. 18): limit processing in certain circumstances.
  • Right to data portability (Art. 20): receive data you provided in a structured, machine-readable format where processing is based on consent or contract.
  • Right to object (Art. 21): object to processing based on legitimate interests, including direct marketing.
  • Right to withdraw consent: at any time for consent-based processing, without affecting prior lawful processing.

To exercise your rights, email request@gorgeousmyelbow.world with sufficient detail to identify your request. We respond within one month (extendable by two months for complex requests, with notice).

You may also lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): autoriteitpersoonsgegevens.nl.

11. Updates to This Policy

We may update this Privacy Policy to reflect legal or operational changes. The date at the top shows the latest version. Material changes will be published on this page. We encourage you to review this policy periodically.