GDPR Compliance Information

Your Rights Under the General Data Protection Regulation

Last Updated: 23/06/2025

Introduction

LittleOnesCrafts.com respects your privacy rights under the General Data Protection Regulation (GDPR). This page explains your rights as a data subject and how to exercise them. The GDPR applies to all individuals within the European Union (EU) and European Economic Area (EEA).

Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

1. Right to Information (Article 13-14)

• What it means: You have the right to know how we collect and use your personal data
• How we comply: Our Privacy Policy provides clear information about our data practices
• Your action: Review our Privacy Policy for complete details

2. Right of Access (Article 15)

• What it means: You can request a copy of all personal data we hold about you
• What we provide: A copy of your data in a commonly used format
• Response time: Within 1 month of your request
• How to request: Contact us at info@littleonescrafts.com with “GDPR Data Access Request” in the subject line

3. Right to Rectification (Article 16)

• What it means: You can request correction of inaccurate or incomplete personal data
• Examples: Update email address, correct name spelling, add missing information
• Response time: Within 1 month of your request
• How to request: Contact us with the specific corrections needed

4. Right to Erasure (“Right to be Forgotten”) (Article 17)

• What it means: You can request deletion of your personal data in certain circumstances
• When it applies:
  
  • Data is no longer necessary for the original purpose
  • You withdraw consent and there’s no other legal basis
  • Data has been unlawfully processed
  • You object to processing and there are no overriding legitimate grounds
• Exceptions: We may retain data for legal obligations or legitimate interests
• How to request: Contact us with “GDPR Deletion Request” in the subject line

5. Right to Restrict Processing (Article 18)

• What it means: You can request that we limit how we use your data
• When it applies:
  
  • You contest the accuracy of the data
  • Processing is unlawful but you don’t want erasure
  • We no longer need the data but you need it for legal claims
  • You’ve objected to processing pending verification
• How to request: Contact us explaining why you want processing restricted

6. Right to Data Portability (Article 20)

• What it means: You can request your data in a structured, machine-readable format
• When it applies: When processing is based on consent or contract and carried out by automated means
• Format: JSON, CSV, or other commonly used formats
• How to request: Contact us with “Data Portability Request” in the subject line

7. Right to Object (Article 21)

• What it means: You can object to certain types of processing
• Direct marketing: You can always object to marketing communications
• Legitimate interests: You can object if processing is based on our legitimate interests
• Automated decision-making: You can object to purely automated processing
• How to exercise: Use unsubscribe links in emails or contact us directly

8. Rights Related to Automated Decision-Making (Article 22)

• What it means: Protection against decisions based solely on automated processing
• Our practice: We do not make automated decisions that significantly affect you
• If we did: You would have the right to human intervention and to contest the decision

How to Exercise Your Rights

Contact Information

Primary Contact: info@littleonescrafts.com
Subject Line Guidelines:

• Data Access: “GDPR Data Access Request”
• Data Deletion: “GDPR Deletion Request”
• Data Correction: “GDPR Rectification Request”
• Data Portability: “GDPR Data Portability Request”
• Processing Restriction: “GDPR Restriction Request”
• General GDPR Inquiry: “GDPR Rights Inquiry”

Information We Need

To process your request efficiently, please provide:

• Full name and email address associated with your data
• Specific request type (access, deletion, correction, etc.)
• Detailed description of what you’re requesting
• Verification information to confirm your identity
• Preferred response format (for data portability requests)

Response Timeframes

• Standard response: Within 1 month of receiving your request
• Complex requests: May be extended by 2 additional months (we’ll notify you)
• Free of charge: First request is free; excessive requests may incur reasonable fees
• Acknowledgment: We’ll acknowledge receipt within 72 hours

Special Considerations for Children

Enhanced Protections

• Children under 16: Enhanced privacy protections under GDPR
• Parental consent: Required for children’s data processing
• Easy withdrawal: Parents can easily withdraw consent
• Child-friendly information: We provide age-appropriate privacy information

Parents’ Rights

Parents/guardians can exercise GDPR rights on behalf of their children:

• Access their child’s data
• Request deletion of their child’s data
• Withdraw consent for their child’s data processing
• Object to their child’s data processing

Data We Collect and Process

Personal Data Categories

• Contact information: Names, email addresses
• Usage data: Website interactions, page views
• Technical data: IP addresses, browser information, device data
• Communication data: Messages sent through contact forms
• Marketing data: Newsletter subscriptions, preferences

Legal Bases for Processing

• Consent: Newsletter subscriptions, optional communications
• Legitimate interests: Website functionality, security, improvement
• Legal obligations: Compliance with applicable laws
• Contract performance: Providing requested services

Data Retention

• Contact data: Retained while you use our services or until deletion requested
• Usage data: Typically retained for 2 years for analytics purposes
• Marketing data: Until you unsubscribe or request deletion
• Legal obligations: As required by applicable laws

Third-Party Data Processing

Advertising Partners

• Google AdSense: Google’s privacy policy and controls
• Mediavine: Mediavine’s privacy policy and opt-out

Service Providers

• Analytics providers: Google Analytics (configured for privacy)
• Email services: For newsletter delivery and communication
• Hosting providers: For website operation and security

International Transfers

• Adequacy decisions: We prefer EU-approved countries for data transfers
• Safeguards: When transferring to other countries, we use appropriate safeguards
• Your rights: GDPR rights still apply to transferred data

Complaints and Enforcement

Right to Lodge a Complaint

If you believe we’ve violated your GDPR rights:

• Contact us first: Try to resolve the issue directly with us
• Supervisory authority: You can file a complaint with your national data protection authority
• No retaliation: We won’t penalize you for exercising your rights

EU Data Protection Authorities

• Your country’s authority: Contact your national data protection regulator
• Lead authority: May be determined based on our main establishment
• Cross-border cooperation: Authorities work together on international cases

Our Commitment to GDPR Compliance

Data Protection Principles

We process personal data in accordance with GDPR principles:

• Lawfully, fairly, and transparently
• For specified, explicit, and legitimate purposes
• Adequate, relevant, and limited to what’s necessary
• Accurate and kept up to date
• Retained no longer than necessary
• Processed securely with appropriate safeguards

Technical and Organizational Measures

• Data encryption: In transit and at rest
• Access controls: Limited access to personal data
• Regular backups: With secure storage
• Staff training: On data protection requirements
• Privacy by design: Built into our processes
• Regular audits: Of our data protection practices

Data Protection Impact Assessments

• High-risk processing: We conduct impact assessments when required
• Privacy considerations: Integrated into new service development
• Risk mitigation: Implementing appropriate safeguards

Updates and Changes

Policy Updates

• Notification: We’ll notify you of significant changes
• Continued compliance: Updates reflect evolving GDPR requirements
• Your rights: Remain the same regardless of updates

Contact for Updates

• Email notifications: If you’re subscribed to our newsletter
• Website notices: Posted on our GDPR page
• Direct contact: For users who have made GDPR requests

Frequently Asked Questions

Q: Does GDPR apply to me if I’m not in the EU?

A: GDPR applies to EU/EEA residents regardless of where they are located. If you’re not an EU/EEA resident, you may still have similar rights under other privacy laws.

Q: How long does it take to delete my data?

A: We aim to complete deletion within 30 days. Some data may take longer to remove from backups and cached systems.

Q: Can I request data about my child?

A: Yes, parents/guardians can exercise GDPR rights on behalf of children under 16.

Q: What if I change my mind after requesting deletion?

A: Once deletion is complete, we cannot recover the data. Consider requesting restriction instead if you’re unsure.

Q: Do you charge fees for GDPR requests?

A: The first request is free. Excessive or repetitive requests may incur reasonable administrative fees.

Contact Information

GDPR-Specific Inquiries

Email: info@littleonescrafts.com
Subject: GDPR Rights Inquiry
Response Time: Within 72 hours for acknowledgment, within 1 month for resolution

General Privacy Questions

Email: info@littleonescrafts.com
Website: LittleOnesCrafts.com/privacy-policy