Disheshaven GDPR Compliance Policy

Last Updated: December 01, 2025

1. Introduction

Disheshaven (https://disheshaven.com) is committed to protecting the personal data of its users in accordance with the European Union’s General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy explains what personal data we collect, why we process it, how we keep it safe, and how you can exercise your GDPR‑related rights.

2. Personal Data We Collect

Disheshaven processes the following categories of personal data:

Email address – required for newsletter subscription, order confirmations, and customer support.
Cookies & similar tracking technologies – used to remember preferences, analyse site usage, and improve user experience.
Analytics data – aggregated information such as IP address, browser type, and pages visited, collected via third‑party analytics services.

We do not collect sensitive personal data (e.g., health, religious, or biometric data) unless you voluntarily provide it in a support request. In such cases, the same protection standards apply.

3. Legal Basis for Processing

Disheshaven relies on the following lawful bases to process personal data:

Consent – when you subscribe to our newsletter or accept cookies, you explicitly consent to the processing of your data for the specified purpose.
Legitimate Interest – we process data to maintain the security of our website, prevent fraud, and improve our services. This interest is balanced against your fundamental rights and freedoms.

Where consent is the basis, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.

4. How We Protect Your Data

Disheshaven employs a comprehensive set of technical and organisational measures to safeguard personal data:

SSL/TLS Encryption – all data transmitted between your browser and our servers is encrypted using HTTPS.
Secure Servers – our hosting environment is hardened, regularly patched, and monitored 24/7 for suspicious activity.
Limited Retention – personal data is retained only as long as necessary for the purposes for which it was collected. Email addresses for newsletter subscribers are kept until you unsubscribe; analytics data is anonymised after 12 months.
Access Controls – only authorised personnel with a legitimate business need can access personal data, and they are required to sign confidentiality agreements.

5. Your GDPR Rights

Under the GDPR you have the following rights. Each right is accompanied by a Bootstrap icon for quick reference.

Right to Access

You may request confirmation that we are processing your personal data and obtain a copy of that data, together with information about the purposes of processing, categories of data, recipients, and retention periods.

Right to Rectification

If any of your personal data is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.

Right to Erasure (Right to be Forgotten)

You may ask us to delete your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when you object to the processing and there are no overriding legitimate grounds.

Right to Restrict Processing

You can request that we limit the processing of your data while we verify the accuracy of the data, or while we consider your objection to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine‑readable format and to transmit it to another controller where technically feasible.

Right to Object

You may object to processing based on legitimate interests, direct marketing, or scientific/historical research. Upon objection, we will cease processing unless we demonstrate compelling legitimate grounds that outweigh your interests.

Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out before the withdrawal.

6. How to Exercise Your Rights

To exercise any of the rights listed above, please contact our Data Protection Officer (DPO) using the details below. Your request must be made in writing (email is acceptable) and should include sufficient information to verify your identity.

Email: gdpr@disheshaven.com

We will acknowledge receipt of your request within five (5) business days and aim to provide a substantive response within thirty (30) calendar days, as required by the GDPR. If we need additional time (e.g., for complex requests), we will inform you of the extension and the reasons for it within the initial 30‑day period.

7. International Data Transfers

Disheshaven may transfer personal data to service providers located outside the European Economic Area (EEA). All such transfers are performed under appropriate safeguards, including Standard Contractual Clauses approved by the European Commission, ensuring that the level of protection required by the GDPR is maintained.

8. Data Retention

We retain personal data only for as long as necessary:

Email subscriptions: retained until you unsubscribe or request deletion.
Analytics data: retained in an anonymised form for up to 12 months.
Cookies: session cookies expire at the end of the browsing session; persistent cookies are set for a maximum of 24 months unless you delete them earlier.

When the retention period expires, the data is securely destroyed or anonymised.

9. Complaints to a Supervisory Authority

If you believe that Disheshaven has not complied with the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where the alleged infringement occurred. The lead supervisory authority for Disheshaven is the Irish Data Protection Commission.

10. Updates to This Policy

We review this GDPR Compliance Policy regularly and may update it to reflect changes in our practices, legal requirements, or technological developments. Any material changes will be posted on this page with an updated “Last Updated” date.

11. Contact Information

For any questions regarding this policy, data protection practices, or to exercise your rights, please contact:

Disheshaven Data Protection Officer
Email: gdpr@disheshaven.com
Website: https://disheshaven.com