← Back to Home

GDPR Rights & Data Protection

Last Updated: January 2025

At heartordinary.com, we are committed to protecting your personal data and respecting your privacy rights. This page explains your rights under the General Data Protection Regulation (GDPR) and how to exercise them.

1. Data Controller Information

Data Controller: heartordinary.com

Address: 60 Hamilton Road, Victoria Valley, New Zealand

Primary Contact: support@heartordinary.com

Alternative Contacts:

info@heartordinary.com
contact@heartordinary.com

2. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data. We may charge a small fee for this service if your request is excessive or repetitive.

How to exercise: Email support@heartordinary.com with subject line "Data Access Request"

Right to Rectification

You have the right to request correction of any information you believe is inaccurate. You also have the right to request completion of information you believe is incomplete.

How to exercise: Email support@heartordinary.com with subject line "Data Correction Request" and specify what needs to be corrected

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, including when the data is no longer necessary for the purpose it was collected.

How to exercise: Email support@heartordinary.com with subject line "Data Deletion Request"

Note: We may need to retain certain information for legal compliance purposes.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data.

How to exercise: Email support@heartordinary.com with subject line "Restrict Processing Request" and explain your reasons

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, in a structured, commonly used, and machine-readable format.

How to exercise: Email support@heartordinary.com with subject line "Data Portability Request"

Right to Object

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes or processing based on legitimate interests.

How to exercise: Email support@heartordinary.com with subject line "Object to Processing" and specify what processing you object to

Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

How to exercise: Email support@heartordinary.com with subject line "Withdraw Consent"

3. Cookie Management

You have the right to manage how cookies are used on our website:

3.1 Browser Settings

You can control cookies through your browser settings:

Block all cookies: Prevent all websites from setting cookies
Block third-party cookies: Allow only first-party cookies
Delete cookies: Remove existing cookies from your device
Get notifications: Receive alerts when websites try to set cookies

3.2 Cookie Types We Use

Essential Cookies: Required for site functionality (cannot be disabled)
Analytics Cookies: Help us understand how you use the site
Preference Cookies: Remember your settings and choices

3.3 Managing Cookie Consent

You can withdraw your cookie consent at any time by:

Clearing your browser cookies
Contacting us at support@heartordinary.com
Using browser privacy settings

4. How to Exercise Your Rights

4.1 Request Process

To exercise any of your GDPR rights:

Send an email to support@heartordinary.com
Include the appropriate subject line for your request
Provide sufficient information to verify your identity
Clearly describe your request and any specific data involved

4.2 Response Time

We will respond to your request within one month of receiving it. If your request is complex or we receive multiple requests, we may extend this period by two additional months. We will inform you of any such extension within the first month.

4.3 Verification

To protect your privacy, we may need to verify your identity before processing your request. We may ask for additional information to confirm you are the person whose data we hold.

4.4 No Fee

We will not charge a fee to process or respond to your request unless it is excessive or repetitive. In such cases, we will inform you of the fee before proceeding.

5. Data We Collect

For full details on what data we collect and how we use it, please see our Privacy Policy. In summary, we collect:

Information you provide directly (name, email, messages)
Automatically collected data (IP address, browser type, usage data)
Cookie and tracking data
Age verification information

6. Legal Basis for Processing

We process your personal data based on:

Consent: You have given explicit permission
Contract: Processing is necessary to provide our services
Legal Obligation: Required by law (e.g., age verification)
Legitimate Interests: For business operations and improvements

7. Data Retention

We retain your personal data only as long as necessary:

Contact Information: Until deletion request or 3 years of inactivity
Analytics Data: Up to 26 months
Legal Compliance Data: As required by applicable laws
Cookie Data: According to cookie type and settings

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption of data in transit (SSL/TLS)
Secure data storage with access controls
Regular security assessments and updates
Staff training on data protection
Incident response procedures

9. Data Transfers

Your data may be transferred outside New Zealand. When this happens, we ensure:

Adequate protection measures are in place
Compliance with GDPR requirements
Use of standard contractual clauses where necessary
Transfers only to countries with adequate protection

10. Automated Decision Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.

11. Children's Data

We do not knowingly collect data from individuals under 18 years of age. Our age verification process prevents minors from accessing our services. If we discover we have collected data from a minor, we will delete it immediately.

12. Right to Lodge a Complaint

If you believe we have not handled your data properly or violated your rights, you have the right to lodge a complaint with:

Your local data protection authority
The New Zealand Privacy Commissioner
The supervisory authority in your country of residence

We encourage you to contact us first so we can address your concerns directly.

13. Changes to This Page

We may update this GDPR Rights page from time to time. Significant changes will be communicated through our website. The "Last Updated" date at the top indicates when the last revision was made.

14. Contact Us

For GDPR-Related Inquiries:

Primary Contact: support@heartordinary.com

Alternative Contacts:

info@heartordinary.com
contact@heartordinary.com

Postal Address:
heartordinary.com
60 Hamilton Road
Victoria Valley, New Zealand

Response Time: We aim to respond to all inquiries within 48 hours and resolve requests within 30 days.

15. Additional Resources

For more information about data protection: