The General Data Protection Regulation (GDPR) is the European Union (EU) law governing the collection and processing of personal data of individuals within the EU. Its primary objective is to give EU citizens control over their personal data and ensure transparency and security in data handling. Skincare with Ish fully complies with GDPR requirements.

GDPR consists of 11 chapters and nearly 100 articles. Below are some of the key articles and how Skincare with Ish aligns with them.

European Union – General Data Protection Regulation Compliance

Article 5: Principles for the Processing of Personal Data

Skincare with Ish is a responsible processor and controller of personal data. Any user data collected (such as name, email, and preferences) is used only to enhance the user experience, provide content updates, respond to inquiries, or for analytics purposes. We do not sell personal data or use it for unsolicited marketing.

Article 17: Right to Erasure (“Right to be Forgotten”)

You have the right to request the deletion of your personal data at any time. If you no longer wish to interact with Skincare with Ish, or if you have previously shared data and want it erased, you may contact us and we will promptly delete all related records from our systems.

Article 32: Security of Processing

Skincare with Ish ensures that all personal data is stored securely. We follow industry-standard protocols to protect data including:

  • Access control to restrict data only to authorized personnel
  • Encryption of data at rest and in transit
  • Routine security audits and monitoring
  • Confidentiality agreements for anyone with access to user data
  • Incident response protocols and data protection policies

Other Relevant GDPR Articles

Article 33: Notification of a Personal Data Breach to the Supervisory Authority

In the event of a personal data breach, Skincare with Ish will notify the relevant data protection authority within 72 hours, as required by GDPR. Affected users will also be informed and the issue will be investigated and resolved with urgency and transparency.

Article 35: Data Protection Impact Assessment

Skincare with Ish regularly evaluates its data protection procedures and the potential impact of its tools and services on personal privacy. These assessments help identify and mitigate risks to user data.

Article 37: Designation of a Data Protection Officer (DPO)

Skincare with Ish has designated a data protection contact responsible for ensuring GDPR compliance across content, operations, and user engagement. The DPO supervises privacy protocols and assists in maintaining secure processing of personal data.

Article 44: General Principles for Transfers of Personal Data

Skincare with Ish prioritizes hosting data within GDPR-compliant infrastructure. If you are a user from the EU or UK, your data is stored in secure, GDPR-aligned servers located in the European Economic Area (EEA). We do not transfer your data to third countries without proper legal safeguards and protection levels approved by the European Commission.

Your Rights Under GDPR Include:

  • Right to Access – Request access to your personal data.
  • Right to Rectification – Request correction of inaccurate or incomplete data.
  • Right to Erasure – Request deletion of your data.
  • Right to Restrict Processing – Request that we limit the way we use your data.
  • Right to Data Portability – Request to transfer your data to another provider.
  • Right to Object – Object to specific types of processing (e.g., marketing).

To exercise any of these rights, please contact us at skincarewithish@gmail.com.