GDPR Compliance Policy

Last Updated: April 10, 2025

At Step Garden (“we,” “us,” or “our”), we are committed to complying with the General Data Protection Regulation (GDPR) to protect the privacy and data rights of our European Union (EU) users. This policy outlines how we adhere to GDPR principles when processing personal data.

1. Data Controller

Angela (Founder of Step Garden) acts as the Data Controller for personal data collected through stepgarden.com. For GDPR-related inquiries, contact us via our Contact Page.

2. Lawful Basis for Processing Data

We process personal data only when we have a lawful basis, including:

  • Consent: When you explicitly opt-in (e.g., subscribing to newsletters).
  • Contractual Necessity: To fulfill requests (e.g., responding to your messages).
  • Legitimate Interests: To improve the Site, prevent fraud, or communicate updates.

3. Rights of EU Users

Under GDPR, EU residents have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Correct inaccurate or incomplete data.
  • Erasure: Request deletion of your data under certain conditions.
  • Restrict Processing: Limit how we use your data.
  • Data Portability: Receive your data in a machine-readable format.
  • Object: Opt out of processing based on legitimate interests.

To exercise these rights, contact us via our Contact Page. We will respond within 30 days.

4. Data Transfers

We use GDPR-compliant third-party services (e.g., hosting providers, email platforms) to process data. If data is transferred outside the EU, we ensure safeguards like Standard Contractual Clauses (SCCs) or Privacy Shield frameworks (where applicable).

5. Data Retention

We retain personal data only as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required by law.

6. Consent Management

  • Withdrawal of Consent: You may withdraw consent (e.g., unsubscribe from emails) at any time.
  • Cookies: We request explicit consent for non-essential cookies via a banner when you first visit the Site.

7. Data Breach Notification

In the unlikely event of a data breach that risks your rights and freedoms, we will notify affected users and relevant authorities within 72 hours of discovery.

8. Complaints

If you believe we’ve mishandled your data under GDPR, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

9. Updates to This Policy

Changes will be posted here with a revised “Last Updated” date. Continued use of the Site constitutes acceptance of the updated terms.

This policy maintains Step Garden’s commitment to transparency and user trust while aligning with GDPR requirements.