GDPR Compliance

Last updated: April 23, 2025

1. Introduction

This document outlines how Malvish complies with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy for all individuals within the European Union.

2. Data Controller

Malvish is the Data Controller of your personal data. If you have any questions about this policy, including any requests to exercise your legal rights, please contact us using the details set out below.

Email: [email protected]

3. Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • The right to be informed about our collection and use of your personal data
  • The right of access to your personal data
  • The right to rectification if any of your personal data is inaccurate or incomplete
  • The right to erasure (also known as the 'right to be forgotten')
  • The right to restrict processing of your personal data
  • The right to data portability (obtaining a copy of your data to reuse with another service)
  • The right to object to us using your personal data for particular purposes
  • Rights relating to automated decision-making and profiling

4. Exercising Your Rights

If you wish to exercise any of the rights set out above, please contact us using the details provided in the "Data Controller" section. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data.

5. Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. We also limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.

6. Data Breach

In the case of a personal data breach, we will notify you and any applicable regulator when we are legally required to do so.

7. International Transfers

We may transfer your personal data outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • Transferring to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
  • Using specific contracts approved by the European Commission
  • Using providers based in the US that are part of the Privacy Shield

8. Changes to This GDPR Notice

We may update our GDPR notice from time to time. Any changes will be posted on this page with an updated revision date.

© 2025 Malvish. All rights reserved.