GDPR Compliance Statement for HoistHolding.shop

Effective Date: December 01, 2024

At HoistHolding.shop (“we,” “our,” “us”), we are fully committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data of individuals located in the European Union (EU) and European Economic Area (EEA).

This statement outlines your rights under GDPR and how we safeguard your information.

1. Lawful Basis for Processing Personal Data

We process personal data only when we have a lawful basis, including:

  • Consent — when you sign up for newsletters or marketing materials
  • Contractual necessity — to process and deliver your orders
  • Legal obligation — to comply with tax, fraud prevention, or regulatory requirements
  • Legitimate interest — improving our website, preventing fraud, and enhancing user experience

2. Types of Data We Collect

We may collect:

  • Name
  • Email address
  • Phone number
  • Billing and shipping addresses
  • Order details
  • IP address and device information
  • Cookies and analytics data

More details can be found in our Privacy Policy.

3. Your Rights Under GDPR

If you are located in the EU/EEA, you have the right to:

a. Access Your Data

Request a copy of all personal data we hold about you.

b. Rectification

Request corrections to inaccurate or incomplete information.

c. Erasure (“Right to Be Forgotten”)

Request deletion of your personal data where legally applicable.

d. Restrict Processing

Ask us to limit how your data is used.

e. Data Portability

Request your data in a commonly used, machine-readable format.

f. Object to Processing

Object to certain types of data processing, including marketing.

g. Withdraw Consent

If you have given consent, you may withdraw it at any time.

To exercise any of your rights, contact us using the details below.

4. Data Storage & Security

We implement strict security measures, including:

  • SSL encryption
  • Secure servers
  • Limited access controls
  • Regular security reviews

We only retain personal data for as long as necessary for business, legal, or tax purposes.

5. International Data Transfers

Some service providers we use (payment processors, analytics, hosting) may be located outside the EU/EEA.
In such cases, we ensure they comply with GDPR through:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Privacy frameworks or equivalent protections

6. Third-Party Processors

We work with trusted third-party service providers, including:

  • Payment gateways (e.g., PayPal, Stripe)
  • Shipping and logistics companies
  • Analytics tools
  • Hosting providers

Each third party is required to comply with GDPR standards.

7. Data Breach Procedures

In the event of a data breach, we will:

  • Notify affected users without undue delay
  • Report the breach to the appropriate supervisory authority
  • Take immediate steps to prevent future incidents

8. Contact Information

If you have questions about GDPR, your rights, or how we handle your data, please contact us at:

Hoist Holding Support Team
Email: Contact@hoistholding.shop
Website: www.hoistholding.shop

You may also contact your local Data Protection Authority (DPA) if you believe your rights have been violated.