1. Data Controller
The data controller responsible for your personal data is:
Undressd Media S.L.
Calle Alfredo Marquerie, 45
28034 Madrid, Spain
Email: support@Undressd.com
2. Legal Basis for Processing
We process your personal data based on the following legal grounds:
- Consent (Article 6(1)(a)): You have given explicit consent to receive our newsletter by completing our double opt-in process
- Legitimate Interests (Article 6(1)(f)): For analytics and service improvement, where it doesn't override your rights
- Legal Obligation (Article 6(1)(c)): To comply with legal requirements such as tax records
3. Your Rights Under GDPR
As a data subject in the European Union, you have the following rights:
3.1 Right of Access (Article 15)
You have the right to request a copy of all personal data we hold about you. We will provide this information within 30 days of your request.
3.2 Right to Rectification (Article 16)
You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
3.3 Right to Erasure (Article 17)
Also known as the "right to be forgotten," you can request deletion of your personal data when:
- The data is no longer necessary for the purpose it was collected
- You withdraw your consent
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
3.4 Right to Restriction of Processing (Article 18)
You can request that we limit how we use your data in certain circumstances, such as while we verify the accuracy of your data.
3.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as CSV or JSON).
3.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes. For marketing, we will stop processing immediately upon your objection.
3.7 Right to Withdraw Consent (Article 7(3))
You can withdraw your consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal. You can withdraw by:
- Clicking the unsubscribe link in any email
- Using our unsubscribe form
- Emailing support@Undressd.com
4. Data We Collect
We collect and process the following categories of personal data:
- Identity Data: Name (optional)
- Contact Data: Email address
- Professional Data: Company name (optional)
- Preference Data: Content preferences, delivery frequency
- Technical Data: IP address, email client, device information
- Usage Data: Email open rates, click rates, engagement metrics
- Consent Data: Timestamp and method of consent
5. Data Retention
We retain your personal data as follows:
- Active Subscribers: Data is retained for the duration of your subscription
- Unsubscribed Users: Email address retained for 3 years to prevent re-adding without consent
- Consent Records: Retained for 7 years for legal compliance
- Analytics Data: Aggregated and anonymized after 2 years
6. International Data Transfers
Your data is primarily stored on servers within the European Union. When we use service providers outside the EU, we ensure appropriate safeguards:
- EU-US Data Privacy Framework certification
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where applicable
7. Data Security
We implement appropriate technical and organizational measures to protect your data:
- SSL/TLS encryption for all data in transit
- AES-256 encryption for data at rest
- Access controls and authentication
- Regular security audits and penetration testing
- Employee training on data protection
- Incident response procedures
8. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the Spanish Data Protection Agency (AEPD) within 72 hours
- Notify affected individuals without undue delay if there is high risk
- Document the breach and remediation steps
9. How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us:
Data Protection Requests
Email: support@Undressd.com
Subject: GDPR Request - [Your Right]
Please include your email address for verification.
We will respond to your request within 30 days. In complex cases, we may extend this by 60 days with notice.
10. Right to Lodge a Complaint
If you believe we have not handled your data correctly, you have the right to lodge a complaint with a supervisory authority. For Spain:
Agencia Española de Protección de Datos (AEPD)
C/ Jorge Juan, 6
28001 Madrid, Spain
Website: www.aepd.es
11. Updates to This Policy
We may update this GDPR Compliance page from time to time. We will notify subscribers of material changes via email and update the "Last updated" date at the top of this page.