GDPR Compliance

Last updated: May 15, 2026

Our Commitment to GDPR

fuzzy-outlooks is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This page outlines how we handle personal data for individuals in the European Economic Area (EEA) and the United Kingdom.

Data Controller

fuzzy-outlooks acts as the data controller for personal information collected through our website and services. Our contact details are:

fuzzy-outlooks
1847 Granville Street, Suite 402
Vancouver, BC V6Z 1K7
Canada
Email: [email protected]

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you explicitly agree to our processing of your data, such as subscribing to communications or consenting to desktop image collection for portrait services
  • Contract: When processing is necessary to fulfill our contractual obligations to you
  • Legitimate Interest: When we have a legitimate business interest that does not override your rights, such as improving our services or preventing fraud
  • Legal Obligation: When we must process data to comply with applicable laws

Your Rights Under GDPR

If you are located in the EEA or UK, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within one month of your request.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we limit our processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to our processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Right to Withdraw Consent

Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month. In complex cases, we may extend this period by two months, but we will inform you of any extension within the first month.

We may request verification of your identity before processing your request to ensure we are communicating with the correct person.

International Data Transfers

As a Canadian company, we may transfer personal data outside the EEA. When we do so, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Transfers to countries with adequacy decisions (Canada has been deemed adequate for commercial organizations under PIPEDA)

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Specific retention periods include:

  • Contact form submissions: 3 years from last contact
  • Client project data: 7 years after project completion
  • Newsletter subscriptions: Until you unsubscribe
  • Website analytics: 26 months

Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments
  • Employee training on data protection

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.

Updates to This Notice

We may update this GDPR compliance notice from time to time. Any changes will be posted on this page with an updated revision date.

Contact for Data Protection Matters

For any questions or concerns regarding your personal data or this GDPR compliance notice, please contact us at [email protected].