Your data protection rights under the General Data Protection Regulation
velvet-mission is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines our practices and your rights under GDPR.
For the purposes of GDPR, velvet-mission acts as the data controller for personal information collected through our website and services. We determine the purposes and means of processing personal data.
Data Controller: velvet-mission
Address: 250 University Avenue, Suite 800, Toronto, Ontario M5H 3E5, Canada
Contact: [email protected]
We process personal data under the following lawful bases:
When you submit a form on our website or subscribe to our communications, you provide consent for us to process your data for the specified purposes. You may withdraw consent at any time.
We may process data based on our legitimate business interests, such as improving our services, website analytics, and fraud prevention, provided these interests do not override your fundamental rights.
When you engage our services, we process data necessary for the performance of our contract with you or your organization.
As a data subject, you have the following rights:
You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.
You have the right to request correction of inaccurate or incomplete personal data we hold about you.
You have the right to request deletion of your personal data when it is no longer necessary for the purpose for which it was collected, when you withdraw consent, or when processing is unlawful.
You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest data accuracy or object to processing.
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.
To exercise any of your GDPR rights, please contact us at:
Email: [email protected]
We will respond to your request within 30 days. In certain circumstances, we may need to verify your identity before fulfilling your request.
Your data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we implement appropriate safeguards to ensure your data receives an adequate level of protection, including:
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. Our retention periods vary based on:
We implement appropriate technical and organizational measures to protect personal data, including:
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk to you, we will also notify you directly.
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in your country of residence. However, we encourage you to contact us first so we can address your concerns directly.
We may update this GDPR compliance notice periodically. Any changes will be posted on this page with an updated effective date.
Last updated: May 29, 2026