Effective Date: Tuesday, May 13, 2025
At Splashfan, we are fully committed to complying with the
General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines how we handle personal data of users located in the European Union and European Economic Area (EU/EEA), and your rights under the GDPR.
1. Legal Basis for Processing Personal Data
We process your personal data based on one or more of the following legal grounds:
- Your consent, which you may withdraw at any time.
- Performance of a contract, such as when you use our services.
- Compliance with legal obligations, such as recordkeeping or law enforcement requirements.
- Legitimate interests, such as improving our services, provided they are not overridden by your rights and freedoms.
2. Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights:
- Right of access – Request access to your personal data.
- Right to rectification – Request corrections to inaccurate or incomplete data.
- Right to erasure ("right to be forgotten") – Request deletion of your data, under certain conditions.
- Right to restriction of processing – Request limitation of how your data is used.
- Right to data portability – Request your data in a machine-readable format.
- Right to object – Object to data processing based on legitimate interests or direct marketing.
- Right to withdraw consent – You can withdraw your consent at any time where processing is based on consent.
- Right to lodge a complaint – File a complaint with your local Data Protection Authority.
To exercise any of these rights, please contact us at: [email protected]
3. Data Transfers Outside the EU/EEA
If your personal data is transferred outside the EU/EEA (for example, to our hosting or analytics providers), we ensure that:
- The country has an adequacy decision from the European Commission; or
- We use Standard Contractual Clauses (SCCs) or other appropriate safeguards approved under GDPR.
4. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. Specific retention periods depend on the type of data and legal requirements.
5. Data Security Measures
We implement appropriate technical and organizational measures to secure your data, including encryption, access controls, and internal audits. However, no method of transmission over the internet is 100% secure.
6. Changes to This GDPR Statement
We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal obligations. Any changes will be posted on this page with an updated effective date.
7. Contact Information
If you have questions about our GDPR compliance or how your data is handled, please contact us: