GDPR Compliance Statement

Last Updated: April 28, 2026

Our Commitment to GDPR

StenoBrode Men is committed to compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA) and beyond.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract Performance: When processing is necessary to fulfill our tailoring services
• Legitimate Interests: For business operations that do not override your rights
• Legal Obligation: When required by applicable law

Your GDPR Rights

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days.

Right to Rectification

You can request correction of inaccurate or incomplete personal data at any time.

Right to Erasure (Right to be Forgotten)

You may request deletion of your personal data when:

• The data is no longer necessary for the purposes it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Right to Restriction of Processing

You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a portable format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes at any time.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security, including:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication measures
• Staff training on data protection principles
• Incident response procedures

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and relevant supervisory authorities within 72 hours of becoming aware of the breach.

International Data Transfers

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Binding Corporate Rules where applicable

Data Protection Officer

For questions regarding data protection or to exercise your GDPR rights, contact our Data Protection Officer:

Email: [email protected]
Address: 1247 Alberni Street, Vancouver, BC V6E 1A3, Canada

Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe your data protection rights have been violated.

Exercising Your Rights

To exercise any of your GDPR rights, please submit a request to [email protected]. We will respond within 30 days and may request verification of your identity.

Consent Withdrawal

Where processing is based on consent, you may withdraw it at any time. This will not affect the lawfulness of processing before withdrawal.