GDPR Rights and Data Protection

Last Updated: January 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals control over their personal data.

At GentleEnter, we are committed to protecting your privacy and ensuring compliance with GDPR requirements.

This page explains your rights under GDPR and how to exercise them.

2. Data Controller Information

The data controller for your personal information is:

GentleEnter Limited
2 Puriri Drive
Epsom, Auckland 1051
New Zealand

Data Protection Contact: support@gentleenter.com

3. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

3.1 Right to Access

You have the right to request access to your personal data. This includes:

  • Confirmation that we are processing your data
  • Access to your personal data
  • Information about how we use your data
  • Information about who we share your data with
  • How long we keep your data
  • Information about your other rights

We will provide this information free of charge within one month of your request.

3.2 Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete.

We will make corrections within one month and notify any third parties with whom we have shared your data.

3.3 Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

This right is not absolute and may be limited by legal obligations to retain certain data.

3.4 Right to Restriction of Processing

You have the right to request restriction of processing in certain situations:

  • You contest the accuracy of the data
  • The processing is unlawful but you do not want erasure
  • We no longer need the data but you need it for legal claims
  • You have objected to processing pending verification

When processing is restricted, we will only store your data and not use it without your consent.

3.5 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

You can request that we transmit this data directly to another controller where technically feasible.

This right applies when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

3.6 Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

When you object, we must stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

You have an absolute right to object to processing for direct marketing purposes.

3.7 Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal effects or similarly significantly affect you.

We do not currently use automated decision-making processes that have legal or significant effects on individuals.

3.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You can withdraw consent by contacting us at support@gentleenter.com.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

4.1 Email Requests

Send your request to: support@gentleenter.com

Please include the following information:

  • Your full name
  • Your email address
  • Description of your request
  • Proof of identity (if required)

4.2 Written Requests

GentleEnter Limited
GDPR Requests
2 Puriri Drive
Epsom, Auckland 1051
New Zealand

4.3 Response Time

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months.

We will inform you of any extension within one month of receiving your request, along with the reasons for the delay.

5. Identity Verification

To protect your privacy, we may need to verify your identity before responding to your request.

We may ask for additional information to confirm your identity, such as:

  • Government-issued identification
  • Proof of address
  • Answers to security questions

This verification process helps prevent unauthorized access to your personal data.

6. Data We Collect

We collect and process the following categories of personal data:

6.1 Information You Provide

  • Contact information (name, email address)
  • Communications with us
  • Feedback and survey responses

6.2 Automatically Collected Information

  • IP address
  • Browser type and version
  • Device information
  • Usage data and analytics
  • Cookies and similar technologies

7. Legal Basis for Processing

We process your personal data based on the following legal grounds:

7.1 Consent

When you provide explicit consent for specific processing activities.

7.2 Legitimate Interests

When necessary for our legitimate interests, such as:

  • Operating and improving our website
  • Ensuring security and preventing fraud
  • Analyzing website usage
  • Communicating with users

7.3 Legal Obligation

When required to comply with legal obligations.

7.4 Contract Performance

When necessary to perform a contract with you.

8. Data Sharing and Transfers

We may share your personal data with:

  • Service providers who assist in operating our website
  • Legal authorities when required by law
  • Professional advisors

8.1 International Transfers

Your data may be transferred to countries outside the European Economic Area (EEA).

When we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Other approved transfer mechanisms

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.

Retention periods depend on:

  • The nature of the data
  • The purpose of processing
  • Legal and regulatory requirements
  • Our legitimate business needs

When data is no longer needed, we will securely delete or anonymize it.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours.

11. Cookie Management

We use cookies and similar tracking technologies on our website.

11.1 Types of Cookies

  • Essential cookies: Required for website functionality
  • Analytics cookies: Help us understand website usage
  • Preference cookies: Remember your settings

11.2 Managing Cookies

You can control cookies through your browser settings. Options include:

  • Blocking all cookies
  • Blocking third-party cookies
  • Deleting cookies after each session
  • Accepting only certain cookies

Note that blocking essential cookies may affect website functionality.

11.3 Withdrawing Cookie Consent

You can withdraw your consent to non-essential cookies at any time by:

  • Changing your browser settings
  • Contacting us at support@gentleenter.com

12. Children's Privacy

Our website is not intended for children under 18. We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

We will take steps to delete such information from our systems.

13. Complaints and Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority.

13.1 Contact Us First

We encourage you to contact us first so we can address your concerns:

Email: support@gentleenter.com

13.2 Supervisory Authority

You have the right to lodge a complaint with the supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.

For users in the European Union, you can find your local supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

14. Updates to This Page

We may update this GDPR information page from time to time to reflect changes in our practices or legal requirements.

We will notify you of significant changes by posting a notice on our website or by email.

Please review this page periodically to stay informed about how we protect your data.

15. Contact Information

For any questions about your GDPR rights or our data protection practices, please contact us:

Email

  • support@gentleenter.com
  • Phone: +64 9 638 3777
  • info@gentleenter.com
  • contact@gentleenter.com

Postal Address

GentleEnter Limited
Data Protection Officer
2 Puriri Drive
Epsom, Auckland 1051
New Zealand

We aim to respond to all inquiries within one month.

16. Additional Resources

For more information about data protection and your rights, please visit:

  • European Data Protection Board: https://edpb.europa.eu/
  • Your local supervisory authority website
  • Our Privacy Policy
  • Our Terms of Use