GDPR Compliance Statement

Last updated: April 28, 2026

Our Commitment to GDPR

StomaRispa Premium is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This statement outlines how we comply with GDPR requirements.

Legal Basis for Processing

We process your personal data based on one or more of the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes.
• Contract: Processing is necessary for the performance of a contract with you or to take steps before entering into a contract.
• Legal obligation: Processing is necessary to comply with legal obligations.
• Legitimate interests: Processing is necessary for our legitimate interests or those of a third party, provided these interests do not override your rights.

Your Rights Under GDPR

Under GDPR, you have the following rights:

Right to Access

You have the right to request copies of your personal data. We may charge a reasonable fee for additional copies.

Right to Rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to Erasure

You have the right to request that we erase your personal data under certain conditions, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Object to Processing

You have the right to object to our processing of your personal data under certain conditions, particularly for direct marketing purposes.

Right to Data Portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to Withdraw Consent

Where we rely on consent to process your personal data, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: [email protected]
Subject line: GDPR Request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of such an extension.

Data Protection Officer

For questions regarding our data protection practices or to exercise your rights, you may contact our Data Protection Officer:

Email: [email protected]

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection
• Incident response procedures

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and, where feasible, within 72 hours of becoming aware of the breach.

International Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions by the European Commission
• Binding corporate rules

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Customer data: Duration of business relationship plus 7 years for legal and tax purposes
• Marketing data: Until consent is withdrawn or 2 years of inactivity
• Website analytics: 26 months

Complaints

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with a supervisory authority. In Canada, you may contact:

Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec K1A 1H3
Toll-free: 1-800-282-1376
Website: www.priv.gc.ca

Updates to This Statement

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes.

Contact Us

For any questions about our GDPR compliance, please contact:

StomaRispa Premium
847 Queen Street West
Toronto, Ontario M6J 1G1
Canada
Email: [email protected]