GDPR – Data Protection

GDPR – Data Protection Notice Scope. This notice applies to individuals located in the European Economic Area (EEA), United Kingdom, and other jurisdictions where the General Data Protection Regulation (GDPR) or equivalent legislation applies. It supplements our Privacy Policy and sets out the specific rights and protections afforded to you under GDPR. Data controller. The data controller responsible for your personal information is Harbor Corner, registered at To be set (registration number Available on request). You may contact us about data protection matters at info@harborcorner.com or Available on request. Lawful bases for processing. We process your personal data only where we have a lawful basis to do so under Article 6 GDPR. The primary bases we rely on are: (a) performance of a contract – to fulfil your orders, manage your account, and provide customer support; (b) compliance with a legal obligation – to meet tax, accounting, anti-money-laundering, and other regulatory requirements; (c) legitimate interests – for fraud prevention, security, service improvement, and internal analytics, where those interests are not overridden by your rights and freedoms; and (d) consent – for optional marketing communications and non-essential cookies, where we have obtained your prior opt-in consent. Special categories of data. We do not intentionally collect special-category data (such as health, racial, or religious information) through the storefront. If you voluntarily disclose such information through customer support or product feedback, it will be processed only to the extent necessary to address your request, relying on your explicit consent or another lawful basis under Article 9 GDPR. International transfers. Where personal data is transferred to countries outside the EEA or UK that have not received an adequacy decision, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent transfer mechanisms recognised under applicable law, to ensure your data receives adequate protection. Your rights under GDPR. You have the following rights in relation to your personal data, subject to applicable conditions and exemptions: (i) Right of access – to obtain confirmation of whether we process your data and receive a copy (Article 15); (ii) Right to rectification – to have inaccurate or incomplete data corrected (Article 16); (iii) Right to erasure – to request deletion of data where it is no longer necessary, consent has been withdrawn, or processing is unlawful (Article 17); (iv) Right to restriction – to restrict processing in certain circumstances, such as while accuracy is contested (Article 18); (v) Right to data portability – to receive data you provided in a structured, machine-readable format and transmit it to another controller (Article 20); (vi) Right to object – to object to processing based on legitimate interests or for direct marketing (Article 21); (vii) Rights related to automated decision-making – not to be subject to solely automated decisions that produce significant legal or similarly significant effects, except where permitted by law (Article 22). How to exercise your rights. To exercise any of the above rights, please contact us at info@harborcorner.com. We will respond within one month of receipt of your request and may extend this period by a further two months where requests are complex or numerous, notifying you accordingly. We may need to verify your identity before processing your request. We will not charge a fee for handling your request unless it is manifestly unfounded or excessive. Right to lodge a complaint. If you believe that our processing of your personal data infringes applicable data protection law, you have the right to lodge a complaint with the supervisory authority in your EU member state of habitual residence, place of work, or the location of the alleged infringement. In the United Kingdom, the relevant authority is the Information Commissioner's Office (ICO). Contact details for EU supervisory authorities are available at https://www.edpb.europa.eu. Retention. We retain personal data for no longer than is necessary for the purposes for which it was collected, taking into account legal retention requirements, limitation periods for potential claims, audit requirements, and operational needs. When data is no longer required, we delete or anonymise it securely. Updates to this notice. We may update this GDPR notice periodically. The current version will be published on this page. For broader information about how we handle personal data, please also read our Privacy Policy.