GDPR Compliance

Last Updated: April 23, 2026

Underdecor Studio is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA) and beyond.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contractual necessity: To fulfill our custom tailoring services and maintain client relationships
• Legitimate interests: To improve our services, prevent fraud, and maintain business operations
• Consent: For marketing communications and optional data processing activities
• Legal obligations: To comply with applicable laws and regulations

Your Rights Under GDPR

As a data subject, you have the following rights:

• Right to access: Request copies of your personal data
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data ("right to be forgotten")
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Receive your data in a structured, commonly used format
• Right to object: Object to processing based on legitimate interests or for direct marketing
• Right to withdraw consent: Withdraw consent at any time without affecting prior processing
• Right to lodge a complaint: File a complaint with your local supervisory authority

Data Protection Officer

For questions regarding data protection and GDPR compliance, contact our Data Protection Officer:

Email: [email protected]

Data Processing Activities

We process personal data for the following purposes:

• Order processing and service delivery
• Customer relationship management
• Marketing and promotional communications (with consent)
• Website analytics and performance optimization
• Fraud prevention and security
• Legal compliance and dispute resolution

International Data Transfers

We primarily process data within Canada. When data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard contractual clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Explicit consent for specific transfers

Data Retention Periods

We retain personal data for the following periods:

• Client measurement data: Duration of relationship plus 7 years
• Transaction records: 7 years for accounting and tax purposes
• Marketing consent: Until consent is withdrawn
• Website analytics: 26 months

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

Security Measures

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Access controls and authentication protocols
• Regular security assessments and updates
• Employee training on data protection
• Incident response procedures

Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

Email: [email protected]
Address: 847 Granville Street, Vancouver, BC V6Z 1K3, Canada

We will respond to your request within 30 days. In complex cases, we may extend this period by an additional 60 days, with notification.

Updates to This Policy

We may update this GDPR compliance statement periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website and, where appropriate, via email.