GDPR Policy

Mystic Morass is committed to processing your personal data responsibly, transparently, and in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR).

Lawful basis for processing

• We only process your personal information for legitimate purposes, with your consent or in fulfilment of contractual/legal obligations.
• Your data will never be sold or shared with third parties without your explicit agreement, except where required by law.

Your GDPR rights

• Right to access, rectify, or erase your personal data.
• Right to restrict or object to processing.
• Right to portability of your data.
• Right to withdraw consent at any time.

Data Security and Transfers

We implement best-in-class security measures to ensure the safeguarding of your data both within and outside the EU. If your data is transferred internationally, appropriate safeguards are honored.

Contact us regarding GDPR

For questions about this policy or your data, please email [email protected]. EU residents may also lodge complaints with their local supervisory authority.