I have made the following changes to the Privacy Policy:
The following line changed from : “I currently rely on two sub-processors MailGun and OVH.” to “I currently rely on four sub-processors MailGun, CloudFlare, ClouDNS and OVH.”.
I added the following:
CloudFlare provides CDN (Content Delivery Network) for media files. The usage of a CDN is intended to improve load times on media files, especially for users not in Europe. If you don’t need or want a CDN (or to use CloudFlare) just request it and I will serve media files directly from OVH/France or you can use your own CDN.
ClouDNS provides DNS hosting for the Masto.host domain.
Rights of the data subject Although you use my services as a Data Controller, by hiring me to provide this service, you also have rights as a data subject. As such, you are entitled to require the exercise of the following rights:
Right to access (article 15 GDPR) This right allows you to know if your data is being processed or not. When they are being processed, you can inquire about the purpose of the processing, categories of the data being processed, who is accessing your data and what is the conservation deadline.
Right to rectification (article 16 GDPR) By exercising this right, you can ask that your data is rectified/corrected when the personal data is inaccurate.
Right to erasure (‘right to be forgotten’) (article 17 GDPR)
You can ask to be forgotten in the following conditions:
-the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; -you want to withdraw consent on which the processing is based on, and there is no other legal ground for the processing; -you object to the processing pursuant exercising your right to object and there are no overriding legitimate grounds for the processing; -the personal data have been unlawfully processed; -the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
Right to restriction of processing (article 18 GDPR)
You can ask that I restrain the processing of your data if:
-you contest the accuracy of your personal data, and you can ask for the restriction of processing while I verify the accuracy of the personal data; -the processing is unlawful, and you oppose to the erasure of the personal data and request the restriction of their use instead; -we no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defence of legal claims; -you objected to the processing (article 21(1)), and verification is pending the in whether our legitimate grounds override those of the data subject.
Right to data portability (article 20 GDPR)
This right allows you to ask me that your data can be transferred to you or to a service of your choosing.
You can only exercise this right when the data is processed with a legal basis on your consent or a contract and when the processing carried out by automated means. I will provide the data in a structured, commonly used and machine-readable format.
Right to object (article 21 GDPR)
You can object to the processing of data I do when it is based on my legitimate interests.
Right to retrieve your consent
At any given time, you also have the right to retrieve your consent, when this is my legal basis to process your personal data.
I can make changes to this Privacy Policy, but if they affect the way I process your personal data, I will let you know.
Any questions or issues with these changes please let me know.