Last Updated: 18/08/2025

This GDPR Compliance Policy explains how Cozy Home Buzz (www.cozyhomebuzz.com) complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Union and European Economic Area.

Data Controller Information

Data Controller: Cozy Home Buzz
Website: www.cozyhomebuzz.com
Contact Email: contact@cozyhomebuzz.com
DPO Contact: contact@cozyhomebuzz.com (if applicable)

Legal Basis for Processing

We process your personal data based on the following lawful bases under GDPR Article 6:

Consent (Article 6(1)(a))

  • Newsletter subscriptions
  • Optional marketing communications
  • Non-essential cookies
  • Voluntary survey participation

Legitimate Interests (Article 6(1)(f))

  • Website analytics and improvement
  • Security and fraud prevention
  • Technical website operation
  • Content personalization based on general preferences

Performance of Contract (Article 6(1)(b))

  • Providing requested services
  • Responding to your inquiries

Types of Personal Data We Collect

Data You Provide Directly

  • Contact Information: Name, email address
  • Communication Data: Messages sent through contact forms
  • Comment Data: Name, email, and content when commenting
  • Subscription Data: Email address for newsletter subscriptions

Data Collected Automatically

  • Technical Data: IP address, browser type, device information
  • Usage Data: Pages visited, time spent, referring websites
  • Cookie Data: As described in our Cookie Policy

How We Use Your Personal Data

We use your personal data for the following purposes:

  • Service Provision: Delivering content and responding to inquiries
  • Communication: Sending newsletters and updates (with consent)
  • Website Improvement: Analyzing usage patterns and optimizing user experience
  • Security: Protecting against fraud and ensuring website security
  • Legal Compliance: Meeting regulatory requirements

Data Sharing and Third-Party Processors

We may share your data with the following categories of third parties:

Service Providers

  • Web Hosting: [Insert hosting provider name]
  • Email Marketing: [Insert email service provider]
  • Analytics: Google Analytics (anonymized data)
  • Comment Systems: [Insert comment system if applicable]

All third-party processors are selected based on their GDPR compliance and appropriate data protection measures.

International Transfers

If your data is transferred outside the EU/EEA, we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (where applicable)

Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You can request information about the personal data we hold about you, including:

  • Categories of data processed
  • Purposes of processing
  • Recipients of your data
  • Retention periods

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data when:

  • Data is no longer necessary for the original purpose
  • You withdraw consent and no other legal basis exists
  • Data has been unlawfully processed
  • Erasure is required for legal compliance

Right to Restrict Processing (Article 18)

You can request limitation of processing when:

  • You contest the accuracy of the data
  • Processing is unlawful but you prefer restriction over erasure
  • We no longer need the data but you need it for legal claims

Right to Data Portability (Article 20)

You can request your data in a structured, machine-readable format for transfer to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

We do not engage in automated decision-making or profiling that produces legal or significant effects.

Cookie Consent and Management

Cookie Categories

  • Strictly Necessary: Essential for website functionality
  • Performance: Analytics and website improvement
  • Functional: Enhanced user experience features
  • Marketing: Advertising and marketing communications

Your Cookie Choices

You can:

  • Accept or reject non-essential cookies through our cookie banner
  • Modify cookie preferences at any time
  • Use browser settings to block or delete cookies
  • Opt-out of analytics tracking

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Contact Form Data: 3 years from last contact
  • Newsletter Subscriptions: Until you unsubscribe
  • Comment Data: Indefinitely (unless deletion requested)
  • Analytics Data: 26 months (Google Analytics default)
  • Technical Logs: 12 months

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

Technical Measures

  • SSL encryption for data transmission
  • Regular security updates and patches
  • Access controls and authentication
  • Data backup and recovery procedures

Organizational Measures

  • Staff training on data protection
  • Regular security assessments
  • Incident response procedures
  • Privacy by design principles

Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours (when required)
  • Inform affected individuals if the breach poses a high risk to their rights and freedoms
  • Document all breaches and response actions taken

Children’s Data

Our website is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data immediately.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us:

Email: contact@cozyhomebuzz.com
Subject Line: “GDPR Data Request”

Please include in your request:

  • Your full name and email address
  • Specific right you wish to exercise
  • Details to help us locate your data
  • Proof of identity (if required)

We will respond to your request within one month of receipt.

Supervisory Authority

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your local authority at: https://edpb.europa.eu/about-edpb/board/members_en

Updates to This Policy

We may update this GDPR Compliance Policy to reflect:

  • Changes in data processing practices
  • Updates to legal requirements
  • Improvements to our privacy practices

We will notify you of significant changes through:

  • Website notifications
  • Email updates (for subscribers)
  • Updated “Last Modified” date

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when introducing new technologies or processing activities that may pose high risks to your privacy rights.

Cross-Border Data Transfers

When transferring personal data outside the EU/EEA, we ensure adequate protection through approved transfer mechanisms and safeguards as required by GDPR Articles 44-49.

Record of Processing Activities

We maintain records of our data processing activities as required by GDPR Article 30, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Recipients of personal data
  • Retention periods
  • Security measures

Contact Information

Data Protection Inquiries:
Email: contact@cozyhomebuzz.com
Website: www.cozyhomebuzz.com

For GDPR-specific requests, please use the subject line “GDPR Request” to ensure prompt handling.

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: The entity that processes personal data on behalf of the controller
  • Data Subject: The individual whose personal data is being processed