Data Requests (GDPR/CCPA)

Last updated: August 2025

1) Your privacy rights

If you are located in the European Economic Area (EEA), United Kingdom (UK), Switzerland, or in a region covered by data-protection laws such as the California Consumer Privacy Act (CCPA), you may have specific rights regarding your personal data. These rights may include:

• Access: Request a copy of personal data we hold about you.
• Correction: Request corrections if your data is inaccurate or incomplete.
• Deletion: Request deletion of personal data under certain conditions.
• Restriction: Request limitation of processing for certain purposes.
• Portability: Request a machine-readable copy of your data.
• Opt-out: In some jurisdictions, request that your data not be sold or shared for advertising purposes.

2) How to make a data request

You can exercise your data rights by contacting us directly:

Email: privacy@herrassi.com
Subject line: “Data Request — GDPR/CCPA”

Please include sufficient information to verify your identity and process your request securely.

3) Verification process

For your protection, we may request additional information to verify your identity before fulfilling your data request. This ensures personal data is only disclosed to the rightful owner.

4) Response timeframe

We aim to respond to valid data requests within 30 days, as required by law. Complex or high-volume requests may take longer, but we will keep you informed.

5) Limitations

We may not be able to fulfill requests that would:

• Conflict with legal obligations or regulatory requirements.
• Compromise security, privacy, or rights of other individuals.
• Prevent us from establishing or defending legal claims.

6) Regulatory contacts

If you are not satisfied with our response, you may lodge a complaint with your local data-protection authority or privacy regulator.

7) Contact information

For all privacy and data requests, please contact us at:
privacy@herrassi.com