GDPR & Your Data Rights
Last updated: June 7, 2026
This page explains how Ready2Burst ("we", "us", "our") processes personal data in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. This applies to residents of the European Economic Area (EEA), the United Kingdom, and other regions with equivalent data protection laws.
For a complete description of how we collect and use data, please also read our Privacy Policy.
1. Data Controller
Ready2Burst is the data controller for personal data processed through this website. You can contact us regarding data protection matters at:
Email: [email protected]
2. Legal Basis for Processing
We process your personal data on the following legal bases:
| Purpose | Legal Basis |
|---|---|
| Account creation & management | Performance of a contract (Art. 6(1)(b)) |
| Processing payments & subscriptions | Performance of a contract (Art. 6(1)(b)) |
| Sending transactional emails | Performance of a contract (Art. 6(1)(b)) |
| Fraud prevention & security | Legitimate interests (Art. 6(1)(f)) |
| Compliance with legal obligations | Legal obligation (Art. 6(1)(c)) |
| Usage analytics (anonymised) | Legitimate interests (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
3. Your Rights Under the GDPR
As a data subject in the EEA or UK, you have the following rights:
You have the right to obtain a copy of your personal data that we hold, along with information about how we process it.
You have the right to correct inaccurate personal data we hold about you, or to complete incomplete data.
You have the right to request deletion of your personal data where it is no longer necessary, where you withdraw consent, or where processing is unlawful.
You have the right to request that we restrict processing of your data in certain circumstances.
You have the right to receive your personal data in a structured, commonly used, machine-readable format.
You have the right to object to processing based on legitimate interests, including profiling.
You have the right not to be subject to decisions based solely on automated processing. We do not use automated decision-making of this nature.
Where we process your data based on consent, you may withdraw that consent at any time.
4. How to Exercise Your Rights
To exercise any of your rights, submit a written request to:
Email: [email protected]
We will respond to your request within 30 days. We may need to verify your identity before processing the request.
5. Data Transfers Outside the EEA
Some of our service providers are located outside the EEA. Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).
- Stripe (payment processing) β complies with GDPR through Standard Contractual Clauses and participation in the EUβUS Data Privacy Framework.
6. Data Retention
| Data Type | Retention Period |
|---|---|
| Account & profile data | Duration of account + 90 days after deletion request |
| Payment & transaction records | 7 years (financial regulation requirement) |
| Server logs & IP addresses | 90 days |
| Support communications | 3 years from last contact |
| Model application data | 2 years if not approved; indefinitely if approved |
7. Cookies & Tracking
We use only functional/session cookies necessary for the operation of the Site. We do not use advertising cookies, tracking pixels, or cross-site trackers. For full details see our Privacy Policy β Section 5.
8. Filing a Complaint
If you believe we have not handled your personal data in accordance with the GDPR, you have the right to lodge a complaint with your local data protection supervisory authority.
- EU residents: contact the supervisory authority in your EU member state at edpb.europa.eu.
- UK residents: contact the Information Commissioner's Office (ICO) at ico.org.uk.
9. Contact & Data Requests
Ready2Burst Data Privacy
[email protected]
We aim to acknowledge all requests within 72 hours and fulfil them within 30 days.