Privacy Policy
Privacy Policy
Last Updated: January 23, 2026
1. Data Controller
Data Controller: Filming Lahaul Blog
Contact Email: info@filminglahaul.com
For personal privacy reasons, the data controller is identified by the blog name. Requests regarding GDPR rights can be sent to the contact email above.
2. Personal Data Collected
Our website collects the following personal data:
2.1 Comment Data
If you decide to leave a comment on an article, we collect:
- Name (required)
- Email (required, not published)
- Website (optional)
- Comment content
- IP address (automatically)
- Date and time of comment
2.2 Technical Data (Automatic)
When you visit the site, we automatically collect:
- IP address
- Browser type and version
- Operating system
- Pages visited
- Date and time of visit
- Session duration
2.3 Cookies
See our Cookie Policy for details on cookies used.
3. Legal Basis for Processing
Your data is processed under Article 6 of the GDPR for the following purposes:
| Data | Legal Basis | Purpose |
|---|---|---|
| Comments | Consent (Art. 6(1)(a)) | You voluntarily choose to comment |
| Comment Email | Consent (Art. 6(1)(a)) | To reply to your comments |
| Comment IP | Legitimate Interest (Art. 6(1)(f)) | Security and spam prevention |
| Technical Data | Legitimate Interest (Art. 6(1)(f)) | Site functionality and security |
4. Purpose of Processing
Your data is used exclusively for:
- Comment Management: Display your comment and respond to you
- Security: Prevent spam and abuse
- Site Analysis: Understand which articles are most popular
- Legal Compliance: Compliance with regulations
We never use your data for:
- Commercial marketing
- Sale to third parties
- Profiling
- Behavioral tracking
5. Data Retention
| Data | Duration | Reason |
|---|---|---|
| Approved comments | While publicly visible | Blog functionality |
| Rejected comments | 30 days | Spam prevention |
| Comment emails | 3 years | Legal compliance |
| IP logs | 30 days | Security |
| Session data | During visit | Technical cookies |
If you request deletion, we will remove your data within 30 days (unless there is a legal obligation to retain it).
6. Your Rights
You have the following rights under the GDPR:
6.1 Right of Access
You can request what personal data we hold about you.
6.2 Right to Rectification
If your data is inaccurate, you can request correction.
6.3 Right to Erasure (“Right to be Forgotten”)
You can request deletion of your data, except if:
- There is a legal obligation to retain it
- It is necessary for security purposes
6.4 Right to Restrict Processing
You can request to limit how we process your data.
6.5 Right to Data Portability
You can receive your data in a readable format (e.g., CSV).
6.6 Right to Object
You can object to our use of your data for legitimate purposes.
6.7 Right to Lodge a Complaint
If you believe we are violating your rights, you can file a complaint with your national data protection authority.
To exercise any of these rights, contact: info@filminglahaul.com
7. Data Sharing
Your data is NOT shared with third parties, unless:
- You explicitly request it
- There is a legal obligation
- It is necessary for site security
7.1 Website Hosting
Our site is hosted with a third-party provider. Data is stored on their servers. The hosting provider acts as a Data Processor and complies with GDPR.
8. International Data Transfers
Data is not transferred outside the EU and is protected by GDPR-compliant agreements.
9. Data Security
We protect your data with:
- SSL/HTTPS encryption (encryption in transit)
- Regular backups
- Limited access to authorized personnel
- GDPR compliance from our hosting provider
However, no system is 100% secure. If you discover a breach, contact us immediately.
10. Contact
For any questions about this Privacy Policy or to exercise your GDPR rights:
📧 Email: info@filminglahaul.com
Data Controller: Filming Lahaul Blog
11. Changes to This Policy
This Privacy Policy may be updated periodically to reflect regulatory changes or changes in our practices.
The “Last Updated” date will always be indicated at the top of this page.
This policy is compliant with the GDPR (EU Regulation 2016/679) and international data protection standards.