Privacy Page (EU)

This Privacy Policy was last updated on November 29, 2025.

1. Introduction

This Privacy Policy explains how I process personal data when you visit:

  • https://missthaitiny.com
  • https://missthaitiny.io

I keep this policy as short and clear as possible while meeting basic GDPR requirements.

2. Data controller and contact

The data controller for these websites is:

Miss ThaiTiny
c/o Legaldesk.dk ApS, Njalsgade 21F, 2., 2300 København S, Denmark
Email: admin@thaitiny.com

If you have questions about this policy or how I process personal data, you can contact me by email.

3. What data we process

I do not offer user accounts, comments or newsletters on these sites. The personal data I process falls into a few limited categories.

3.1 Technical and log data

When you visit omy websites, my hosting provider automatically processes technical information, for example:

  • IP address and approximate location (based on IP)
  • Date and time of access
  • URL visited and referrer URL
  • Information about device, browser and operating system

This information is stored in server logs and is used for security, error detection and to ensure stable operation of the websites.

3.2 Cookies and similar technologies

I use cookies and similar technologies on our websites. These may include:

  • Necessary cookies (for basic site functions)
  • Optional cookies (for statistics or embedded services), depending on your choices in the cookie banner

Details about the cookies used, their purpose and how long they are stored are described in my Cookie Policy, which is available from the cookie banner and in the footer.

You can change or withdraw your consent to non-essential cookies at any time via the cookie settings.

3.3 Direct communication

If you contact me (for example by email or via any contact option I provide), I process:

  • Name or alias (if provided)
  • Email address
  • The content of your message and any attachments

I use this information only to handle and respond to your enquiry.

3.4 Copyright protection and DMCA work

I actively protect my photos and videos against unauthorised use. For this purpose I may process:

  • URLs, screenshots and metadata related to suspected infringements
  • IP addresses and other technical identifiers contained in logs or evidence
  • Communication with platforms, hosting providers or legal representatives

This may be done directly by me and/or together with content-protection and DMCA services.

4. Purposes and legal bases

I process personal data only when I have a legal basis under the GDPR. The main purposes and legal bases are:

  1. Operating and securing the websites
    To display the sites, maintain performance, prevent abuse and detect technical errors.
    Legal basis: our legitimate interests in running secure and stable websites (GDPR art. 6(1)(f)).
  2. Managing enquiries and communication
    To reply when you contact me and to keep reasonable records of the communication.
    Legal basis: legitimate interests and, where relevant, performance of a contract (art. 6(1)(f) and 6(1)(b)).
  3. Consent-based cookies and similar technologies
    For any cookies or scripts that are not strictly necessary, I rely on your consent given via the cookie banner (art. 6(1)(a)).
    You can withdraw your consent at any time via the cookie settings.
  4. Protection of rights and handling disputes
    To investigate copyright infringements, secure evidence and assert or defend legal claims.
    Legal basis: My legitimate interests in protecting my rights and content and, where applicable, legal obligations (art. 6(1)(f) and 6(1)(c)).

5. How long we keep data

I keep personal data only for as long as necessary for the purposes described above:

  • Server logs: normally kept for up to 90 days, unless specific entries are needed longer for security or legal reasons.
  • Email and other enquiries: kept for as long as needed to handle the enquiry and for a reasonable period afterwards for documentation.
  • Cookie-related data: kept for the lifetime shown in the Cookie Policy or until you withdraw consent.
  • Copyright / legal records: kept for as long as required to establish, exercise or defend legal claims.

6. Sharing of personal data

I only share personal data where necessary and with appropriate safeguards:

  • Hosting provider
    My websites are hosted by a third-party provider that processes server logs and technical data on my behalf.
  • Content protection and DMCA services
    For copyright protection and takedown work I may share relevant information with content-protection services and with hosting providers or platforms where infringing material appears.
  • Professional advisers and authorities
    In connection with disputes, audits or legal obligations, data may be shared with legal advisers, courts or public authorities where required.

I do not sell or rent personal data to third parties.

7. Transfers outside the EU/EEA

Some of my service providers or the platforms I interact with may be located outside the EU/EEA. In such cases, personal data may be processed under the laws of those countries.

Where possible I use providers that offer an adequate level of data protection, for example through standard contractual clauses or comparable safeguards.

When you follow links from my sites to external platforms (for example social media, content platforms, gift services or payment providers), those platforms act as independent data controllers and process your data under their own privacy policies.

8. Your rights with respect to personal data

Under the GDPR you have several rights in relation to your personal data:

  • The right to know why your personal data is needed, what will happen to it, and how long it will be retained.
  • Right of access: to know whether I process your data and to receive a copy.
  • Right to rectification: to have inaccurate or incomplete data corrected.
  • Right to erasure: to have data deleted in certain situations (“right to be forgotten”).
  • Right to restriction of processing: to have processing limited in specific cases.
  • Right to data portability: to receive the data you provided to me in a structured, commonly used and machine-readable format, where processing is based on consent or contract and carried out by automated means.
  • Right to object: to object to processing based on our legitimate interests, including related profiling.

Where processing is based on your consent, you may withdraw that consent at any time with effect for the future. This does not affect the lawfulness of processing before consent was withdrawn.

To exercise any of these rights, you can contact me at admin@thaitiny.com. I may ask you for additional information to verify your identity before acting on your request.

You also have the right to lodge a complaint with your local data protection authority. In Denmark, this is:

Datatilsynet
Carl Jacobsens Vej 35
2500 Valby
Denmark
Website: https://www.datatilsynet.dk

9. Changes to this Privacy Policy

I may update this Privacy Policy from time to time, for example if my processing changes or if legal requirements are updated. The latest version is always available on this page. The “Last updated” date at the top will show when the policy was most recently revised.

Scroll to Top