GDPR Policy

Privacy Notice

The Comphy Company, Inc, with Federal ID# 77-0614554 with its principal office at 7034 Portal Way #110, Ferndale, WA 98248  ("Comphy") respects your privacy and is committed to protecting it. We provide this Privacy Notice to inform you of our policy and practices in relation to data protection.

We are a “data controller” in terms under European Union data protection laws (the EU General Data Protection Regulation 2016) (“Data Protection Laws”).

This Privacy Notice explains how we collect and use the information about our customers in the European Economic Area (“EEA”). We need to process personal data relating to customer so that the services you request can be delivered effectively and efficiently, to improve our services, to ensure good governance, to perform credit checks, to send marketing materials, to perform our business and to enable us to meet our legal obligations.

Information We May Collect and How We Use It

This list includes all the ways we may use your personal information, and which of the reasons we rely on to do so. This is where we tell you what our legitimate interests are. 

Personal Information We May Process

Our Reasons For Processing

Our Legitimate Interests

Customers who are individual consumers:

·       Name

·       Residential address

·       Contact details

·       Financial details

·       Fulfilling contracts

·       Our legitimate interests

·       To administer our business and fulfil our contracts

·       To keep customers up to date with our upsells, promotions and reviews, in accordance with Data Protection Laws

Business Customers:

·       Names/contacts details/job titles/ tax information of sole traders

·       Names/contacts details/job titles/tax information of employees of business customers

·       Fulfilling contracts

·       Our legitimate interests

·       To administer our business and fulfil our contracts

·       To keep customers up to date with our upsells, promotions and reviews, in accordance with Data Protection Laws

Where do we obtain your information?

In most cases we will obtain information from you directly.

More specifically we collect information:

  • when you email or call us;
  • when you place an order with us; or
  • when you provide us with information via our website

If required to fulfil an order, we may collect personal data about you indirectly from professional credit check agencies.

We may monitor, record, store and use any email or other communication with you.

Sharing your information internally and with other organisations

The information you provide to us may be accessed by our staff, our auditors, our professional advisors and carefully selected third parties (such as [Shopify, Webgility, MailChimp and Salesforce]) in the course of providing services to us under suitable obligations of confidentiality. We will provide information about you to third party organizations if the services we provide to you need us to do this. 


We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorized persons and protected against improper use and disclosure, unauthorized modification and unlawful processing or destruction or accidental loss, destruction or damage.

Please be aware that unfortunately the transmission of information via the internet or by email is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the data transmitted to us and any transmission is at your own risk.

The period for which the personal data will be processed

We will retain personal data securely and only in line with how long it is necessary to keep for the purposes or for a legitimate and lawful reason.

Our typical retention periods are as follows:


Personal Data

Retention Period

Marketing list names and emails addresses

10 Years

Physical sales order forms

1 year from the date the order was shipped to customer

Electronic customer contracts

6 Years plus the current fiscal year

Paper and electronic sales data required to support revenue reported on Sales and Excise tax returns due to the state of Washington and the IRS

6 years

Some personal data may be retained for longer where it is in our legitimate interest to do so, such as to protect and defend our legal rights; or for research, archiving or statistical purposes.  Individuals can request that other information relating to them be erased and we will deal with such requests in accordance with the law.

Transfers outside the European Economic Area

Our IT servers are based in the United States of America and as such your personal data will be stored and processed outside the EEA. As this occurs we ensure that appropriate protections are put in place to ensure that we, or any third party that your data is processed by, protects the data to a similar standard as the EEA.

Your rights as a data subject

You have the right as a data subject under applicable Data Protection Laws to:

  • make a request to get a copy of the personal information that we hold about you; 
  • you can also ask us to correct your personal information if it is incorrect;
  • request the erasure of personal data;
  • restrict how we process your personal data;
  • object to processing, and
  • data portability.

Where we process your personal data based upon your consent, you have the right to withdraw your consent at any time.

For more information and guidance about any of these rights please go to the website of the Supervisory Authority of the EEA country that you reside in.


If you think there is an issue in the way in which we handle your personal data, you have a right to raise a complaint with the relevant Supervisory Authority’s Office. Their websites should contain details of how to make a complaint. However, we ask that you give us the opportunity to deal with your complaint in the first instance.

Changes to this Privacy & Fair Processing Notice 

We keep our Privacy Notice under regular review and reserve the right to update and amend it.  This notice was last updated on [23 April 2019].

Visitors to our website

Your personal details are not recorded unless you choose to submit an email.  


You have the right to remove your personal information from our mailing lists or can choose not to receive further information about our latest work. To do this, please follow the unsubscribe option attached to all of our news and marketing emails.

Ask to see your records

See information we hold about you

Under the Data Protection Laws you have a right to ask to see information held by us that is about you. Asking for this information is called making a subject access request or “SAR”.

Further information

For further information about the proposed data sharing set out in this notice, or about any aspect of the way Comphy is processing your personal data, please contact us at (323) 225-8234.