GDPR & AVG Compliance

Comprehensive documentation covering data protection practices, legal basis for processing, and data subject rights.

Last Updated: February 25, 2026

GDPR Statement: This website is fully committed to compliance with the General Data Protection Regulation (GDPR) and the Dutch Algemene Verordening Gegevensbescherming (AVG). We operate on the principles of privacy by design and privacy by default.

1. Compliance Overview

ThisIsTheGoldenAgeofAmerica.com recognizes the importance of protecting the privacy and personal data of our visitors, particularly those residing in the European Union (EU) and the European Economic Area (EEA). This documentation outlines the specific measures we take to ensure compliance with the GDPR and AVG.

In accordance with Article 6 of the GDPR, we process personal data only when there is a legal basis for doing so. The primary legal basis for processing your email address is consent (Article 6(1)(a)), which you provide by voluntarily submitting an inquiry. The legal basis for processing server log data is our legitimate interest (Article 6(1)(f)) in ensuring the security and technical integrity of our website.

3. Data Controller

The data controller for this website is the private individual owner of the domain name. As a private individual operation, we have not appointed a Data Protection Officer (DPO), but we adhere to the same stringent data protection standards required of institutional controllers.

4. Data Subject Rights

As a data subject under the GDPR, you have the following rights:

  • The right to be informed about the collection and use of your personal data.
  • The right to access the personal data we hold about you.
  • The right to have inaccurate personal data rectified.
  • The right to have your personal data erased.
  • The right to restrict processing of your personal data.
  • The right to data portability.
  • The right to object to the processing of your personal data.

5. Right to Access and Portability

You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format. Requests for data access or portability should be submitted via our contact form. We will provide this information free of charge within 30 days.

6. Right to Erasure (Right to be Forgotten)

In certain circumstances, you have the right to request that we delete the personal data we hold about you. This includes cases where the data is no longer necessary for the purposes for which it was collected, or where you have withdrawn your consent. We will comply with such requests without undue delay.

7. Data Minimization & Retention

We adhere strictly to the principle of data minimization (Article 5(1)(c)). We only collect data that is adequate, relevant, and limited to what is necessary for facilitiating domain inquiries. We retain your data for no longer than is necessary to fulfill those purposes. Server logs are purged every 90 days, and inquiry data is deleted once the inquiry is resolved.

In compliance with Directive 2002/58/EC (ePrivacy Directive) and Dutch telecommunications law (Telecommunicatiewet), we inform you that this website uses only one first-party cookie. The cookie named ga_cookie_consent is an essential, first-party cookie that stores your cookie consent preference. It is stored in your browser's local storage, contains no personal data, and is not transmitted to any server. No tracking, analytics, advertising, or third-party cookies are used.

9. Data Protection Measures

We implement technical and organizational measures to protect personal data (Article 32). This includes HTTPS encryption (TLS), security headers (CSP, HSTS), and regular software updates. Access to data is restricted to the domain owner only. We use privacy-enhanced YouTube embeds to prevent unauthorized third-party tracking.

10. Data Breach Procedures

In the event of a personal data breach (Article 33), we will notify the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) within 72 hours of discovery. If the breach poses a high risk to individuals, we will also notify the affected data subjects directly (Article 34).

11. International Data Transfers

Data may be processed in jurisdictions outside the EEA. We ensure that such transfers comply with GDPR Chapter V, utilizing Standard Contractual Clauses (SCCs) where applicable for third-party scripts (like Google Fonts or YouTube).

12. Data Protection Impact Assessment

Due to the low risk and minimal volume of data processing, a full Data Protection Impact Assessment (DPIA) under Article 35 is not required. However, we continuously monitor our practices to ensure ongoing compliance.

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In the Netherlands, this is the Autoriteit Persoonsgegevens. You can find more information at autoriteitpersoonsgegevens.nl.

14. Contact

For all GDPR and compliance inquiries, please use the Institutional Inquiry Desk. We are committed to transparency and the protection of your digital rights.