Log in Subscribe

GDPR Rights

This page explains your privacy rights under GDPR.

Effective date: 21 December 2025

This GDPR Rights page explains how Gishty complies with the EU General Data Protection Regulation (GDPR) and similar data protection laws in the UK and elsewhere.

This page explains how Gishty handles personal data and what rights you have under the GDPR. The processing of personal data described here applies automatically when you use Gishty’s site or subscribe to Gishty’s newsletters.

See also:

1. Who Gishty is

Gishty is operated by Sham Jaff, a freelance journalist (Freiberuflerin) in Germany.

The data controller responsible under Article 4(7) of the General Data Protection Regulation (GDPR) is Sham Jaff.

You can contact Sham Jaff at [email protected] or at Holsteinische Strasse 38, 12161 Berlin, Germany.

2. Gishty's GDPR Principles

Gishty follows the core principles of GDPR (Article 5):

  1. Lawfulness, fairness, and transparency: Gishty only processes data legally and clearly explain how.
  2. Purpose limitation: Gishty only uses data for the purposes Gishty collects it for.
  3. Data minimization: Gishty collects the least amount of personal data necessary.
  4. Accuracy: Gishty keeps data up to date and correct errors promptly.
  5. Storage limitation: Gishty doesn't keep data longer than needed.
  6. Integrity and confidentiality: Gishty protects data using strong technical and organizational measures.
  7. Accountability: Gishty documents and stands by every data-handling decision.

3. Lawful Bases for Processing

Under GDPR, Gishty relies on one or more of the following legal bases:

  • Consent: For newsletter subscriptions or cookies.
  • Contract: To deliver paid VIP subscriptions or account services.
  • Legitimate interest: To improve Gishty's site and analyze readership trends.
  • Legal obligation: To comply with tax or regulatory requirements.

4. Your GDPR Rights

You have the right to:

  • Access: Request a copy of your personal data.
  • Rectification: Ask Gishty to fix incorrect or incomplete data.
  • Erasure (“right to be forgotten”): Ask Gishty to delete your data.
  • Restriction: Limit how Gishty uses your data.
  • Portability: Request a copy of your data in a portable format.
  • Objection: Object to certain types of processing (e.g. marketing).
  • Withdraw consent: Withdraw previously given consent at any time.

To exercise these rights, email Gishty at [email protected]. We’ll respond within 30 days, as required by GDPR.

5. International Data Transfers

If Gishty transfers data outside the EEA or UK, Gishty does its best to ensure the destination services follow guidelines consistent with GDPR and European privacy legislation.

6. Data Processors Gishty Uses

Gishty partners only with trusted providers who meet GDPR standards. Typical processors include:

  • Mailchimp: Newsletter delivery
  • PayPal: Payment processing
  • Cloudflare / AWS: Hosting and security

7. Data Retention

Gishty keeps personal data only as long as necessary for its intended purpose — typically:

  • Newsletter subscriptions: until you unsubscribe
  • Payment data: as required for tax and audit compliance

After that, data is deleted or fully anonymized.

8. How Gishty Protects Your Data

Gishty uses industry-standard security measures:

  • HTTPS encryption
  • Access controls and password protection
  • Encrypted backups
  • Incident response and breach notification procedures

If a breach occurs, Gishty notifies affected users and regulators within 72 hours, as required by law.

9. Contact Information

If you have questions or concerns about how Gishty handles your data: [email protected].