Privacy Policy — Data Subject Rights Notice
In accordance with Article 17 of the General Data Protection Regulation (EU) 2016/679
Last Updated: March 2026 | Version 1.0
Overview
This statement sets out your rights under the General Data Protection Regulation (GDPR) with respect to the erasure of your personal data — commonly referred to as the “Right to Be Forgotten.” This right is established under Article 17 of the GDPR and applies to all personal data we hold about you in connection with your use of this website, including your registered account and any comments you have submitted.
We are committed to upholding your data rights and to handling all erasure requests lawfully, transparently, and without undue delay.
If you have any questions about how we process your personal data, please contact us at the address above before submitting an erasure request.
Data Controller
For the purposes of the GDPR, the data controller responsible for your personal data is:
Graystone Solutions Group, LLC.
Attention: Privacy Officer
Monroe, LA. 71203
United States
privacy@graystone.solutions
Personal Data We Hold About You
When you register an account or post comments on this website, we may collect and store the following categories of personal data:
Registration Data
Full name or display name
Email address
Username and encrypted password
Date and time of account creation
IP address recorded at the time of registration
Optional profile information you choose to provide (e.g., biography, profile picture)
Comment and Activity Data
Comment text and any embedded media you submit
Date, time, and IP address associated with each comment
Reaction, vote, or moderation history linked to your account
Edit history of your comments where applicable
Technical and Log Data
Login timestamps and session records
Browser type, operating system, and device identifiers (where collected)
Cookies and similar tracking data (see our separate Privacy Policy)
Your Right to Erasure
You have the right to request that we erase your personal data where one or more of the following grounds apply (Article 17(1) GDPR):
Your personal data is no longer necessary for the purposes for which it was collected or processed.
You withdraw consent on which the processing was based and there is no other legal ground for processing.
You object to the processing under Article 21 GDPR and there are no overriding legitimate grounds.
Your personal data has been unlawfully processed.
Your personal data must be erased to comply with a legal obligation under EU or Member State law.
Your personal data was collected in relation to the offer of information society services to a child (Article 8(1) GDPR).
You are not required to provide a reason for your erasure request, though doing so may help us process it more efficiently.
How to Submit an Erasure Request
You may submit a Right to Erasure request through any of the following methods:
Online: Log into your account and navigate to: Settings > Privacy > Delete My Account and Data. This will initiate an automated erasure process for your account and associated data.
By Email: Send a written request to: privacy@graystone.solutions.
Please include the following in your email:
Your full name and username
The email address associated with your account
A description of the data you wish to have erased (e.g., full account, specific comments)
Confirmation that you are the account holder or an authorized representative
Identity Verification: To protect you and other users, we may need to verify your identity before processing an erasure request. We will not act on a request we cannot authenticate. Verification may involve confirming access to the registered email address or providing additional information we hold on file.
Our Response and Timescales
We will acknowledge receipt of your request promptly and will respond to your erasure request without undue delay and in any event within one calendar month of receiving a valid, verified request, in accordance with Article 12(3) GDPR.
Where the complexity or volume of requests warrants it, we may extend this period by a further two months. If we do so, we will notify you within the first month and explain the reason for the extension.
If we decide not to act on your request, we will inform you without delay and in any event within one month, providing the reasons for our refusal and informing you of your right to lodge a complaint with a supervisory authority.
Scope of Erasure
Upon a valid, verified erasure request, we will take the following actions as appropriate:
Account Data: We will permanently delete your registered account, including your name, email address, encrypted password, profile information, and login history.
Comment Data: We will remove or anonymize your posted comments. Where full deletion of comment text is technically possible without disrupting the integrity of a conversation thread, comments will be permanently deleted. Where deletion would break thread structure, comments may be anonymized — stripped of all identifying information — so that the content is retained in an unattributed form. We will inform you of the approach taken.
Backups and Archives: Erasure from our live systems will occur within the stated timescale. Removal from encrypted backup archives may take up to 90 days in line with our backup rotation schedule. Data held in backups is not actively processed or accessible during this period.
Third-Party Processors: Where your data has been shared with or processed by third-party sub-processors (e.g., email delivery services, analytics providers, content delivery networks), we will notify them of the erasure request and take reasonable steps to ensure they comply. A list of our current sub-processors is available upon request.
Exceptions and Limitations on the Right to Erasure
The right to erasure is not absolute. We may be unable to fulfill your request, in whole or in part, where retention of your data is necessary for any of the following purposes (Article 17(3) GDPR):
To comply with a legal obligation under EU or Member State law to which we are subject (e.g., statutory financial record-keeping requirements, law enforcement obligations).
• For the establishment, exercise, or defense of legal claims — for example, where your data forms part of an active dispute, investigation, or court proceeding.
• For reasons of public interest in the area of public health, archiving, scientific or historical research, or statistical purposes, where erasure would seriously impair those purposes.
• To the extent necessary for the exercise of the right to freedom of expression and information, including journalistic, academic, or public interest purposes.
Where we rely on an exception, we will explain which exception applies, why it is relevant to your request, and what data will be retained as a result.
Your Other Data Subject Rights
The right to erasure is one of several rights you hold under the GDPR. You also have the right to:
• Access — obtain a copy of the personal data we hold about you (Article 15).
• Rectification — request correction of inaccurate or incomplete data (Article 16).
• Restriction of processing — request that we limit how we use your data in certain circumstances (Article 18).
• Data portability — receive your data in a structured, machine-readable format (Article 20).
• Object to processing — object to processing based on legitimate interests or for direct marketing purposes (Article 21).
• Withdraw consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.To exercise any of these rights, please contact us using the details provided in Section 2.
Right to Lodge a Complaint
If you are dissatisfied with our handling of your erasure request or believe we have processed your personal data unlawfully, you have the right to lodge a complaint with the relevant supervisory authority in your country of residence or establishment. In the European Union, this is your national Data Protection Authority (DPA).
A full list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
If you are based in the United Kingdom, the relevant authority is the Information Commissioner’s Office (ICO): https://ico.org.uk
We encourage you to contact us in the first instance so we can attempt to resolve your concern before a formal complaint is made.
Changes to This Statement
We may update this Right to Erasure statement from time to time to reflect changes in law, our data practices, or website functionality. The version number and date of last update are shown at the top of this document. Where changes are material, we will provide notice via a prominent notice on our website or by email to registered users.
We encourage you to review this statement periodically.