Privacy policy

1. WHO WE ARE

My Heaven Ltd, a company registered at Amathus Avenue, 4532 Agios Tychonas, Limassol, Cyprus, with Registration Number HE 445193 (hereinafter referred to as "My Heaven Ltd" or the "Company"), acts as the data controller for the personal data collected through the adult website myheavengirls.com (hereinafter also referred to as the "Website" or the "Site"). The Company places the highest priority on protecting the security and confidentiality of personal data in all its activities.

This Privacy Policy may be updated, amended, or revised from time to time, including to reflect changes in the Data Protection Act 2018, the UK GDPR (collectively referred to as the "Data Protection Legislation"), or guidance and measures issued by the Information Commissioner’s Office ("ICO"). Significant changes or updates will be communicated by updating the link to this Privacy Policy in the footer of the Website.

We encourage you to review this policy regularly so that you are always aware of the most current version and understand how we process your personal data.

If there are material changes that affect your rights as a registered user of the Site, we will notify you by email with reasonable advance notice.

2. WHICH PERSONAL DATA MAY BE COLLECTED

Personal data means any information relating to an identified or identifiable individual. The Company may collect the following categories of personal data that you voluntarily provide while using the Website (all categories listed below are collectively referred to as "Personal Data"):

Contact details: your first name, surname, telephone number, email address, and identification document information;
Payment data: information related to purchases or transactions you have made;
Other personal data: information such as your gender, age, photographs, and any other details you may voluntarily provide while using the Site;
Special categories of personal data: information that may relate to your lifestyle or sexual behaviour;
Site usage data: IP address, browser/user agent information, and data collected through cookies (see our Cookie Policy for full details).

We also collect, use, and share aggregated and statistical data (such as demographic or usage statistics) that does not qualify as personal data because it does not directly or indirectly identify any individual. For example, we may aggregate usage patterns to determine the percentage of users accessing certain features, helping us analyse trends and improve the Website and our services.

3. HOW WE COLLECT YOUR PERSONAL DATA

The Company collects and processes your Personal Data in the following situations:

when you visit and browse the Website;
when you register on the Website to access all its features;
when you publish an advertisement or respond to an advertisement on the Site;
when you submit support or assistance requests;
when we verify compliance with minimum age requirements.

If you provide Personal Data relating to another person, you must ensure that they have read this Privacy Policy and consented to the processing (where required). Please keep your Personal Data accurate and up to date and notify us of any changes. Please note: If you contact another user of the Site using the contact details they have provided, we are not responsible for any processing carried out by that user. The contacted user acts as an independent data controller in such cases.

4. WHAT PURPOSES CAN YOUR PERSONAL DATA BE USED FOR

Your Personal Data is processed for the purposes listed below. Each purpose is supported by the corresponding legal basis under the Data Protection Legislation:

Operational management and purposes strictly connected to accessing, browsing, and registering on the Site
We may process your Personal Data, Contact details, Other Personal Data, and Site Usage Data to enable you to access, browse, and register on the Website, and to handle support communications.
Legal basis: performance of a contract to which you are a party or taking steps at your request before entering into a contract.
Providing this data is mandatory; if you do not provide it, we cannot fulfil your requests.
Publication of and response to advertisements
We may process your Contact details (in particular your email address) to enable you to publish or reply to advertisements.
Legal basis: performance of a contract or pre-contractual steps at your request.
Providing this data is mandatory; without it, you cannot publish or reply to advertisements.

We may also process your photograph and Special Categories of personal data for the same purpose.
Legal basis: your explicit consent.
Consent is optional. Refusing consent will not prevent you from publishing or replying to advertisements. You may withdraw consent at any time by emailing privacy.uk@myheavengirls.com.
Age Verification

We may process your Personal Data, Contact details, and — where necessary — Special Categories of data (including biometric data) to verify that you meet the minimum age requirement. This may be done automatically via third-party providers, or manually if automatic verification is not possible.

Legal basis: your explicit consent (for both ordinary Personal Data/Contact details and Special Categories/biometric data).
Providing this data is optional. If you do not provide it, you may be unable to access certain features, such as posting advertisements. You may withdraw consent at any time (with effect for future processing) by emailing privacy.uk@myheavengirls.com.
Fulfilment of orders placed through the Site and related order management activities
We may process your Contact details and Payment data to process and manage your orders.
Legal basis: performance of a contract and compliance with legal obligations arising from that contract.
Providing this data is mandatory; without it, we cannot process your order.
Marketing purposes — to meet your needs or inform you about promotions

We may process your Personal Data to send you marketing communications about promotions, offers, and services via automated means (email, SMS, etc.) and traditional means (e.g. telephone), or to conduct market research — but only if you give your consent and within the scope of that consent.
Legal basis: your consent (optional).
Refusing consent has no impact on your contractual relationship with us. You may withdraw consent at any time by emailing privacy.uk@myheavengirls.com.
Market and statistical research to improve our services
We may process your Contact details to analyse and enhance our services and improve customer satisfaction.
Legal basis: our legitimate interest in evaluating and improving our services.
Providing this data is required for this purpose; if you do not provide it, we cannot conduct such research. You may object at any time to this processing by emailing privacy.uk@myheavengirls.com.
Defending our rights in judicial, administrative, or extrajudicial proceedings and in disputes related to the services

We may process your Personal Data to protect our rights, bring claims, or defend ourselves against you or third parties.
Legal basis: our legitimate interest in defending our legal rights.
You have the right to object to this processing on grounds relating to your particular situation.
Providing this data is mandatory; without it, we cannot protect or enforce our rights.
Compliance with legal, regulatory, and European obligations, and requests from competent authorities or supervisory bodies

We may process your Personal Data to comply with legal obligations, court orders, or requests from authorities or supervisory bodies.
Legal basis: legal obligation.
Providing this data is mandatory; failure to do so prevents us from meeting our legal obligations.

5. HOW WE KEEP YOUR PERSONAL DATA SAFE

The Company implements a wide range of technical and organisational security measures to protect your Personal Data, ensuring its security, integrity, and accessibility.

All Personal Data is stored on secure servers (or in secure paper or other durable formats) controlled by us or by our trusted suppliers. Access is strictly limited and governed by our security policies (or equivalent standards applied by our suppliers).

6. HOW LONG DO WE STORE YOUR INFORMATION FOR

We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected or for other compatible lawful purposes. If data is processed for multiple purposes, we retain it until the longest applicable retention period expires — after which we cease processing for the expired purpose. Access to your data is limited to those who need it for legitimate purposes. Once data is no longer needed or there is no legal basis to retain it, it will be irreversibly anonymised or securely destroyed.

The retention periods for the purposes described above are as follows:

Accessing, browsing, registering on the Site, and support requests: retained for the time strictly necessary to provide access, and in any event no longer than 2 years after your last access to the Site. Server log files are kept for the last 2 years.
Publication of and response to advertisements: retained for no longer than 1 year after the advertisement is published.
Age verification: retained for 1 year after account deletion.
Order fulfilment and order management: retained for the duration of the contract and up to 10 years after its termination (for legal and contractual purposes).
Marketing communications: retained for 2 years from the date of collection (unless consent is withdrawn earlier).
Market and statistical research to improve the service: retained for 2 years from the date of collection.
Defending legal rights in proceedings or disputes: retained for the time strictly necessary to achieve that purpose.
Compliance with legal, regulatory, and authority obligations: retained for the time strictly necessary to fulfil those obligations.

7. WHO WE CAN SHARE YOUR PERSONAL DATA WITH

Your Personal Data may be accessed by our authorised employees and by external service providers acting as data processors, who support us in delivering the Website’s services. This includes (but is not limited to) IT providers, payment gateway providers, age verification service providers, and other technical partners. If you would like the full list of data processors and other recipients, please contact us at privacy.uk@myheavengirls.com.

8. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN ECONOMIC AREA OR TO INTERNATIONAL ORGANISATIONS

In order to perform certain processing activities, your Personal Data may be transferred to countries outside the United Kingdom and the European Economic Area ("Non-European Countries"). Where the destination country is not deemed adequate by the European Commission and no exemption under Article 49 UK GDPR applies, we ensure appropriate safeguards are in place in accordance with Article 46 UK GDPR. You have the right to obtain information about these safeguards and how to request a copy of them.

9. CONTACTS

For any questions about this Privacy Policy, including to exercise your rights (see section 10), you may contact the Company (data controller) at: My Heaven LTD
Amathus Avenue, 4532 Agios Tychonas, Limassol, Cyprus
Registration Number: HE 445193
Email: privacy.uk@myheavengirls.com

10. YOUR PERSONAL DATA PROTECTION RIGHTS AND YOUR RIGHT TO LODGE A COMPLAINT BEFORE THE SUPERVISORY AUTHORITIES

You have the right to:

confirm whether we hold Personal Data about you, access it, and obtain a copy (subject access request);
receive your data (where processing is based on consent or contract and carried out by automated means) in a structured, commonly used, machine-readable format and have it transmitted to another controller (right to data portability);
have inaccurate Personal Data rectified and incomplete data completed (right to rectification) — we may need to verify the accuracy of any new data you provide;
request erasure of your Personal Data where one of the grounds in Article 17 UK GDPR applies (right to erasure);
withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing carried out before withdrawal (Art. 7(3) UK GDPR);
request restriction of processing where one of the grounds in Article 18 UK GDPR applies (right to restrict processing);
object, on grounds relating to your particular situation, to processing based on legitimate interests (right to object);
object to processing of your Personal Data for direct marketing purposes.

To exercise these rights, please contact us at privacy.uk@myheavengirls.com.

Exercising these rights is free of charge and does not require any special formalities. We will verify your identity and respond to your request — normally within one month.

NO FEE USUALLY REQUIRED

You will not usually have to pay a fee to access your data or exercise any other rights. We may charge a reasonable fee or refuse to act if your request is clearly unfounded, repetitive, or excessive.

WHAT WE MAY NEED FROM YOU

We may ask you for specific information to confirm your identity and ensure you are entitled to access your data or exercise your rights. This is a security measure to prevent unauthorised disclosure. We may also contact you for additional information to help us respond more quickly.

TIME LIMIT TO RESPOND

We aim to respond to all valid requests within one month. If your request is complex or you have made multiple requests, it may take longer. In such cases, we will notify you and keep you updated.

11. COMPLAINTS

If you believe that our processing of your Personal Data violates the Data Protection Legislation, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK data protection regulator, at https://ico.org.uk, or to seek a judicial remedy. However, we would appreciate the opportunity to address your concerns first — please contact us before approaching the ICO.