Web

GDPR Compliance

We are committed to protecting your personal data and complying with the EU General Data Protection Regulation.

Our GDPR Commitment

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. We have implemented measures to ensure full compliance with GDPR requirements.

As a data controller and processor, we adhere to all GDPR principles and provide our users with full control over their personal data.

GDPR Data Protection Principles

Lawfulness, Fairness & Transparency
We process personal data lawfully, fairly, and in a transparent manner.
Purpose Limitation
We collect data for specified, explicit, and legitimate purposes only.
Data Minimization
We only collect data that is adequate, relevant, and limited to what is necessary.
Accuracy
We keep personal data accurate and up to date, and provide tools to correct inaccuracies.
Storage Limitation
We retain personal data only as long as necessary for the purposes collected.
Integrity & Confidentiality
We implement appropriate security measures to protect personal data.

Your Data Rights Under GDPR

Right to Access
You have the right to access your personal data and receive a copy of the data we hold about you.
How to exercise: Request your data through your account settings or contact us.
Right to Rectification
You have the right to correct inaccurate or incomplete personal data.
How to exercise: Update your data directly in your account settings.
Right to Erasure
You have the right to request deletion of your personal data under certain circumstances.
How to exercise: Request account deletion through your account settings.
Right to Restrict Processing
You have the right to restrict how we process your personal data in certain situations.
How to exercise: Contact our privacy team to request processing restrictions.
Right to Data Portability
You have the right to receive your personal data in a structured, machine-readable format.
How to exercise: Export your data in JSON or CSV format from your account.
Right to Object
You have the right to object to certain types of processing, including direct marketing.
How to exercise: Manage your communication preferences in account settings.

Compliance Details

Legal Basis for Processing
  • Contract Performance: Processing necessary to fulfill our services
  • Legitimate Interests: Improving our services and security
  • Legal Obligation: Complying with laws and regulations
  • Consent: When explicitly given for specific purposes
Data Protection Measures
  • Encryption at rest (AES-256) and in transit (TLS 1.3)
  • Regular security audits and penetration testing
  • Access controls and authentication requirements
  • Data breach notification procedures
International Data Transfers
  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions where applicable
  • Data Processing Agreements with all processors
  • Transfer Impact Assessments conducted
Data Retention
  • Active accounts: Data retained while account is active
  • Inactive accounts: Data deleted after 2 years of inactivity
  • Deleted accounts: Data permanently deleted within 30 days
  • Legal holds: Data retained as required by law
Contact Our Data Protection Officer

If you have questions about how we process your personal data or wish to exercise your GDPR rights, you can contact our Data Protection Officer:

Email: dpo@example.com

Response Time: Within 30 days (as required by GDPR)

You also have the right to lodge a complaint with your local data protection authority if you believe we have not handled your personal data appropriately.

Related Documents

Privacy Policy
Our full privacy policy
DPA
Data Processing Agreement
Cookie Policy
How we use cookies
Subprocessors
Third-party processors

Questions About GDPR?

Our privacy team is here to answer your questions and help you exercise your rights.