GDPR COMPLIANCE STATEMENT

GDPR Compliance Statement  

1. Data Controllers & Lawful Bases

 
We process personal data under the following lawful bases (GDPR Art. 6):  
- Contract: To deliver and manage services purchased.  
- Legal Obligation: To comply with tax, accounting, and anti-fraud requirements.  
- Legitimate Interests: To enhance platform performance, maintain security, and prevent misuse. Legitimate-interest assessments are conducted to ensure user rights are not overridden.  
- Consent: For marketing, analytics, and non-essential cookies. Consent may be withdrawn at any time.  

2. Your GDPR Rights (Art. 12–23)  

You may exercise the following rights free of charge:  
- Access: Obtain a copy of your personal data.  
- Rectification: Correct inaccurate information.  
- Erasure: Request deletion (“right to be forgotten”).  
- Restriction: Limit how we process your data.  
- Portability: Receive data in a structured, machine-readable format.  
- Objection: Oppose processing based on legitimate interests or direct marketing.  
- Automated Decisions: Challenge outcomes based solely on automated processing.  

Requests should be sent to This email address is being protected from spambots. You need JavaScript enabled to view it.. We respond within one month (Art. 12(3)).  

3. International Transfers (Chapter V)  

When data is transferred outside the EEA or UK, safeguards include:  
- Standard Contractual Clauses (SCCs) approved by the European Commission.  
- UK International Data Transfer Addendum (IDTA).  
- Technical measures such as encryption at rest and zero-trust access controls.  

4. Data Retention (Art. 5(1)(e))  

We retain personal data only as long as necessary or legally required:  
- Orders & invoices: 6 years (tax compliance).  
- Account identity & contact: Active account + 2 years.  
- Backups after deletion: 30–90 days.  

5. Security Measures (Art. 32)  

We apply industry-standard protections:  
- TLS 1.3 encryption in transit  
- AES-256 encryption at rest  
- IDS/IPS and Web Application Firewall (WAF)  
- Role-based access control (least privilege)  
- Annual penetration testing and vulnerability management  

6. Complaints  

EU residents may lodge complaints with their national Data Protection Authority (DPA). A full list is available via the European Data Protection Board (EDPB).  

7. Contact  

For GDPR-related inquiries:  
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.  

We remain committed to reviewing and improving our privacy practices to ensure ongoing compliance with GDPR and other applicable data-protection laws.