GDPR Compliance

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2021. It applies to all organizations that process personal data of EU residents, regardless of where the organization is located.

Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

• Right to be informed about data collection and processing
• Right of access to your personal data
• Right to rectification of inaccurate data
• Right to erasure ('right to be forgotten')
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Data We Collect

We collect and process the following categories of personal data:

• Contact information (name, email, phone number)
• Business information (company name, job title)
• Project details and requirements
• Communication records
• Website usage data and cookies
• Payment and billing information

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent - when you explicitly agree to data processing
• Contract performance - to fulfill our service agreements
• Legitimate interests - for business operations and improvements
• Legal obligations - to comply with applicable laws
• Vital interests - to protect your safety and security

Data Security Measures

We implement comprehensive security measures to protect your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication systems
• Secure data storage and backup procedures
• Staff training on data protection practices
• Incident response and breach notification procedures

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Active client data: Duration of service plus 7 years
• Marketing data: Until consent is withdrawn
• Website analytics: 26 months maximum
• Legal compliance: As required by applicable laws
• Archived data: Securely deleted after retention period

Data Transfers

When we transfer your data outside the EEA, we ensure adequate protection through:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Certification schemes and codes of conduct
• Explicit consent for specific transfers

Your Data Protection Rights

You can exercise your GDPR rights by contacting us. We will respond within one month:

• Request access to your personal data
• Request correction of inaccurate data
• Request deletion of your data
• Request restriction of processing
• Request data portability
• Object to processing based on legitimate interests
• Withdraw consent at any time

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO directly for any data protection concerns or questions about your rights.

Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.