Your Rights Under GDPR
Right to Access
- Request copy of your data
- Understand how data is processed
- Response within 30 days
Right to Rectification
- Correct inaccurate information
- Complete incomplete data
Right to Erasure ("Right to be Forgotten")
- Delete personal data
- Exceptions for legal obligations
- Cannot delete payment records (7-year retention)
Right to Data Portability
- Receive data in structured format
- Transfer data to another service
Right to Object
- Object to data processing
- Opt-out of marketing
- Withdraw consent anytime
Right to Restriction
- Limit how we use your data
- During accuracy disputes
- When processing is unlawful
Legal Basis for Processing
We process data based on:
- Consent: Voluntary agreement
- Contract: Service delivery
- Legal Obligation: Compliance requirements
- Legitimate Interest: Business operations
International Transfers
Data may be transferred outside EU with:
- Standard Contractual Clauses
- Adequacy decisions
- Your explicit consent
Data Breach Notification
In case of breach:
- Authorities notified within 72 hours
- Users notified if high risk
- Mitigation measures implemented
Supervisory Authority
You can lodge complaints with:
- Your local data protection authority
- European Data Protection Board