GDPR compliance and your rights
The General Data Protection Regulation (GDPR) gives you comprehensive rights over your personal data. Learn how we comply with GDPR and how to exercise your data protection rights.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals located in the EU, regardless of where the organization is based.
Core Concepts
Key Principles
- • Lawful, fair, and transparent processing
- • Purpose limitation
- • Data minimization
- • Accuracy
- • Storage limitation
- • Integrity and confidentiality
- • Accountability
Who It Applies To
- • EU residents (regardless of location)
- • Organizations processing EU data
- • Companies offering goods/services to EU
- • Businesses monitoring EU individuals
Your GDPR rights
Right to information
You have the right to be informed about how your personal data is collected, used, and processed.
- • Clear privacy policy and notices
- • Transparent data processing information
- • Contact details for data protection inquiries
- • Information about data retention periods
Right of access
You can request a copy of all personal data we hold about you, free of charge.
- • Account profile and settings
- • All audit reports and results
- • Billing and subscription history
- • API usage logs and data
- • Support ticket history
- • Use the data export feature in privacy settings
- • Contact our data protection officer
- • Response within 30 days
- • Free of charge for first request
Right to rectification
You can have inaccurate personal data rectified or incomplete data completed.
- • Update your profile information directly
- • Contact support for other corrections
- • We will respond within 30 days
- • Changes applied to all systems
Right to erasure ("right to be forgotten")
You can request deletion of your personal data under certain conditions.
- • Data no longer necessary for purpose collected
- • You withdraw consent and no other legal basis
- • You object to processing and no overriding interests
- • Data processed unlawfully
- • Legal obligation to erase
- • Data collected from child and consent withdrawn
- • All personal data deleted from systems
- • Backup data deleted within retention period
- • Third parties notified of erasure request
- • Account permanently closed
Right to data portability
You can receive your personal data in a structured, commonly used format.
- • JSON format for structured data
- • CSV format for tabular data
- • PDF format for reports and documents
- • XML format for technical data
Right to object and automated decision-making
You can object to processing based on legitimate interests and automated decision-making.
- • Direct marketing communications
- • Processing based on legitimate interests
- • Scientific/historical research (unless public task)
- • Right to human intervention
- • Right to express your view
- • Right to contest the decision
How we ensure GDPR compliance
Data Protection Officer
- • Dedicated DPO appointed
- • Independent oversight of compliance
- • Direct contact for data subjects
- • Regular compliance reporting
Data Protection Impact Assessment
- • DPIA for high-risk processing
- • Risk assessment framework
- • Mitigation strategies implemented
- • Regular reassessment
Data Security Measures
- • Encryption at rest and in transit
- • Access controls and authentication
- • Regular security audits
- • Incident response procedures
Records of Processing
- • Comprehensive processing records
- • Data flow documentation
- • Legal basis documentation
- • Regular record updates
Data breach notification
72-hour notification requirement
Under GDPR, we must notify the relevant supervisory authority within 72 hours of becoming aware of a personal data breach that poses a risk to individuals' rights and freedoms.
- • Breach poses high risk to your rights and freedoms
- • Notification without undue delay
- • Clear communication of the breach
- • Information on protective measures
- • Nature of the personal data breach
- • Categories and number of data subjects
- • Likely consequences of the breach
- • Measures taken to address the breach
International data transfers
Adequacy and safeguards
When transferring personal data outside the EU/EEA, we ensure appropriate safeguards are in place to protect your data according to GDPR requirements.
Adequacy Decisions
Transfers to countries with EU adequacy decisions require no additional safeguards. These countries provide equivalent data protection levels.
Appropriate Safeguards
For non-adequate countries, we use Standard Contractual Clauses, Binding Corporate Rules, or other approved transfer mechanisms.
Your data is primarily hosted in the EU with additional secure backups in approved locations. All transfers comply with GDPR requirements and include appropriate safeguards.
How to exercise your GDPR rights
Contact our Data Protection Officer
Email: support@aiseoturbo.com
Use our privacy dashboard
Access your data rights directly through the privacy settings in your account dashboard.
Data subject access request form
Download and submit our formal DSAR form for complex requests requiring identity verification.
- • Acknowledgment: Within 5 working days
- • Access requests: Within 30 days
- • Other rights: Within 30 days
- • Extensions: Up to 60 days for complex requests
- • Free of charge for first request
Making a complaint
If you believe we have not handled your personal data adequately, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where the alleged infringement occurred.
EU Supervisory Authorities
- • Find your local DPA: EDPB Members
- • Ireland (our lead authority): DPC Website
- • UK (post-Brexit): ICO Website
Before Making a Complaint
- • Contact us first to resolve the issue
- • We aim to resolve complaints within 30 days
- • Document your concerns clearly
- • Provide evidence where possible
Need help with GDPR?
Our Data Protection Officer is here to help you understand and exercise your GDPR rights. Contact us for assistance with any data protection matters.