GDPR Compliance

1. Introduction

The General Data Protection Regulation (GDPR) is a European Union regulation that governs how personal data is collected, processed, and stored. At Jawsome, we are committed to complying with GDPR requirements and protecting your personal data rights.

2. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

2.1 Right to Information

You have the right to be informed about how your personal data is being used. This information is provided in our Privacy Policy.

2.2 Right of Access

You have the right to request access to your personal data and receive a copy of the personal data we hold about you.

2.3 Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it is incomplete.

2.4 Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose.

2.5 Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances.

2.6 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

2.7 Right to Object

You have the right to object to the processing of your personal data in certain circumstances, particularly for direct marketing purposes.

2.8 Rights Related to Automated Decision Making

You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or significantly affects you.

3. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information provided below. We will respond to your request within one month of receipt.

3.1 Identity Verification

To protect your privacy and security, we may need to verify your identity before processing your request.

3.2 No Fee

We will not charge a fee for processing your request unless it is manifestly unfounded or excessive.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Contract: Processing necessary for the performance of our service contract with you
• Legitimate Interest: Processing necessary for our legitimate business interests, such as improving our services
• Legal Obligation: Processing necessary to comply with legal requirements, such as tax obligations
• Consent: Processing based on your explicit consent, which you can withdraw at any time

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure data protection:

• Encryption of data in transit and at rest
• Regular security assessments and audits
• Access controls and authentication measures
• Staff training on data protection principles
• Data minimization and purpose limitation
• Regular data retention reviews

6. Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Certification schemes and codes of conduct

7. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: For the duration of your account plus 30 days after closure
• Financial records: Up to 7 years as required by tax and accounting regulations
• Marketing data: Until you withdraw consent or object to processing
• Support communications: For 3 years after the last interaction

8. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

9. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection activities. You can contact our DPO at:

• Email: [email protected]
• Address: [DPO Address]

10. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. You can contact your local data protection authority or the authority in the country where our main establishment is located.

11. Children's Data

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.

12. Updates to This Notice

We may update this GDPR compliance notice from time to time. We will notify you of any material changes by posting the updated notice on our website and updating the "Last updated" date.

13. Contact Information

For any questions about GDPR compliance or to exercise your rights, please contact us:

• Email: [email protected]
• Data Protection Officer: [email protected]