GDPR Compliance

Your GDPR Rights

Right to Information

You have the right to be informed about the collection and use of your personal data. This includes information about:

• What personal data we collect
• Why we collect it (lawful basis)
• How we use it
• Who we share it with
• How long we keep it
• Your rights regarding your data

Right of Access (Subject Access Request)

You have the right to request access to your personal data. When you make a request, we will provide:

• Confirmation that we are processing your personal data
• A copy of your personal data we hold
• Details about how we process your data
• Information about data sharing and recipients
• Retention periods or criteria for determining retention

We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months with proper notification.

Right to Rectification

You have the right to have inaccurate or incomplete personal data corrected. If you believe any information we hold about you is incorrect or incomplete, you can request that we update or complete it. We will respond within one month.

Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data in certain circumstances:

• The personal data is no longer necessary for the original purpose
• You withdraw consent and there is no other lawful basis for processing
• Your personal data has been unlawfully processed
• The data must be erased for compliance with legal obligations
• You object to processing and there are no overriding legitimate grounds

Please note that this right is not absolute and may not apply if we need to keep your data for legal compliance, public interest, or legitimate business purposes.

Data Processing

Lawful Basis for Processing

Under GDPR, we must have a lawful basis to process your personal data. We rely on the following lawful bases:

• Contract: Processing is necessary for the performance of our service contract with you
• Consent: You have given clear consent for us to process your data for specific purposes
• Legitimate Interest: Processing is necessary for our legitimate business interests, such as improving our services
• Legal Obligation: Processing is necessary to comply with legal requirements
• Vital Interests: Processing is necessary to protect someone's life (rarely applicable)

Categories of Personal Data We Process

We process the following categories of personal data:

• Identity Data: Name, business name, user account details
• Contact Data: Email address, phone number, business address
• Technical Data: IP address, browser type, device information, usage data
• Customer Data: Information about your customers that you input into our system
• Communication Data: Records of communications sent through our platform
• Marketing Data: Your communication preferences and marketing choices
• Transaction Data: Payment information, billing details, subscription data

Purposes of Processing

We process your personal data for the following purposes:

• Providing and maintaining our TrueBeep services
• Customer management and support
• Processing payments and managing subscriptions
• Sending service-related communications
• Marketing communications (with consent)
• Analyzing usage to improve our services
• Compliance with legal obligations
• Fraud prevention and security

Data Sharing and Recipients

We may share your personal data with:

• Service Providers: Third-party processors who help us deliver our services
• Payment Processors: Stripe and other payment service providers
• Cloud Services: AWS, Google Cloud, or other hosting providers
• Analytics Providers: For service improvement and usage analysis
• Legal Authorities: When required by law or to protect our rights
• Business Partners: With your explicit consent for specific integrations

Additional Rights

Right to Restriction of Processing

You have the right to restrict the processing of your personal data in certain circumstances:

• You contest the accuracy of the data (during verification period)
• Processing is unlawful but you prefer restriction over erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing (pending verification of legitimate grounds)

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can also request that we transfer this data to another service provider where technically feasible. This right applies when:

• Processing is based on consent or contract
• Processing is carried out by automated means

Right to Object

You have the right to object to processing of your personal data in certain situations:

• Direct Marketing: You can object to processing for marketing purposes at any time
• Legitimate Interests: You can object if processing is based on legitimate interests
• Public Task: You can object if processing is for public task or official authority

Automated Decision-Making and Profiling

TrueBeep uses automated processing and AI algorithms to optimize marketing campaigns and provide business insights. You have the right not to be subject to decisions based solely on automated processing that produce significant legal effects. Our automated processing includes:

• Customer segmentation for targeted marketing
• Campaign optimization algorithms
• Usage pattern analysis for service improvement
• Fraud detection and security measures

If you wish to contest any automated decision or request human intervention, please contact us at dpo@truebeep.com

Compliance

International Data Transfers

TrueBeep is based in the United States, and your data may be processed outside the European Economic Area. When we transfer your data internationally, we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Binding Corporate Rules for intra-group transfers
• Appropriate technical and organizational measures

Data Breach Notification

In the event of a personal data breach that is likely to result in high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority. Our notification will include:

• The nature of the breach
• Categories and approximate number of individuals affected
• Likely consequences of the breach
• Measures taken or proposed to address the breach
• Contact details for further information

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data violates GDPR. You can contact your local data protection authority or:

Contact Our Data Protection Officer

To exercise any of your GDPR rights or if you have questions about our data processing practices, please contact our Data Protection Officer: