SC

GDPR Compliance

Your data protection rights under EU law

Last updated: November 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect in May 2018. It gives individuals in the European Union greater control over their personal data and imposes strict obligations on organizations that process such data.

Your Rights Under GDPR

Right to Access

You can request a copy of all personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

Right to Restriction of Processing

You can request that we limit how we use your data.

Right to Data Portability

You can request your data in a structured, machine-readable format.

Right to Object

You can object to certain types of processing, including direct marketing.

Rights Related to Automated Decision Making

You have rights regarding automated processing and profiling.

How We Comply with GDPR

Lawful Basis for Processing

We process your data based on:

  • Consent: You have given clear consent for us to process your data
  • Contract: Processing is necessary to fulfill our contract with you
  • Legal Obligation: We need to comply with the law
  • Legitimate Interest: Processing is in our legitimate business interests

Data Protection Measures

  • Encryption of data in transit and at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Data minimization (we only collect what we need)
  • Privacy by design and by default
  • Data Protection Impact Assessments for high-risk processing

Data Transfers

When we transfer data outside the EU, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the EU Commission
  • Adequacy decisions for certain countries
  • Binding Corporate Rules

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach.

Exercise Your Rights

To exercise any of your GDPR rights or if you have questions about how we handle your data:

Email: privacy@smartchat.com

Data Protection Officer: dpo@smartchat.com

We will respond to your request within one month. If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.