Introduction:

At Sphurti WebApp, we are committed to protecting the privacy and personal data of our users. This GDPR policy outlines how we collect, use, disclose, and protect personal data in compliance with the General Data Protection Regulation (GDPR).

1. Data Collection:

We collect personal data from users only when it is necessary for the provision of our services. This may include but is not limited to:

- Name

- Email address

- Contact information

- Demographic information

- Payment details

2. Lawful Basis for Processing:

We ensure that all processing of personal data is done lawfully, transparently, and for specified purposes. Our lawful bases for processing personal data include:

- The consent of the data subject

- Performance of a contract

- Compliance with legal obligations

- Protection of vital interests

- Legitimate interests pursued by the data controller or a third party

3. Data Usage:

We use personal data to:

- Provide and improve our services

- Communicate with users

- Process payments

- Customize user experience

- Analyze usage trends

4. Data Disclosure:

We do not disclose personal data to third parties unless necessary for the provision of our services or required by law. When sharing personal data with third parties, we ensure adequate safeguards are in place to protect the data.

5. Data Security:

We implement appropriate technical and organizational measures to ensure the security of personal data. This includes measures to prevent unauthorized access, disclosure, alteration, or destruction of data.

6. Data Subject Rights:

We respect the rights of data subjects as outlined in the GDPR, including the right to:

- Access personal data

- Rectify inaccurate data

- Erase data (subject to legal obligations)

- Restrict processing

- Object to processing

- Data portability

7. Data Retention:

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal or contractual obligations.

8. International Data Transfers:

If personal data is transferred outside the European Economic Area (EEA), we ensure adequate safeguards are in place to protect the data in accordance with GDPR requirements.

9. Data Protection Officer (DPO):

We have appointed a Data Protection Officer responsible for overseeing compliance with GDPR requirements. The DPO can be contacted at [email protected].

10. Policy Updates:

We may update this GDPR policy from time to time to reflect changes in our data processing practices or legal requirements. Updates will be posted on our website, and users will be notified of any significant changes.

11. Data Breach Notification:

In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. We will also inform affected individuals without undue delay, providing them with information about the nature of the breach and recommended steps to mitigate potential harm.

12. Data Processing Agreements:

When engaging third-party processors to handle personal data on our behalf, we enter into data processing agreements that outline the responsibilities of each party and ensure compliance with GDPR requirements.

13. Privacy by Design and Default:

We integrate privacy considerations into our product development and business processes from the outset, following the principles of privacy by design and default. This includes minimizing the collection of personaldata, implementing security measures, and providing users with control over their data.

14. Children's Data:

We do not knowingly collect personal data from children under the age of 16 without verifiable parental consent. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we will take steps to delete the information as soon as possible.

15. Cookies and Tracking Technologies:

We use cookies and similar tracking technologies to improve the user experience, analyze trends, and personalize content. Users have the option to accept or decline cookies through their browser settings. For more information about how we use cookies, please refer to our Cookie Policy.

16. Data Subject Requests:

We facilitate the exercise of data subject rights and respond to requests in a timely manner. Users can submit requests regarding their personal data through the contact information provided in this policy.

17. Data Protection Impact Assessments (DPIAs):

We conduct DPIAs for high-risk processing activities toassess and mitigate potential risks to the rights and freedoms of individuals. This includes evaluating the necessity and proportionality of data processing activities and implementing measures to address identified risks.

18. Complaints:

If you believe that we have not complied with applicable data protection laws or have concerns about our data processing practices, you have the right to lodge a complaint with the relevant supervisory authority.

Contact Us:

If you have any questions or concerns about our GDPR policy or the handling of personal data, please contact us at [email protected].

Sources

Regulations