GDPR Compliance Statement of OfferSwap

Transparency: Clear communication about how we collect, use, and share personal data.

Accountability: Responsible management of our data protection measures.

Security: Safeguarding personal data with appropriate technical and organizational measures.

Adherence to Principles: Full compliance with the data protection principles of GDPR.

Account Data: Name, email address, phone number, and passwords.

Transaction Data: Payment details, purchase history, and billing information.

Usage Data: IP addresses, device information, and activity logs on our platform.

Business Data: Information about businesses, such as company name, industry, and other relevant details.

Content Data: User-generated content, including messages and interactions on our platform.

Right of Access: The right to request confirmation of data processing and access to personal data.

Right to Rectification: The right to correct inaccurate or incomplete personal data.

Right to Erasure: The right to request the deletion of personal data under certain conditions, such as when data is no longer necessary.

Right to Restrict Processing: The right to request restricted processing of personal data in specific circumstances.

Right to Data Portability: The right to receive personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller.

Right to Object: The right to object to personal data processing, particularly for direct marketing purposes.

Right Not to Be Subject to Automated Decision-Making: The right to opt out of significant automated decisions unless necessary for contract performance or legally authorized.

Consent: When data subjects provide explicit consent for specific purposes (e.g., marketing communications).

Contractual Necessity: To fulfill contractual obligations, such as processing payments or providing requested services.

Legal Obligation: To comply with applicable laws or regulatory requirements.

Legitimate Interests: To improve our services, ensure security, and support our business operations, provided these interests do not override individual rights.

Access Control: Restricting access to personal data to authorized personnel only.

Data Minimization: Ensuring that we collect and process only the data necessary.

Encryption: Encrypting personal data during transfer and storage.

Regular Audits: Conducting regular internal reviews of data processing activities.

Incident Response: Establishing clear procedures for identifying and managing data breaches.

Training: Providing mandatory data protection training for employees and contractors.

Enter into data processing agreements with OfferSwap that include GDPR-compliant terms.

Process personal data only for the purposes specified in the agreements.

Implement robust security measures to protect personal data.

Standard Contractual Clauses (SCCs): Contractual commitments to protect personal data.

Adequacy Decisions: Ensuring that the recipient country offers an adequate level of data protection, as assessed by the European Commission.

Additional Measures: Implementing supplementary safeguards where necessary to protect data during transfers.

Ad Targeting: Recommending relevant advertisements based on user activity and preferences.

Service Matching: Suggesting suitable service providers based on user needs and profiles.

Notify the relevant supervisory authority within 72 hours, if required by GDPR.

Inform affected data subjects if the breach poses a high risk to their rights and freedoms.

Take immediate action to minimize the impact of the breach and prevent recurrence.

Conduct regular reviews of our data protection practices.

Update this GDPR Compliance Statement and related policies as necessary.

Notify users and stakeholders of significant changes.