GDPR Compliance

Last updated: March 21, 2024

At Servantify, we are committed to complying with the General Data Protection Regulation (GDPR), which enhances the protection of personal data for all EU citizens. This page explains how we ensure GDPR compliance when processing your personal data.

Data Controller

Servantify acts as a data controller for the personal information collected through our website and services. For questions about our GDPR compliance or to exercise your rights regarding your personal data, please contact our Data Protection Officer through our contact form.

Lawful Basis for Processing

We process your personal data based on one or more of the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you or because you have asked us to take specific steps before entering into a contract.
  • Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data.
  • Right of access: You have the right to request a copy of the information we hold about you.
  • Right to rectification: You have the right to request correction of any inaccurate data we hold about you.
  • Right to erasure: You have the right to request that we delete your personal data in certain circumstances.
  • Right to restrict processing: You have the right to request that we restrict the processing of your data in certain circumstances.
  • Right to data portability: You have the right to request that we transfer your data to another controller.
  • Right to object: You have the right to object to our processing of your personal data in certain circumstances.
  • Rights related to automated decision making and profiling: You have rights related to automated decision making and profiling.

How to Exercise Your Rights

You can exercise your GDPR rights by contacting us through our website. We will respond to your request within 30 days. There is no fee for making a request, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate;
  • Regular security assessments and penetration testing;
  • Ensuring the ongoing confidentiality, integrity, availability, and resilience of our systems;
  • Regular testing and evaluation of the effectiveness of our security measures;
  • Training our staff on data protection and security practices.

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission.

Data Breach Procedures

In the case of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing operations that are likely to result in a high risk to the rights and freedoms of individuals, particularly when using new technologies.

Contact Information

If you have any questions or concerns about our GDPR compliance or the processing of your personal data, please contact our Data Protection Officer through our website.

You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR.