GDPR Compliance

Last updated: December 2024

1. Our Commitment to GDPR

VendlyX is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements.

2. Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Information

You have the right to be informed about how your personal data is being used.

Right of Access

You have the right to request access to your personal data and receive a copy of it.

Right to Rectification

You have the right to have inaccurate personal data corrected or completed if it's incomplete.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You have the right to request restriction of processing of your personal data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format.

Right to Object

You have the right to object to processing of your personal data for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to automated decision-making, including profiling.

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: When you have given clear consent for specific purposes
  • Contract: When processing is necessary for contract performance
  • Legal Obligation: When we must comply with legal requirements
  • Legitimate Interest: When we have legitimate business interests

4. Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication measures
  • Staff training on data protection
  • Incident response procedures

5. Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Account data: Retained while your account is active
  • Transaction data: Retained for legal and tax requirements
  • Marketing data: Retained until you withdraw consent
  • Support data: Retained for reasonable period after resolution

7. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay
  • Provide clear information about the breach and our response

8. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

  • Email: gdpr@vendlyx.com
  • Online form: Available in your account settings
  • Written request: 123 Business Street, City, State 12345

We will respond to your request within one month of receipt.

9. Data Protection Officer

Our Data Protection Officer can be contacted at:

Email: dpo@vendlyx.com
Address: 123 Business Street, City, State 12345

10. Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR requirements.

11. Updates to This Policy

We may update this GDPR compliance information from time to time. Any changes will be communicated through our website and, where required, directly to you.