GDPR Compliance
Last updated: November 28, 2024
Our Commitment to GDPR
SocialEye is committed to protecting the privacy and rights of individuals in the European Economic Area (EEA) and the United Kingdom. This page explains how we comply with the General Data Protection Regulation (GDPR) and how you can exercise your rights under this regulation.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to organizations that process personal data of individuals in the European Economic Area (EEA) and the United Kingdom, regardless of where the organization is located.
Key principles of GDPR include:
- Lawfulness, fairness, and transparency in data processing
- Purpose limitation - data collected for specific, legitimate purposes
- Data minimization - only collect what is necessary
- Accuracy - keep personal data accurate and up to date
- Storage limitation - retain data only as long as necessary
- Integrity and confidentiality - ensure appropriate security
- Accountability - demonstrate compliance with these principles
2. Legal Basis for Processing
Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following legal bases:
2.1 Contract Performance (Article 6(1)(b))
Processing necessary to perform our contract with you, including providing the Service, managing your account, and processing payments.
2.2 Legitimate Interests (Article 6(1)(f))
Processing necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring security. We balance our interests against your rights and freedoms.
2.3 Legal Obligation (Article 6(1)(c))
Processing necessary to comply with legal obligations, such as tax reporting, responding to legal requests, and maintaining required records.
2.4 Consent (Article 6(1)(a))
Where required, we obtain your explicit consent before processing, such as for marketing communications. You may withdraw consent at any time.
3. Your Rights Under GDPR
As a data subject in the EEA or UK, you have the following rights:
Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data along with information about how it is processed.
Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete data completed.
Right to Erasure (Article 17)
Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances.
Right to Restriction (Article 18)
You can request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object (Article 21)
You can object to processing based on legitimate interests, direct marketing, or research/statistics.
Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that significantly affect you.
4. International Data Transfers
When we transfer personal data outside the EEA/UK, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): EU Commission-approved contracts that ensure adequate protection
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Binding Corporate Rules: For transfers within our corporate group
- Supplementary Measures: Technical and organizational measures to enhance protection
You can request a copy of the safeguards we use by contacting our Data Protection Officer.
5. Security Measures
We implement appropriate technical and organizational measures to protect personal data:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Access controls and authentication mechanisms
- Regular security assessments and penetration testing
- Employee training on data protection
- Incident response procedures
- Regular backups and disaster recovery planning
- Privacy by design in our development processes
6. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected:
- Account data: Duration of account plus 30 days after deletion
- Transaction data: As required by tax law (typically 7 years)
- Usage logs: 12 months for security and analytics
- Support communications: 2 years or as needed
After retention periods expire, data is securely deleted or anonymized.
7. Third-Party Data Processing
Our Service provides access to threat intelligence data that may include personal data of third parties. Important considerations:
- This data originates from publicly available sources and data breaches
- We act as a data processor for our customers' investigations
- Customers using this data must have their own legal basis under GDPR
- Data subjects can request removal via our privacy contact
If your personal data appears in our database and you wish to exercise your GDPR rights, please contact our DPO with proof of identity.
8. Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance. You can contact our DPO for any data protection inquiries:
9. Exercising Your Rights
To exercise any of your GDPR rights:
- Email your request to [email protected]
- Include your full name and email address associated with your account
- Specify which right(s) you wish to exercise
- Provide any additional information to help us locate your data
We will respond to your request within 30 days. This period may be extended by two months for complex requests, in which case we will inform you.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or where an alleged infringement occurred.
© 2025 SocialEye. All rights reserved.