GDPR Compliance

Introduction

At Subscriptions Tracker, we are committed to protecting the privacy and rights of our users. This page explains how we comply with the General Data Protection Regulation (GDPR), which is a regulation in EU law on data protection and privacy applicable to all individuals within the European Union and the European Economic Area.

Our Role Under GDPR

Under GDPR, Subscriptions Tracker acts as both:

• Data Controller: We determine the purposes and means of processing personal data collected through our service.
• Data Processor: We process personal data on behalf of our users when they use our service to track their subscriptions.

Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual Necessity: Processing necessary for the performance of our contract with you (our Terms of Service).
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our service and ensuring security, as long as your interests and fundamental rights do not override those interests.
• Consent: Processing based on your specific, informed, and unambiguous consent for specific purposes.
• Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject.

Your Rights Under GDPR

If you are located in the EU or EEA, you have the following rights regarding your personal data:

• Right to Access: You have the right to request information about the personal data we hold about you and to receive a copy of that data.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data under certain conditions.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
• Right to Object: You have the right to object to the processing of your personal data under certain conditions.
• Right to Not be Subject to Automated Decision-making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights

You can exercise your GDPR rights by:

• Using the privacy controls in your account settings
• Contacting us directly at privacy@subscriptions-tracker.com
• Using our Data Subject Access Request form available in your account settings

We will respond to your request within 30 days. In certain cases, we may extend this period to 60 days, taking into account the complexity and number of requests, but we will inform you of any such extension within the first 30 days.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing and evaluation of technical and organizational security measures
• Data minimization and purpose limitation
• Regular data protection training for our staff
• Strict access controls and authentication procedures
• Regular security assessments and audits

International Data Transfers

We primarily store and process your data within the European Economic Area (EEA). If we transfer your data outside the EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to ensure that your data receives an adequate level of protection.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and implementation. You can contact our DPO at dpo@subscriptions-tracker.com for any data protection related inquiries.

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

Changes to This GDPR Compliance Policy

We may update our GDPR Compliance Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.