GDPR Compliance

Introduction

At SaasAppify, we are committed to protecting and respecting your privacy. This General Data Protection Regulation (GDPR) Compliance Statement explains how we collect, use, and protect your personal data in accordance with the GDPR.

Data Controller

SaasAppify is the data controller for personal data collected through our website and services. As a data controller, we determine the purposes and means of processing personal data.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance Statement. If you have any questions about this statement, including any requests to exercise your legal rights, please contact the DPO at:

Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract: Where processing is necessary for the performance of a contract with you.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation.
• Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Your Rights Under GDPR

Under the GDPR, you have the following rights:

• Right to Access: The right to request a copy of your personal data.
• Right to Rectification: The right to request correction of inaccurate personal data.
• Right to Erasure: The right to request erasure of your personal data in certain circumstances.
• Right to Restrict Processing: The right to request the restriction of processing of your personal data.
• Right to Data Portability: The right to request the transfer of your personal data to you or to a third party.
• Right to Object: The right to object to processing of your personal data for direct marketing or based on legitimate interests.
• Rights in Relation to Automated Decision Making and Profiling: The right not to be subject to a decision based solely on automated processing.

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures
• Regular backups of personal data
• Staff training on data protection and security
• Access controls to personal data

Data Breach Procedures

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• Transferring to countries that have been deemed to provide an adequate level of protection by the European Commission.
• Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Transferring data to US-based providers that are part of the EU-US Privacy Shield or other applicable frameworks.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Changes to This GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time. When we do, we will inform you by updating the "Last Updated" date at the top of this statement and, where appropriate, notify you by email.

Contact Us

If you have any questions about this GDPR Compliance Statement or our data practices, please contact us at: