GDPR Data Protection Addendum

Last Updated: 08/10/2024

This GDPR Data Protection Addendum (“GDPR Addendum”) is part of the Privacy Policy of Remarketing Space (remarketing.space) and applies to the processing of personal data of users located in the European Economic Area (EEA). It outlines the rights of individuals under GDPR and how Remarketing Space (remarketing.space) complies with these requirements.

1. Data Controller and Data Processor

1.1 Role of Remarketing Space (remarketing.space): For the purposes of GDPR, Remarketing Space (remarketing.space) may act as a Data Controller or Data Processor, depending on the nature of the service provided.

  • Data Controller: When we determine the purposes and means of processing your personal data (e.g., managing client accounts).
  • Data Processor: When we process data on behalf of our clients (e.g., managing social media campaigns).

1.2 Data Processing Agreement (DPA): For clients where we act as a Data Processor, a separate Data Processing Agreement (DPA) may be required to outline the terms of data processing, security measures, and the responsibilities of both parties.

2. Legal Bases for Data Processing

2.1 We process personal data in accordance with Article 6 of the GDPR, using one or more of the following legal bases:

  • Contractual Necessity: Processing is necessary for the performance of a contract with the user or to take steps at the request of the user before entering into a contract.
  • Legitimate Interests: Processing is necessary for our legitimate interests, such as improving our services, unless overridden by your rights and interests.
  • Consent: Where required by law, we obtain your explicit consent before processing your data for specific purposes, such as sending marketing communications.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation, such as tax or accounting requirements.

3. Rights of Data Subjects

3.1 Right to Access: You have the right to request access to the personal data we hold about you. We will provide you with a copy of the data in a structured, commonly used, and machine-readable format.

3.2 Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data.

3.3 Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw your consent (where applicable).

3.4 Right to Restriction of Processing: You may request that we restrict the processing of your personal data in certain circumstances, such as if you contest the accuracy of the data or if the processing is unlawful.

3.5 Right to Data Portability: You have the right to request that your personal data be transferred to another service provider in a structured, commonly used, and machine-readable format, where technically feasible.

3.6 Right to Object: You have the right to object to the processing of your personal data based on legitimate interests, or for direct marketing purposes, at any time.

3.7 Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

4. Data Security and International Transfers

4.1 Data Security Measures: We implement technical and organizational measures to ensure the security of your personal data, including encryption, access controls, and regular security audits.

4.2 International Data Transfers: Personal data may be transferred to and stored on servers located outside the EEA, including [list any countries outside the EEA]. When such transfers occur, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • Binding Corporate Rules (BCRs) for international transfers within our corporate group.
  • Data transfer agreements that ensure compliance with GDPR requirements.

5. Data Retention

5.1 Retention Period: We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy or as required by law. For example, we retain payment records for 7 years for compliance with tax regulations.

5.2 Data Deletion Requests: If you wish to request the deletion of your personal data, please contact us at info@remarketing.space. We will respond to your request within 30 days and take appropriate action as required by GDPR.

6. Data Breach Notification

6.1 Notification of Breach: In the event of a data breach that may result in a risk to your rights and freedoms, we will notify the relevant Data Protection Authority within 72 hours and inform you promptly if the breach poses a high risk to your privacy.

7. Contact Information and Data Protection Officer

7.1 Data Protection Officer (DPO): If required by GDPR, Remarketing Space (remarketing.space) will appoint a Data Protection Officer (DPO) to oversee our data protection practices. Contact details for our DPO will be provided upon request.

7.2 Contact for GDPR Requests: For any questions, requests, or complaints regarding your data under GDPR, please contact us at: Remarketing Space (remarketing.space)

8. Filing a Complaint

8.1 Right to File a Complaint: If you believe that your data protection rights under GDPR have been violated, you have the right to file a complaint with the Data Protection Authority in your country or the supervisory authority where Remarketing Space (remarketing.space) is established.

 
  • info@remarketing.space
  • Kafr Qara, Israel
  • sun to Thu, 09:00 - 17:00

Follow Us

Quick Links

Services

Remarketing Space © 2024 All Rights Reserved
Terms & Service
Privacy Policy

Welcome Back!

Please enter your details

Don't have an account? Register here!

Learn how we helped 100 top brands gain success