GDPR Compliance

Last Updated: December 1, 2025

GDPR Compliance Statement

We are committed to protecting your privacy and personal data in accordance with the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal information.

What is GDPR?

European Data Protection Law

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives EU citizens more control over their personal data. It applies to any organization that processes personal data of EU residents, regardless of where the organization is located.

Our GDPR Compliance

Data Protection

  • • Encrypt all personal data
  • • Implement access controls
  • • Regular security audits
  • • Secure data transmission

Transparency

  • • Clear privacy notices
  • • Plain language policies
  • • Regular updates
  • • Easy-to-understand rights

User Rights

  • • Right to access data
  • • Right to rectification
  • • Right to erasure
  • • Right to data portability

Data Minimization

  • • Collect only necessary data
  • • Regular data reviews
  • • Automatic data deletion
  • • Purpose limitation

Your Rights Under GDPR

Right to Access

You can request a copy of all personal data we hold about you.

Response time: 30 days

Right to Rectification

You can ask us to correct any inaccurate personal data.

Response time: 30 days

Right to Erasure

You can request deletion of your personal data in certain circumstances.

Response time: 30 days

Right to Data Portability

You can request your data in a structured, machine-readable format.

Response time: 30 days

How to Exercise Your Rights

Easy Process

Exercising your GDPR rights is simple. Just contact us using any of the methods below, and we'll respond within 30 days.

Contact Form

Use our website contact form to get in touch with us

Visit Contact Page

Why We Process Your Data

Consent

When you subscribe to our newsletter or agree to cookies, we process your data based on your consent.

You can withdraw consent at any time

Contract Performance

When you engage our services, we process your data to fulfill our contractual obligations.

Necessary for service delivery

Legitimate Interest

We may process data for our legitimate business interests, such as improving our services.

Balanced with your rights and interests

How Long We Keep Your Data

Client Data

  • • Project data: 7 years after completion
  • • Contact information: Until you request deletion
  • • Communication records: 3 years
  • • Financial records: 7 years (legal requirement)

Website Data

  • • Analytics data: 26 months
  • • Cookie data: As per cookie policy
  • • Newsletter subscribers: Until unsubscribe
  • • Contact form submissions: 2 years

Data Breach Response

Our Commitment to Security

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach.

Immediate Actions:
  • • Contain and assess the breach
  • • Notify relevant authorities
  • • Inform affected individuals
  • • Implement additional security measures
What We'll Tell You:
  • • Nature of the breach
  • • Data categories affected
  • • Likely consequences
  • • Measures we're taking

International Data Transfers

Safe Data Transfers

When we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your personal information.

Safeguards We Use:
  • • Standard Contractual Clauses (SCCs)
  • • Adequacy decisions by the European Commission
  • • Binding Corporate Rules
  • • Certification schemes
Third-Party Services:
  • • Google Analytics (Privacy Shield)
  • • Email services (SCCs)
  • • Cloud storage (Adequacy decisions)
  • • Payment processors (SCCs)

Data Protection Contact

For any questions about our GDPR compliance or to exercise your rights, please contact our data protection team:

Please use our contact form on the main website to get in touch with our Data Protection Officer.

Changes to This Policy

We may update this GDPR compliance statement from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date.

This GDPR compliance statement is effective as of December 1, 2025 and applies to all personal data processing by eVaLaunche.