GDPR Compliance
Your data protection rights under European law
Last updated: January 15, 2025
GDPR Overview
The General Data Protection Regulation (GDPR) gives European Union citizens strong rights over their personal data. CrowdTrust is fully committed to GDPR compliance and protecting your privacy rights.
Your GDPR Rights
As an EU citizen, you have the following rights regarding your personal data:
1. Right to Access
You have the right to request a copy of all personal data we hold about you. This includes:
- • What personal data we process
- • Why we process it
- • Who we share it with
- • How long we keep it
2. Right to Rectification
You can request correction of any inaccurate or incomplete personal data we hold about you. You can update most information directly in your account settings.
3. Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data when:
- • It's no longer necessary for the original purpose
- • You withdraw consent
- • You object to the processing
- • It was unlawfully processed
4. Right to Restrict Processing
You can request that we limit how we use your personal data while we resolve any concerns you have about its processing.
5. Right to Data Portability
You can request your personal data in a structured, commonly used, and machine-readable format to transfer to another service.
6. Right to Object
You can object to processing of your personal data for direct marketing or based on legitimate interests. We will stop processing unless we have compelling legitimate grounds.
7. Rights Related to Automated Decision Making
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or significant effects.
8. Right to Withdraw Consent
Where we rely on consent to process your data, you can withdraw that consent at any time through your account settings or by contacting us.
Legal Basis for Processing
We process your personal data only when we have a valid legal basis:
Contract Performance
Processing necessary to provide our services to you under our Terms of Service
Legitimate Interests
Processing for our legitimate business interests, balanced against your rights
Consent
Processing based on your explicit consent, which you can withdraw anytime
Legal Obligations
Processing required to comply with applicable laws and regulations
Data Protection Measures
Technical Measures
- • End-to-end encryption
- • Regular security audits
- • Access controls and authentication
- • Secure data centers in the EU
Organizational Measures
- • Data Protection Officer appointed
- • Regular staff training
- • Privacy by design principles
- • Data processing agreements
International Data Transfers
When we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards:
- • Standard Contractual Clauses approved by the European Commission
- • Adequacy decisions for countries with sufficient data protection
- • Your explicit consent for specific transfers
- • Binding Corporate Rules for intra-group transfers
Data Retention Periods
Data Type | Retention Period |
---|---|
Account information | Until account deletion + 30 days |
Reviews and ratings | Indefinitely (unless requested for deletion) |
Communication logs | 2 years |
Technical logs | 90 days |
Marketing data | Until consent withdrawn |
Cookie Consent
We comply with EU cookie regulations by:
- • Obtaining explicit consent before setting non-essential cookies
- • Providing clear information about cookie purposes
- • Allowing granular control over cookie categories
- • Making consent withdrawal as easy as giving it
Data Breach Notification
In the unlikely event of a data breach that poses a high risk to your rights and freedoms:
- • We will notify you without undue delay
- • We will inform the relevant supervisory authority within 72 hours
- • We will provide clear information about the breach and our response
- • We will take immediate steps to mitigate any harm
Data Protection Officer
Our Data Protection Officer oversees GDPR compliance and is available to address your concerns:
Email: dpo@crowdtrust.ai
Mail: Data Protection Officer
CrowdTrust, Inc.
123 Trust Street
San Francisco, CA 94105
United States
Right to Lodge a Complaint
If you're not satisfied with how we handle your data, you have the right to lodge a complaint with your local supervisory authority:
European Data Protection Board
Find your local authority at: edpb.europa.eu