GDPR Compliance

Last updated: December 1, 2023

At RedLeaf, we are committed to ensuring the privacy and protection of your personal data in compliance with the General Data Protection Regulation (GDPR). This page outlines how we adhere to GDPR principles and your rights under this regulation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas.

Our Commitment to GDPR Compliance

RedLeaf is dedicated to protecting and respecting your privacy. We have implemented robust measures to ensure compliance with GDPR principles:

Lawfulness, fairness, and transparency

We process your data lawfully, fairly, and in a transparent manner. Our Privacy Policy clearly explains how and why we collect your personal information.

Purpose limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

Data minimization

We limit our data collection to what is necessary in relation to the purposes for which it is processed.

Accuracy

We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

Storage limitation

We retain personal data only for as long as necessary for the purposes for which it is processed.

Integrity and confidentiality

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Your Rights Under GDPR

As a user of our services, you have the following rights under GDPR:

Right to be informed

You have the right to be informed about the collection and use of your personal data.

Right of access

You have the right to request copies of your personal data.

Right to rectification

You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.

Right to erasure

You have the right to request that we erase your personal data, under certain conditions.

Right to restrict processing

You have the right to request that we restrict the processing of your personal data, under certain conditions.

Right to data portability

You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Right to object

You have the right to object to our processing of your personal data, under certain conditions.

Rights related to automated decision making and profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

How to Exercise Your Rights

If you wish to exercise any of these rights, please contact us through our website. We will respond to your request within one month.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR compliance statement. If you have any questions about this statement or how we handle your personal information, please contact our DPO through our website.

International Data Transfers

We ensure that any transfer of personal data to countries outside of the European Economic Area (EEA) is protected by appropriate safeguards, namely through the use of standard data protection clauses approved by the European Commission or applicable certification mechanisms.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.