GDPR Compliance

1. Introduction

UsePromptly is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we handle your personal data in accordance with GDPR requirements.

2. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and those that offer goods or services to individuals in the EU, regardless of where the organization is based.

3. Our Commitment to GDPR

UsePromptly is fully committed to GDPR compliance and has implemented the following measures:

• Data protection by design and by default
• Regular privacy impact assessments
• Comprehensive data processing agreements
• Employee training on data protection
• Regular audits of our data processing activities

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

5. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

6. How to Exercise Your Rights

To exercise your GDPR rights, you can:

• Contact us directly at privacy@usepromptly.com
• Use the privacy settings in your account dashboard
• Submit a request through our data request form
• Contact our Data Protection Officer (DPO)

We will respond to your request within 30 days. If we need more time, we will notify you and explain the reason for the delay.

7. Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do this, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard contractual clauses approved by the European Commission
• Binding corporate rules
• Other appropriate safeguards as required by GDPR

8. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

When determining the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data, and applicable legal requirements.

9. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

10. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

11. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR. You can find the contact details of your local supervisory authority on the European Data Protection Board website.

12. Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us: