@FindForce

GDPR Compliance

General Data Protection Regulation (EU) 2016/679

Your Rights Under GDPR

As an EU resident, you have comprehensive rights over your personal data. FindForce is fully committed to GDPR compliance and protecting your privacy rights.

1. Your Data Protection Rights

Under the General Data Protection Regulation (GDPR), if you are a resident of the European Union, you have the following data protection rights:

Right to Information (Article 13-14)

  • You have the right to know what personal data we collect and how we use it
  • We provide this information transparently in our Privacy Policy
  • We inform you of any changes to data processing purposes

Right of Access (Article 15)

  • Request a copy of all personal data we hold about you
  • Receive information about how your data is processed
  • Learn who has access to your data and where it's stored
  • Response time: Within 30 days of request

Right to Rectification (Article 16)

  • Correct any inaccurate personal data we hold
  • Complete any incomplete personal data
  • Update your account information at any time

Right to Erasure / "Right to be Forgotten" (Article 17)

  • Request deletion of your personal data when:
  • • Data is no longer necessary for original purpose
  • • You withdraw consent and no other legal basis exists
  • • You object to processing and no overriding legitimate interests exist
  • • Data has been unlawfully processed

Right to Restrict Processing (Article 18)

  • Temporarily limit how we use your data when:
  • • You contest the accuracy of personal data
  • • Processing is unlawful but you prefer restriction over deletion
  • • We no longer need data but you need it for legal claims
  • • You object to processing pending verification of legitimate interests

Right to Data Portability (Article 20)

  • Receive your personal data in a structured, machine-readable format
  • Transfer your data to another service provider
  • Applies to data processed by automated means based on consent or contract

Right to Object (Article 21)

  • Object to processing based on legitimate interests
  • Object to direct marketing (including profiling)
  • Object to processing for scientific/historical research or statistics

2. Legal Basis for Processing

Our Legal Grounds

  • Contract Performance: Account management, service provision, billing
  • Legitimate Interest: Service improvement, security, fraud prevention
  • Consent: Marketing communications, non-essential cookies
  • Legal Obligation: Compliance with EU laws and regulations

3. Data Processing Procedures

Data Minimization

  • We collect only the minimum data necessary for our services
  • We regularly review and delete unnecessary data
  • Optional data collection is clearly marked and consent-based

Purpose Limitation

  • Data is used only for specified, explicit, and legitimate purposes
  • No further processing incompatible with original purpose
  • New purposes require additional consent or legal basis

Storage Limitation

  • Data retained only as long as necessary for processing purposes
  • Automatic deletion based on retention schedules
  • Clear retention periods defined in our Privacy Policy

4. Data Security Measures

Technical Safeguards

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Monitoring: 24/7 security monitoring and intrusion detection
  • Backup Security: Encrypted backups with access logging

Organizational Measures

  • Staff Training: Regular GDPR and privacy training
  • Data Protection Impact Assessments: For high-risk processing
  • Privacy by Design: Built into all new features and systems
  • Vendor Management: GDPR compliance requirements for all processors

5. Data Breach Procedures

Our Breach Response

  • Detection: 24/7 monitoring systems for immediate breach detection
  • Assessment: Risk evaluation within 24 hours of discovery
  • Authority Notification: Report to supervisory authority within 72 hours if required
  • Individual Notification: Direct notification if high risk to your rights
  • Documentation: Full breach documentation and remediation steps

6. Cross-Border Data Transfers

EU-First Approach

  • Primary data processing within EU jurisdiction
  • EU-based infrastructure for maximum data protection
  • Local data residency for EU customers

Transfer Safeguards

  • Standard Contractual Clauses: EU Commission approved transfer mechanisms
  • Adequacy Decisions: Transfers only to countries with adequate protection
  • Additional Safeguards: Enhanced security for any international transfers

7. Exercising Your Rights

How to Submit Requests

  • Email: gdpr@findforce.io
  • Subject Line: "GDPR Request - [Type of Request]"
  • Include: Full name, email address, specific request details
  • Verification: We may request additional verification for security

Response Timeline

  • Standard Response: Within 30 days of request receipt
  • Complex Requests: Up to 60 days with explanation for delay
  • Urgent Requests: Prioritized processing within 48-72 hours
  • Free of Charge: No fees for legitimate requests

Request Processing

  • Acknowledgment: Immediate confirmation of request receipt
  • Verification: Identity verification for security purposes
  • Processing: Thorough review and data compilation
  • Response: Complete response with requested information or actions

8. Supervisory Authority Rights

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with:

Estonian Data Protection Inspectorate

  • Website: www.aki.ee
  • Email: info@aki.ee
  • Address: Tatari 39, 10134 Tallinn, Estonia
  • Phone: +372 627 4135

9. Data Protection Officer

Contact Our DPO

  • Email: dpo@findforce.io
  • Role: Independent oversight of data protection practices
  • Responsibilities: GDPR compliance monitoring, training, and advisory
  • Direct Contact: Available for all data protection inquiries

10. Children's Data Protection

Enhanced Protection: Our service is not directed at children under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data immediately and may terminate the account.

11. Regular Compliance Reviews

  • Quarterly Reviews: Regular assessment of GDPR compliance
  • Annual Audits: Comprehensive privacy and security audits
  • Policy Updates: Regular updates to reflect legal changes
  • Staff Training: Ongoing GDPR training for all personnel

Last Updated: Jun 22, 2025
Next Review: Jun 22, 2026

This GDPR compliance document demonstrates our commitment to protecting your fundamental right to privacy and data protection as guaranteed under EU law.