GDPR Compliance

Our Commitment to GDPR Compliance

Certean is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to:

• All organizations operating within the European Union (EU)
• Organizations outside the EU that offer goods or services to EU residents
• Organizations that monitor the behavior of EU residents

Legal Basis for Processing

Under GDPR, we must have a legal basis for processing your personal data. We process personal data based on the following legal grounds:

Consent

When you explicitly agree to our processing of your personal data for specific purposes, such as marketing communications or newsletter subscriptions.

Contract Performance

When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

Legitimate Interest

When we have a legitimate business interest that does not override your fundamental rights and freedoms, such as improving our services or preventing fraud.

Legal Obligation

When processing is necessary to comply with a legal obligation, such as tax requirements or regulatory compliance.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right of Access

You have the right to request access to your personal data and receive information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data under certain circumstances, such as when the data is no longer necessary or you withdraw consent.

Right to Restrict Processing

You can request limitation of processing your personal data in specific situations, such as while we verify the accuracy of disputed data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to processing based on legitimate interest or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information provided below. We will respond to your request within one month, though this may be extended by two months for complex requests.

Required Information

To process your request efficiently, please provide:

• Your full name and contact information
• Description of your request and the right you wish to exercise
• Proof of identity (to prevent unauthorized access)
• Specific details about the data or processing in question

Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. Our DPO is responsible for:

• Monitoring compliance with GDPR and data protection laws
• Conducting data protection impact assessments
• Serving as a contact point for data protection authorities
• Providing guidance on data protection matters
• Handling data subject requests and complaints

You can contact our DPO directly at: info@certean.com

International Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent protection levels
• Binding Corporate Rules for intra-group transfers
• Certification schemes and codes of conduct

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay if there is a high risk
• Document all breaches and our response measures
• Take immediate steps to contain and remedy the breach

Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. You can contact:

• The supervisory authority in your EU member state of residence
• The supervisory authority in your place of work
• The supervisory authority where the alleged infringement occurred

Regular Compliance Reviews

We regularly review and update our data protection practices to ensure ongoing GDPR compliance. This includes conducting data protection impact assessments, updating our privacy policies, training our staff, and implementing privacy by design principles in our services.

Contact Us

For any GDPR-related questions or to exercise your rights, please contact us: