GDPR Rights & Information

Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that gives individuals in the EU/EEA significant rights over their personal data. At Rozitech, we are committed to GDPR compliance and protecting your privacy rights.

Legal Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases:

Contract Performance

We process your data when necessary to:

• Provide our SaaS services to you
• Create and manage your account
• Process payments and billing
• Provide customer support

Legitimate Interests

We may process your data for our legitimate business interests, including:

• Improving our products and services
• Ensuring network and information security
• Fraud prevention and detection
• Internal administrative purposes

Consent

We process data based on your consent for:

• Marketing communications
• Non-essential cookies and tracking
• Optional features requiring additional data

Legal Obligations

We process data when required by law, such as:

• Tax and accounting requirements
• Legal disclosure obligations
• Regulatory compliance

Your GDPR Rights Explained

1. Right to Access (Article 15)

You have the right to obtain confirmation about whether we process your personal data and, if so, access to that data along with certain information including:

• The purposes of the processing
• The categories of personal data
• Recipients or categories of recipients
• Data retention periods
• Your rights regarding the data
• The source of the data (if not collected from you)

2. Right to Rectification (Article 16)

You can request correction of inaccurate personal data or completion of incomplete data. We will rectify the data without undue delay and inform any recipients of the corrections.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

• The data is no longer necessary for the original purpose
• You withdraw consent (where consent was the legal basis)
• You object to processing based on legitimate interests
• The data was unlawfully processed
• Deletion is required by law

Note: This right is not absolute and may not apply if processing is necessary for legal obligations, freedom of expression, or legal claims.

4. Right to Restriction of Processing (Article 18)

You can request restriction of processing when:

• You contest the accuracy of the data
• Processing is unlawful but you oppose erasure
• We no longer need the data but you need it for legal claims
• You've objected to processing pending verification of legitimate grounds

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format when:

• Processing is based on consent or contract
• Processing is carried out by automated means

You can also request direct transfer to another controller where technically feasible.

6. Right to Object (Article 21)

You can object to processing based on:

• Legitimate interests or public task performance
• Direct marketing purposes (including profiling)
• Processing for scientific/historical research or statistics

7. Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless:

• It's necessary for contract performance
• It's authorized by law
• You've given explicit consent

8. Right to Withdraw Consent

Where we rely on consent for processing, you can withdraw it at any time. This doesn't affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

Response Timeframes

We will respond to your GDPR request:

• Without undue delay: Acknowledgment within 72 hours
• Within one month: Full response to your request
• Extension possible: Up to two additional months for complex requests (we'll inform you of any delay)

Data Protection Officer

Our Data Protection Officer (DPO) oversees GDPR compliance and can assist with any questions or concerns:

International Data Transfers

When we transfer your data outside the EU/EEA, we ensure appropriate safeguards:

• Standard Contractual Clauses (SCCs): EU Commission-approved contracts
• Adequacy Decisions: Transfers to countries with adequate protection
• Binding Corporate Rules: For intra-group transfers
• Your Consent: Where explicitly provided

Data Breach Notification

In case of a personal data breach that's likely to result in high risk to your rights and freedoms:

• We will notify affected individuals without undue delay
• We will describe the breach and its likely consequences
• We will provide recommendations for mitigating potential adverse effects
• We maintain breach logs and cooperate with supervisory authorities

Cookies and Tracking

Under GDPR, we must obtain consent for non-essential cookies. Our cookie categories:

• Essential: Required for basic functionality (no consent needed)
• Functional: Enhance user experience (consent required)
• Analytics: Help us understand usage (consent required)
• Marketing: Used for targeted advertising (consent required)

You can manage cookie preferences through our cookie banner or browser settings.

Children's Data

We do not knowingly process data of children under 16 without parental consent. If you believe we have such data, please contact our DPO immediately.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or location of alleged infringement.

Updates to GDPR Information

We may update this GDPR information page to reflect changes in:

• Legal requirements or guidance
• Our data processing practices
• Supervisory authority decisions
• Court judgments affecting GDPR interpretation

Material changes will be communicated to affected users via email or prominent website notice.