Privacy Policy

1. Introduction

Gabsor ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our GDPR representative services and visit our website.

As a GDPR compliance service provider, we hold ourselves to the highest standards of data protection and process all personal data in accordance with the General Data Protection Regulation (GDPR) and applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, company name, business address, phone number
• Payment Information: Billing details, payment card information (processed securely by our payment provider)
• Communication Data: Information from your correspondence with us, including support requests
• Service Data: Data you submit through our platform for GDPR compliance purposes

3.2 Information Automatically Collected

• Usage Data: Information about how you use our website and services
• Technical Data: IP address, browser type, device information, operating system
• Cookies: See our Cookie Policy for detailed information

4. How We Use Your Information

We process your personal data for the following purposes:

• Service Delivery: To provide GDPR representative services and fulfill our contractual obligations
• Account Management: To create and manage your account, process payments, and provide customer support
• Communication: To send service updates, security alerts, and respond to your inquiries
• Compliance: To comply with legal obligations and respond to regulatory requests
• Improvement: To analyze usage patterns and improve our services
• Marketing: With your consent, to send promotional communications about our services

5. Legal Basis for Processing

We process your personal data under the following legal bases:

• Contractual Necessity: Processing necessary to perform our services
• Legal Obligation: Processing required to comply with legal requirements
• Legitimate Interest: Processing necessary for our business operations and service improvement
• Consent: Where you have provided explicit consent (e.g., marketing communications)

6. Data Sharing and Disclosure

We may share your personal data with:

• Service Providers: Third-party vendors who provide hosting, payment processing, and analytics services
• Data Protection Authorities: When acting as your representative under GDPR Article 27
• Legal Requirements: When required by law or to protect our legal rights
• Business Transfers: In connection with mergers, acquisitions, or sale of assets

We ensure all third parties are bound by appropriate data protection agreements and only process your data as instructed.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Typically:

• Account data: Duration of your subscription plus 7 years for accounting purposes
• Communication records: 3 years after last contact
• Representative service records: As required by GDPR Article 30 (minimum 3 years)

8. Your Rights

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restriction: Request limitation of processing
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at admin@gabsor.com. You also have the right to lodge a complaint with your local data protection authority.

9. International Data Transfers

Your data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal data from children.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through a prominent notice on our website. The "Last updated" date at the top indicates when the policy was last revised.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: