GDPR Compliance
Your rights under the General Data Protection Regulation (GDPR) and how we protect your personal data.
Last updated: October 17, 2025
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It strengthens and unifies data protection for all individuals within the EU and addresses the export of personal data outside the EU.
GDPR gives you greater control over your personal data and requires organizations to be more transparent about how they collect, use, and protect personal information.
Your Rights Under GDPR
Right to Access
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
How to exercise: Contact us at privacy@mysylo.ai to request a copy of your personal data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.
How to exercise: Request your data export through your account settings or contact support.
Right to Erasure (Right to be Forgotten)
You have the right to obtain the erasure of personal data concerning you without undue delay where certain grounds apply.
How to exercise: Submit a deletion request through your account settings or contact privacy@mysylo.ai.
Right to Rectification
You have the right to obtain the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
How to exercise: Update your information directly in your account settings or contact support.
Right to Restrict Processing
You have the right to obtain restriction of processing where certain conditions apply, such as when you contest the accuracy of your personal data.
How to exercise: Contact privacy@mysylo.ai to request processing restrictions.
Right to Object
You have the right to object to processing of your personal data for direct marketing purposes or for legitimate interests.
How to exercise: Unsubscribe from marketing emails or contact privacy@mysylo.ai.
Our GDPR Compliance Measures
Data Protection by Design
We implement data protection principles from the design stage of our systems and throughout the entire lifecycle of personal data processing.
- Privacy impact assessments for new features
- Data minimization principles
- Purpose limitation and storage limitation
- Regular security audits and assessments
Lawful Basis for Processing
We process personal data only when we have a lawful basis under GDPR:
- Consent: When you explicitly consent to processing
- Contract: When processing is necessary for contract performance
- Legitimate Interest: When we have a legitimate business interest
- Legal Obligation: When required by law
Data Subject Rights Implementation
We have implemented systems and procedures to ensure you can exercise your rights:
- Automated data export functionality
- Account deletion and data erasure processes
- Data rectification mechanisms
- Processing restriction capabilities
- Consent management systems
Data Processing Activities
| Purpose | Data Types | Lawful Basis | Retention Period |
|---|---|---|---|
| Account Management | Name, email, profile data | Contract | Account lifetime + 2 years |
| Service Provision | Usage data, preferences | Contract | 3 years |
| Marketing | Email, preferences | Consent | Until consent withdrawn |
| Analytics | Usage patterns, device info | Legitimate Interest | 2 years |
Data Transfers and International Processing
International Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place for such transfers.
- Standard Contractual Clauses: EU-approved data transfer agreements
- Adequacy Decisions: Transfers to countries with adequate protection
- Certification Schemes: Privacy Shield and similar frameworks
- Binding Corporate Rules: Internal data protection policies
Third-Party Processors
We work with trusted third-party service providers who process personal data on our behalf. All processors are bound by data processing agreements that ensure GDPR compliance.
Data Breach Notification
Our Commitment
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.
Breach Response Process
- Immediate containment and assessment
- Notification to supervisory authority within 72 hours
- Notification to affected individuals without undue delay
- Documentation and lessons learned
- Implementation of additional security measures
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. You can contact your local data protection authority or the authority in the country where you live or work.
EU Data Protection Authorities
You can find your local data protection authority at:
Contact Our Data Protection Officer
For any questions about GDPR compliance or to exercise your data protection rights, please contact our Data Protection Officer:
Email: dpo@mysylo.ai
Phone: +1 (555) 123-4567
Address: San Francisco, CA
Response Time: We will respond to your request within 30 days of receipt.