Acefina

GDPR Compliance

  1. Home
  2. GDPR

Last updated: December 2024

1. Our Commitment to GDPR

Acefina is committed to protecting the privacy and security of personal data in compliance with the General Data Protection Regulation (GDPR). This page outlines how we handle personal data of EU residents.

2. Data Controller

Acefina acts as a Data Controller for personal data collected through our website and marketing activities. For client projects, we typically act as a Data Processor, processing data on behalf of our clients.

3. Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you voluntarily submit your information via our contact forms
  • Contract: When processing is necessary to fulfill our contractual obligations to you
  • Legitimate Interests: For business operations that do not override your rights
  • Legal Obligation: When required by law

4. Your Rights Under GDPR

As an EU resident, you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: We do not use automated decision-making

5. Data Protection Measures

We implement appropriate security measures including:

  • Encryption of data in transit (HTTPS/TLS)
  • Secure password policies and access controls
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

6. International Data Transfers

When we transfer data outside the EU/EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

7. Data Retention

We retain personal data only as long as necessary for the purposes stated. After this period, data is securely deleted or anonymized. Retention periods vary based on the type of data and legal requirements.

8. Data Processing Agreements

For client projects where we process personal data, we enter into Data Processing Agreements (DPAs) that outline our obligations and ensure GDPR compliance.

9. Exercising Your Rights

To exercise any of your GDPR rights, please contact us at:

Email: hello@acefina.com

We will respond to your request within 30 days. You also have the right to lodge a complaint with your local Data Protection Authority.