AcefinaAcefina
Acefina
GDPR

GDPR compliance

This page outlines how we handle personal data connected to EU residents and how we approach controller, processor, and data protection responsibilities.

Contact usExplore services
We review this page regularly and update it whenever our privacy, project delivery, or data protection practices change.

1. Our commitment to GDPR

Acefina is committed to protecting personal data in line with the General Data Protection Regulation (GDPR). This page explains how we handle personal data tied to EU residents.

2. Data controller and processor roles

For personal data collected through our own website or marketing activity, Acefina generally acts as the data controller. For client engagements, we typically act as a data processor and handle information according to the client's instructions.

3. Legal basis for processing

  • Consent: When you voluntarily submit information through forms or direct outreach
  • Contract: When processing is necessary to fulfill an agreement with you or your business
  • Legitimate interests: For operational activity that does not override your rights
  • Legal obligation: When we are required to retain or disclose data by law

4. Your rights under GDPR

EU residents may have the right to:

  • Request access to personal data
  • Correct inaccurate or incomplete data
  • Request deletion of data where applicable
  • Restrict certain processing activity
  • Receive personal data in a portable format
  • Object to processing based on legitimate interests
  • Request review where automated decision-making would apply (we do not currently rely on automated decision-making for these processes)

5. Data protection measures

  • Encryption in transit using HTTPS/TLS
  • Access controls and credential hygiene
  • Regular security review and project-level safeguards
  • Internal handling practices designed to reduce unnecessary exposure
  • Incident response procedures where sensitive systems are involved

6. International data transfers

If data is transferred outside the EU or EEA, we use appropriate safeguards such as contractual protections or provider controls intended to support lawful transfer.

7. Data retention

Personal data is retained only for as long as needed for the stated purpose, to meet contractual obligations, or to comply with legal requirements. When retention is no longer required, data is deleted or anonymized where appropriate.

8. Data processing agreements

For client work that involves personal data processing, we can enter into a Data Processing Agreement (DPA) that clarifies responsibilities, handling boundaries, and compliance expectations.

9. Exercising your rights

To exercise a GDPR right or ask a related question, contact hello@acefina.com. We aim to respond within 30 days where GDPR applies. You may also contact your local data protection authority if you believe your rights have not been handled properly.

Need a GDPR or DPA conversation before kickoff?

We can clarify controller and processor responsibilities before project work starts.

If the project includes customer data, internal tools, or regulated workflows, we can talk through the handling model before access is shared.

Contact usSee our services
GDPR/DPA/Client data/Security review