GDPR Compliance

General Data Protection Regulation

Our Commitment to GDPR

Social Upgrade is committed to protecting the privacy and security of your personal data in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines how we comply with GDPR requirements and explains your rights as a data subject under this regulation.

Legal Basis for Processing

We process your personal data only when we have a legal basis to do so. Under GDPR, we rely on the following legal bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal Obligation: The processing is necessary for us to comply with the law.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those interests.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

1. Right to Be Informed

You have the right to be informed about the collection and use of your personal data. This is detailed in our Privacy Policy.

2. Right of Access

You have the right to access your personal data and supplementary information. You can request a copy of the personal data we hold about you at any time.

3. Right to Rectification

You have the right to have inaccurate personal data rectified or completed if it is incomplete. You can update most of your information directly through your account settings.

4. Right to Erasure ("Right to Be Forgotten")

You have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This includes:

  • When the personal data is no longer necessary for the purpose it was collected
  • When you withdraw consent
  • When you object to the processing and there is no overriding legitimate interest
  • When the personal data was unlawfully processed
  • When erasure is required to comply with a legal obligation

5. Right to Restrict Processing

You have the right to request the restriction or suppression of your personal data. This means we can store your data but not actively use it.

6. Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy, or transfer personal data easily from one IT environment to another.

7. Right to Object

You have the right to object to processing based on legitimate interests or the performance of a task in the public interest, direct marketing, and processing for purposes of scientific/historical research and statistics.

8. Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

You can exercise your GDPR rights by:

  • Account Settings: Many rights can be exercised directly through your account settings, including updating information, downloading your data, or deleting your account.
  • Email Request: Contact our Data Protection Officer at dpo@socialupgrade.com
  • Written Request: Send a written request to our registered address

We will respond to your request within one month, though this may be extended to two months for complex requests. We will inform you if we need additional time.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data protection, including:

  • Encryption: All sensitive data is encrypted both in transit (HTTPS/TLS) and at rest
  • Access Controls: Strict access controls ensure only authorized personnel can access personal data
  • Data Minimization: We only collect and process data that is necessary for our services
  • Regular Audits: We conduct regular security audits and assessments
  • Employee Training: All staff receive GDPR and data protection training
  • Incident Response: We have procedures in place to detect, report, and investigate data breaches
  • Third-Party Agreements: All data processors we work with are contractually bound to GDPR compliance

Data Breach Notification

In accordance with GDPR Article 33 and 34, we have procedures in place to deal with any suspected data breach. We will notify you and any applicable regulator of a suspected breach where we are legally required to do so, typically within 72 hours of becoming aware of the breach.

If a breach is likely to result in a high risk to your rights and freedoms, we will notify you directly and provide information about:

  • The nature of the breach
  • The likely consequences
  • The measures taken or proposed to address the breach
  • Contact details for further information

International Data Transfers

We primarily store and process your data within the European Economic Area (EEA). When we transfer your data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission for certain countries
  • Binding Corporate Rules for transfers within our corporate group
  • Your explicit consent for specific transfers

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Active Accounts: Data is retained while your account is active
  • Deleted Accounts: Most data is deleted within 30 days of account deletion
  • Legal Obligations: Some data may be retained longer to comply with legal obligations
  • Backup Systems: Deleted data may persist in backup systems for up to 90 days

Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.

Right to Lodge a Complaint

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with the appropriate supervisory authority. In the EU, this is your local data protection authority.

However, we encourage you to contact us first at dpo@socialupgrade.com so we can try to resolve your concerns directly.

Updates to This Page

We may update this GDPR compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting a notice on our website or by sending you an email.

Contact Our Data Protection Officer

If you have any questions about GDPR compliance or wish to exercise your rights, please contact our Data Protection Officer:

© 2025 Social Upgrade. All rights reserved.