GDPR Compliance
Last updated: August 4, 2025
1. Introduction to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It strengthens and unifies data protection for individuals within the European Union (EU) and addresses the export of personal data outside the EU.
At Sederly Solutions, we are committed to protecting your personal data and respecting your privacy rights under GDPR. This page explains how we comply with GDPR requirements and how you can exercise your data protection rights.
2. Legal Basis for Processing
Under GDPR, we must have a legal basis for processing your personal data. We process your data based on the following legal grounds:
Contract Performance
Processing necessary to provide our sales management services, manage your account, and fulfill our contractual obligations.
Consent
When you explicitly consent to specific processing activities, such as marketing communications or optional analytics.
Legitimate Interest
For business operations, security, fraud prevention, and service improvement, where our interests don't override your rights.
Legal Obligation
When required by law, such as tax reporting, regulatory compliance, or responding to legal requests.
3. Your Data Protection Rights
Under GDPR, you have the following rights regarding your personal data:
You have the right to request access to your personal data and receive information about how we process it.
- Confirmation that we process your data
- Access to your personal data
- Information about processing purposes and legal basis
- Details about data recipients and retention periods
How to exercise: Contact our Data Protection Officer or use your account settings to export your data.
You have the right to have inaccurate personal data corrected and incomplete data completed.
- Correct factual errors in your data
- Complete incomplete information
- Update outdated information
How to exercise: Update your information through your account profile or contact support for assistance.
You have the right to request deletion of your personal data in certain circumstances.
- Data is no longer necessary for the original purpose
- You withdraw consent and there's no other legal basis
- Data has been unlawfully processed
- Erasure is required for legal compliance
How to exercise: Request account deletion through your settings or contact our support team.
You have the right to request restriction of processing in specific situations.
- You contest the accuracy of the data
- Processing is unlawful but you don't want erasure
- We no longer need the data but you need it for legal claims
- You object to processing pending verification of legitimate grounds
How to exercise: Contact our Data Protection Officer with your specific request and reasoning.
You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.
- Receive data in a machine-readable format
- Transmit data directly to another service provider
- Applies to data processed by automated means
How to exercise: Use the data export feature in your account settings or request a data export from support.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
- Object to processing for direct marketing (absolute right)
- Object to processing based on legitimate interests
- Object to profiling for direct marketing
How to exercise: Adjust your communication preferences in account settings or contact our team.
4. Data Processing Activities
We process personal data for the following purposes under Sederly:
| Processing Activity | Data Categories | Legal Basis | Retention Period |
|---|---|---|---|
| Account Management | Contact details, profile information | Contract Performance | Duration of account + 3 years |
| Order Processing | Customer data, transaction details | Contract Performance | As per subscription plan |
| Payment Processing | Billing information, payment data | Contract Performance | 7 years (tax requirements) |
| Customer Support | Communication records, technical data | Legitimate Interest | 3 years after resolution |
| Marketing Communications | Contact details, preferences | Consent | Until consent withdrawn |
| Analytics & Improvement | Usage data, performance metrics | Legitimate Interest | 2 years |
| Security & Fraud Prevention | Access logs, security events | Legitimate Interest | 1 year |
5. International Data Transfers
We may transfer your personal data outside the European Economic Area (EEA) for service provision. When we do, we ensure appropriate safeguards are in place:
Adequacy Decisions
Transfers to countries with adequate data protection as determined by the European Commission.
Standard Contractual Clauses
Legally binding contracts that ensure data protection standards are maintained.
Certification Schemes
Transfers to organizations with recognized data protection certifications.
6. Data Protection by Design and Default
We implement data protection principles throughout our system design and operations:
Privacy by Design
Privacy considerations are built into our systems from the ground up.
Data Minimization
We only collect and process data that is necessary for our services.
Access Controls
Role-based access ensures only authorized personnel can access data.
Retention Limits
Data is automatically deleted when no longer needed for its purpose.
7. Data Breach Procedures
In the unlikely event of a data breach, we have procedures in place to:
- Detect and Contain: Identify and stop the breach within 72 hours
- Assess Impact: Evaluate the risk to individuals' rights and freedoms
- Notify Authorities: Report to supervisory authorities within 72 hours if required
- Inform Individuals: Notify affected individuals if there's a high risk to their rights
- Document and Learn: Record the incident and improve our security measures
8. How to Exercise Your Rights
You can exercise your GDPR rights through multiple channels:
Self-Service Options
- Account settings and profile management
- Data export and download features
- Privacy and communication preferences
- Account deletion options
Support Channels
- Email: dpo@sederly.com
- Support ticket system
- Live chat support
- Contact form
Response Times
We will respond to your requests within 30 days as required by GDPR. For complex requests, we may extend this period by an additional 60 days and will inform you of any delay.
9. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. You can contact:
- Your local data protection authority in the EU
- The supervisory authority in the country where you reside
- The supervisory authority where the alleged infringement occurred
A list of EU supervisory authorities is available on the European Data Protection Board website.
10. Contact Our Data Protection Officer
Our Data Protection Officer (DPO) is responsible for overseeing our data protection strategy and ensuring GDPR compliance.
Data Protection Officer
Email: dpo@sederly.com
Company: Sederly Solutions
Response Time: Within 5 business days