GDPR Compliance Statement
GDPR Compliance Statement outlining DataCareph.com's obligations and measures under EU data protection law, including data subject rights, lawful bases, and safeguards for international transfers.
GDPR Compliance Statement
Effective Date: August 23, 2025 Last Updated: August 23, 2025
This GDPR Compliance Statement sets out how DataCareph.com (โwe,โ โour,โ or โusโ) complies with the General Data Protection Regulation (EU) 2016/679 (โGDPRโ) when processing the personal data of individuals located in the European Union (EU) and European Economic Area (EEA).
We recognize our role as a Data Controller under GDPR and have implemented appropriate policies, technical safeguards, and contractual commitments to protect your personal data.
1. Scope of Application
This Statement applies to:
- All EU/EEA residents using DataCareph.com Services.
- Processing activities relating to: account creation, payments, analytics, cookies, and consultancy.
- Cross-border transfers of personal data outside the EU/EEA.
2. Legal Basis for Processing (Article 6 GDPR)
We process personal data only where a valid lawful basis applies:
- Contractual necessity (Art. 6(1)(b)) โ providing our SaaS platform and consultancy.
- Consent (Art. 6(1)(a)) โ marketing communications and cookies.
- Legitimate interests (Art. 6(1)(f)) โ service improvements, fraud prevention, and security.
- Legal obligations (Art. 6(1)(c)) โ tax, compliance, and regulatory reporting.
3. GDPR Data Subject Rights
Under GDPR, you have the following rights:
- Right of Access (Art. 15) โ obtain confirmation and a copy of your data.
- Right to Rectification (Art. 16) โ correct inaccuracies.
- Right to Erasure (Art. 17) โ request deletion (โright to be forgottenโ).
- Right to Restrict Processing (Art. 18) โ limit processing under certain conditions.
- Right to Data Portability (Art. 20) โ receive your data in a structured, machine-readable format.
- Right to Object (Art. 21) โ object to processing, including for marketing.
- Right to Withdraw Consent (Art. 7) โ withdraw consent at any time.
- Right to Lodge a Complaint (Art. 77) โ with your local EU supervisory authority.
4. Exercising Your Rights
You may exercise your rights by contacting us:
- ๐ง Email: info@datacareph.com
- ๐ Phone: +63 910 1449-777
- ๐ฎ Address: 799-B, J.M. Basa St., City Proper, Iloilo, 5000, Philippines
We will respond within 30 days in accordance with GDPR timelines.
5. International Data Transfers (Articles 44โ49 GDPR)
As a Philippine-based company, we transfer data outside the EU/EEA. Safeguards include:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- Encryption & pseudonymization of transferred data.
- Confidentiality agreements with third-party processors.
6. Data Security (Article 32 GDPR)
We implement appropriate technical and organizational measures:
- TLS encryption for all transmissions.
- AES-256 encryption for stored data.
- Cloudflare DDoS protection and firewalls.
- Role-based access controls and monitoring.
7. Data Retention (Article 5(1)(e) GDPR)
- Account/payment records: retained 7 years (legal obligation).
- Analytics & cookies: retained 26 months.
- Marketing data: retained until consent is withdrawn.
After retention periods, data is securely deleted or anonymized.
8. Third-Party Processors
We only use processors that provide GDPR-level protection, including:
- Stripe & PayPal โ payment processing.
- Google Analytics โ analytics.
- Cloudflare โ security and CDN.
Each third party is bound by Data Processing Agreements (DPAs).
9. Data Protection Officer (DPO)
DataCareph.com DPO Contact:
- ๐ง Email: info@datacareph.com
- ๐ฎ Address: 799-B, J.M. Basa St., City Proper, Iloilo, 5000, Philippines
โ๏ธ This GDPR Statement demonstrates full compliance with GDPR and reinforces user trust in our handling of personal data.
Version: 1.0.0