GDPR Compliance

    Your Data Protection Rights

    We are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR).

    Last Updated: January 1, 2025

    GDPR Overview

    The General Data Protection Regulation (GDPR) is a European Union regulation that gives individuals control over their personal data. As a data processor, PandaDash is committed to ensuring full compliance with GDPR requirements.

    Under GDPR, you have specific rights regarding your personal data, and we are obligated to protect your information and respond to your requests in a timely manner.

    Your GDPR Rights

    Right of Access (Article 15)

    You have the right to know what personal data we hold about you and how we process it.

    • Confirmation that we are processing your data
    • Access to your personal data
    • Information about how we use your data
    • Details about data sharing and storage

    Right to Rectification (Article 16)

    You can request correction of inaccurate or incomplete personal data. We will update your information and notify relevant third parties where applicable.

    Right to Erasure (Article 17)

    Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances:

    • Data is no longer necessary for the original purpose
    • You withdraw consent and there's no other legal basis
    • Data has been unlawfully processed
    • Deletion is required for legal compliance

    Right to Restrict Processing (Article 18)

    You can request that we limit how we use your personal data while we verify its accuracy or address your concerns about its use.

    Right to Data Portability (Article 20)

    You can request a copy of your personal data in a structured, commonly used, and machine-readable format, and transfer it to another service provider.

    Right to Object (Article 21)

    You can object to processing of your personal data for direct marketing, research, or where we rely on legitimate interests as our legal basis for processing.

    Legal Basis for Processing

    We process your personal data based on the following legal grounds:

    Contract Performance:

    Processing necessary to provide our services and fulfill our contractual obligations to you.

    Legitimate Interests:

    Processing for our legitimate business interests, such as improving our services and preventing fraud.

    Legal Compliance:

    Processing required to comply with legal obligations, such as tax reporting and record-keeping.

    Consent:

    Processing based on your explicit consent, which you can withdraw at any time.

    International Data Transfers

    When we transfer your personal data outside the European Economic Area (EEA), we ensure adequate protection through:

    • Standard Contractual Clauses approved by the European Commission
    • Adequacy decisions for countries with equivalent data protection laws
    • Certification schemes and codes of conduct
    • Additional safeguards and impact assessments

    Data Retention and Deletion

    We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

    Account Data:

    Retained for the duration of your account and up to 7 years after closure for legal compliance.

    Usage Data:

    Analytics and usage data is typically retained for 26 months for service improvement purposes.

    Marketing Data:

    Marketing communications data is retained until you unsubscribe or withdraw consent.

    Making GDPR Requests

    To exercise your GDPR rights, please contact us with the following information:

    • Your full name and email address associated with your account
    • The specific right you wish to exercise
    • Any relevant details to help us locate your data
    • Proof of identity (for security purposes)

    Response Time: We will respond to your request within one month. In complex cases, we may extend this period by two additional months.

    Data Protection Officer

    For any questions about GDPR compliance or to exercise your rights, contact our Data Protection Officer:

    Email: dpo@pandadash.io

    Address: Data Protection Officer, PandaDash

    2200 Logan Avenue, Suite A113

    Cheyenne, Wyoming, 82001

    Phone: 307-242-1177

    Supervisory Authority: If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

    Start for $1