EU GDPR Privacy Policy & Data Rights
Last updated: March 20, 2025
1. Introduction
This EU GDPR Privacy Policy ("Policy") applies to users of Crowd4GPT ("Platform") who are located in the European Union or European Economic Area. This Policy explains how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR).
We are committed to protecting your privacy and ensuring transparent data practices, even as a small, bootstrapping company. This Policy outlines our approach to compliance with EU data protection laws.
2. Data Controller Information
Controller: company inc
Address: address
Email: [email protected]
As a data controller, we are responsible for determining the purposes and means of processing your personal data. We are a Canadian company with servers located in the United States.
3. Personal Data We Collect
3.1 Account Data
- Name
- Email address
- Password (stored in encrypted form)
- Profile information (including profile picture, skills, experience)
- Account preferences
3.2 Contest Data
- Contest submissions
- Comments and feedback
- Participation history
- Winning records
3.3 Payment Data
- Transaction history
- Payment method information (processed by Stripe, not stored on our servers)
- Billing address (for payment verification)
3.4 Technical Data
- IP address
- Browser type and version
- Device information
- Pages visited and features used
- Time and duration of visits
- Referral source
3.5 Communication Data
- Messages sent through the platform
- Support requests
- Feedback provided
4. How We Collect Your Data
We collect personal data through:
- Account registration process
- Contest participation
- Payment processing
- Website usage
- Communications with our team
- Cookies and similar technologies
5. Lawful Basis for Processing
We process your personal data under the following legal bases:
5.1 Contract
We process most of your data because it's necessary for performing our contract with you. This includes:
- Account creation and management
- Contest participation
- Prize distribution
- Payment processing
5.2 Legitimate Interest
We process some data based on our legitimate interest in providing and improving our services, including:
- Security measures
- Platform improvements
- Analysis of usage patterns
- Fraud prevention
5.3 Consent
We process certain data based on your explicit consent:
- Marketing communications
- Non-essential cookies
- Optional profile information
5.4 Legal Obligation
Some processing is necessary to comply with our legal obligations:
- Tax and financial record-keeping
- Responding to legal requests
- Fraud prevention
6. How We Use Your Data
6.1 Providing Our Services
- Managing your account
- Facilitating contests
- Processing payments
- Distributing prizes
- Enabling collaboration
- Facilitating communications
6.2 Improving and Securing Our Platform
- Troubleshooting issues
- Analyzing usage patterns
- Enhancing features
- Preventing fraud and abuse
- Ensuring platform security
6.3 Communication
- Responding to your requests
- Sending service-related notifications
- Providing support
- Marketing communications (with consent)
7. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.
| Data Category | Retention Period | Justification |
|---|---|---|
| Account Data | Account lifetime + 2 years after inactivity | Supporting potential account reactivation |
| Contest Data | 3 years after contest completion | Supporting potential disputes, showcase portfolio |
| Payment Data | 7 years | Tax and financial regulations |
| Technical Data | 90 days | Security and service improvement |
| Communications | 2 years | Support and reference |
8. Your Rights Under GDPR
As an EU/EEA user, you have the following rights:
8.1 Right to Access
You can request a copy of your personal data that we process.
8.2 Right to Rectification
You can request correction of inaccurate or incomplete personal data.
8.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances.
8.4 Right to Restriction of Processing
You can request that we limit how we use your data.
8.5 Right to Data Portability
You can request a copy of your data in a structured, machine-readable format.
8.6 Right to Object
You can object to our processing based on legitimate interest or for direct marketing.
8.7 Rights Related to Automated Decision Making
You have rights related to any automated decision-making with legal or similarly significant effects.
9. How to Exercise Your Rights
To exercise any of these rights, please email us at [email protected] with the subject line "GDPR Request". To protect your privacy, we may need to verify your identity before processing your request.
We will respond to all legitimate requests within one month. In complex cases, this period may be extended by up to two additional months, in which case we will notify you.
9.1 What to Include in Your Request
For efficient processing, please include:
- The specific right you wish to exercise
- Your name and email associated with your account
- Any additional details relevant to your request
9.2 Our Response Process
- We will acknowledge receipt of your request within 3 business days
- We may ask for verification of your identity
- We will process your request and respond within 30 days
- If we cannot fulfill your request, we will explain why
10. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including:
- Secure hosting environment
- Encryption for sensitive data
- Regular security updates
- Strong authentication mechanisms
- Access controls and logging
- Regular security reviews
11. International Data Transfers
Your data is primarily stored in Canada. The European Commission has recognized Canada (private sector organizations) as providing adequate protection for personal data under the Personal Information Protection and Electronic Documents Act (PIPEDA).
For any processing activities not covered by this adequacy decision, we implement appropriate safeguards for data transfers, such as:
- Standard Contractual Clauses
- Explicit consent (where appropriate)
- Necessary transfers for performance of contract
12. Cookies and Similar Technologies
Our platform uses cookies and similar technologies to enhance your experience. We use:
- Essential cookies: Required for platform functionality
- Functional cookies: Enable enhanced features
- Analytics cookies: Help us understand platform usage
You can manage cookie preferences through our cookie banner or browser settings.
12.1 Cookie Options
You can choose which non-essential cookies to accept. Essential cookies remain necessary for platform functionality.
12.2 Cookie Preference Change
You can change your cookie preferences at any time by clicking on "Cookie Settings" in the footer of our website.
13. Third-Party Service Providers
We use the following third-party service providers who may process your personal data:
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Stripe | Payment processing | Payment details | United States |
| Cloudflare | Content delivery, security | IP address, browsing data | Global |
Each provider is subject to data processing terms that comply with GDPR requirements.
14. Children's Privacy
Our platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us.
15. Data Breach Procedures
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours
- Inform affected users without undue delay
- Document the breach and our response
16. Changes to This Policy
We may update this Policy from time to time. We will notify you of any changes by posting the new Policy on this page and updating the "Last updated" date.
For significant changes, we will provide more prominent notice, such as an email notification.
17. How to Contact Us
For any questions about this Policy or our data practices, please contact:
Email: [email protected]
Mail: [Your Business Address], Canada
18. Complaints
If you are unsatisfied with our response to your privacy concerns, you have the right to lodge a complaint with your local data protection authority. However, we would appreciate the chance to address your concerns before you contact a supervisory authority, so please contact us first.
19. Our Data Collection Approach
19.1 Data Minimization
We follow the principle of data minimization by:
- Collecting only data necessary for platform functionality
- Providing optional fields clearly marked as such
- Regularly reviewing our data collection practices
- Automatically deleting data that is no longer needed
19.2 Purpose Limitation
We use your data only for the purposes specified in this Policy. If we need to use your personal data for a new purpose, we will provide you with notice.
19.3 Documentation of Processing
We maintain documentation of our processing activities, including:
- Categories of personal data collected
- Purposes of processing
- Categories of recipients
- Retention periods
- Security measures
This documentation is regularly reviewed and updated to ensure accuracy.
20. Data Processing Record Summary
| Processing Activity | Data Categories | Legal Basis | Purpose | Retention |
|---|---|---|---|---|
| Account Management | Account Data | Contract | User identification, authentication | Account lifetime + 2 years |
| Contest Facilitation | Contest Data | Contract | Enable contest participation | 3 years after contest |
| Payment Processing | Payment Data | Contract | Process payments, distribute prizes | 7 years |
| Communications | Contact Data | Contract/Legitimate Interest | Support, notifications | 2 years |
| Platform Improvement | Usage Data | Legitimate Interest | Enhance user experience | 90 days |
| Marketing | Contact Data | Consent | Promotional communications | Until consent withdrawal |
By using our platform, you acknowledge that you have read and understood this Privacy Policy.