While this privacy policy is designed to be read and understood in full by anyone making use of our services, we have outlined some of the important key details below.

Because ours is not a public service, the information that our systems collate and hold is not open to any public review or access. Furthermore, the data is only available to you as an account verified user of our platform via your password-protected login.

Apart from basic information such as IP addresses and device types, the choice to share further information with GDPR HQ, including email addresses, names, and telephone numbers remains the choice of the user.

Our flexible settings options provide you with total control over the amount and usage of the data that we collect from you. This facility also allows control over marketing preferences and the option to download your stored data.

Any queries concerning how GDPR HQ collects and stores your data along with questions about this privacy policy itself can be addressed to us via our Exercise your rights button at the bottom of this webpage or by emailing us directly at hello@gdprhq.io.

Personal data summary

 
This summary covers your personal data, the purpose of collection, the services that we use in the collection of such data, and the type of data that these systems collect.

Analytics & Performance

Google analytics

Cookies and Usage Data

Full Story

Cookies, usage data and session recordings

Microsoft Application insights

Cookies and usage data

Google tag manager

Cookies and Usage Data

Contacting the User

DRIFT Chat

Cookies and other personal information such as phone number

Phone contact

Personal information including name and phone number

email contact

Personal data including name and email address

Content that is displayed from external sources

Google Fonts

Usage and other data types as the privacy policy of the platform specifies which come within the remit of "personal data"

jQuery

Usage and other data types as the privacy policy of the platform specifies which come within the remit of "personal data"

Guideblocks

Cookies and usage data

Platforms that manage contacts and utilise message sending

DRIP

Email addresses, usage data, and cookies as in "personal data"

User database management

HubSpot

Types of personal data that the service’s own privacy policy specifies

Contact information

Owner and Data Controller

Raverus d.o.o.
Bozidara Adzije 19
10000 Zagreb, Croatia, European Union
Email: hello@gdprhq.io
Phone: +385 1 35-35-252

OUR DPO

Sanela Rasinec
Email: sanela@raverus.com
Phone: +385 1 35-35-252

Exercising your rights under the GDPR

Data subjects (you) have specific rights and entitlements concerning your personal data under the GDPR. Clicking the Exercise your rights button lower down this page will initiate the process of exercising those rights.

An Introduction

1
Data controller and owner, general information

1. An introduction

1.1.

How we handle your personal information that is collected via our website and other services is set out in this privacy policy.

1.2.

Certain terminology that relates to the policy is as follows; "website" means web pages hosted on the gdprhq.io domain and "Services" means GDPR HQ application. "Raverus" means Raverus d.o.o.

1.3.

All of our dealings with you the individual, both specifically via this website and in any other capacity come within the remit of our general privacy terms for the purpose of this policy.

About the information we collect 

2
Because it is necessary for us to collect certain information from you in the supply of our services, it is required that you have an active account with GDPR HQ. Once you have chosen to share the types of information listed below with us, we are then able to collect it and we operate our services with that information.

2.  The types of information that we collect from you

2.1. 

During your use of this website and our other communications with you, we collect information that is gained both from yourself and others.

2.2.  Do we collect sensitive information?

We are not generally involved in seeking sensitive types of information from individuals who use our website and other services. However, if such an occasion should arise, we would first ask for your specific consent in collecting any such "sensitive information". While the information that is termed as "sensitive" can cover a wide spectrum, some examples are skin colour, racial or ethnic origin, membership of political parties or movements, religious beliefs and affiliations, personality and private life, and other sensitive topics.

2.3.  Availability of contact details

Because each user has a unique secure page on our platform (website), contact details can be updated at any time to ensure we are fully up-to-date in relation to users marketing preferences. This also applies to communications from us such as publications and other information.

2.4.  Tailored content on our website

While our website doesn’t currently supply "tailored" content, registered users have the option to meet their specific requirements through tailoring the communications that they receive from us.

2.5.  Our website and the use of cookies

The website uses a small number of non-intrusive cookies.

Cookies are small text files that are placed on your computer, mobile phone or tablet by web sites that you visit. They are widely used in order to make web sites work, or work more efficiently, as well as to provide information to web site owners.

2.6.  The types of cookies that our site uses

We use cookies to (a) remember your browsing preferences when you visit the site so that we can give you a better site experience and (b) collect anonymous statistical information about the way you use the web site so that we can improve the way the site works (for example, we collect information about the number of visitors to the various parts of the site).

These cookie types are commonly used by most websites and they do not hold any of a user’s personal information.

2.7.  Controlling cookie usage

Most web browsers (including Chrome, Internet Explorer, Firefox and Safari) allow you to control your cookie settings and to delete any cookies already stored on your computer or other device.You can control the use of cookies on your device, including deleting and blocking the cookies we and other sites use, through the browser settings on your device; but please note that any changes you make may affect your ability to properly use this website.
More information is available at www.allaboutcookies.org and users can visit http://tools.google.com/dlpage/gaoptout to opt out of being tracked by Google Analytics across all of the websites they visit.

How we use information we collect

3
Here at GDPR HQ, we take the use of your personal information very seriously indeed and that is why you are always in control. From the option to deactivate your account and withdraw specific consents to having access to data rectification, we have made managing your information as easy as it can ever be. GDPR HQ also provides tools that allow users to object to, restrict, and even withdraw consents. Whether you need to contact us or have access to your data in an easy to handle portable format, we have every aspect of information access and data handling well and truly covered on the user’s behalf.

3.  How do we use your information

3.1.

We may use your information, as a data controller, for the following purposes: (a) to provide you with our website and services; (b) to comply with legal and regulatory requirements; (c) to update and enhance client records; (d) for internal analysis and research; (e) to send you publications, event information and marketing communications about our legal products and services which we think may be of interest to you; and (f) to help detect, prevent and deal with crime and unsavoury behaviour.

3.2.

Some of our marketing and development strategies also make use of information that is supplied in “aggregate” format to help ensure that there is no way that any individuals can be identified through it.

3.3.  Using your information for marketing

While we mostly market our own services and products to users via email there may also be occasions when we may use phone, postal services, or other permitted means of marketing to forward details of other services and products.

Users can communicate through our website (and other mediums) at any time to advise us that they wish to cease receiving details of events and/or the marketing materials that they have opted to receive.

Here at GDPR HQ, our business model doesn’t involve passing on information to any third parties with an interest in marketing their goods or services to you. This will never happen unless you have expressly requested that we do so.

Sharing the collected information

4
In the limited circumstances where we disclose your private personal data, we do so subject to your control, because it’s necessary to operate our services, or because the law requires it.

4.  Our concerns about ensuring the security of your data

4.1.

Our serious regard for the security of your personal data is reflected in the appropriate steps that we have taken to ensure that the highest levels of information security are maintained at all times. These include every possible measure to prevent unauthorised disclosure, accidental loss/destruction, or possible data breaches.

4.2.  Who else is entitled to access your data?

Our employees and service providers, including some who are located outside of the EU, and any persons set out in clauses 3.1.b and f may have access to your personal data.

Information may be shared with 3rd party suppliers in the interest of marketing their products and/or services to you but only if you have specifically advised us to do so as described above.

During the normal course of our business operations, GDPR HQ has no intention of selling our subscriber information onto any other third party entity or business. In the unlikely event, however that our business or any part of it should be sold at a future date, user information could constitute a part of that sale. In such a case and in the interest of continuing in the provision of the services and/or products provided, information may be transferred to the new owners of the business.

Storing and securing the collected information

5

5. Security and storage of your information

5.1.

By using the latest technology, our hosting providers in Ireland ensure that the information we collect is stored as securely as possible. Furthermore, every safeguard is implemented to protect such data and systems are in place concerning how it is collected, handled, and stored.

While we implement safeguards designed to protect your information, no security system is impenetrable and due to the inherent nature of the Internet, we cannot guarantee that data, during transmission through the Internet or while stored on our systems or otherwise in our care, is absolutely safe from intrusion by others.

5.2. How long we keep information

How long we keep information we collect about you depends on the type of information, as described in further detail below.  After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.

5.3. Account information

While an account remains in "active" mode we will continue to hold information appertaining to such an account. In the case of "inactive" accounts we will continue to retain your data for a reasonable period to facilitate reactivation of the account should you choose to initiate it.
Once a reasonable amount of time has expired, however, we may still retain some information to comply with our legal requirements, to continue with the development of our services, and to enforce our agreements. Such information, may, however, be disseminated as a measure to protect your identity and/or pertinent personal details.

5.4. Information you share on the Services

Certain content and information that you have provided may be needed to allow your team members to continue using our services. In such cases, it may remain on our system even after your account has been deleted or deactivated.

5.5. Managed accounts

If the Services are made available to you through an organization (e.g., your employer), we retain your information as long as required by the administrator of your account. 

5.6. Information concerning marketing

Here at GDPR HQ, we continue to hold information relating to your marketing preferences if you have specifically consented to such services. These are kept for a reasonable time period following the last time an interest in such services was expressed by you. This could be an action including the opening of an email related to these activities or from the time that you stopped using your account. We also continue to hold information that was gained as result of cookies and tracking technologies for a reasonable timescale following the time of its creation.

Controlling and accessing your personal data

6
Under these policies, users have access to certain options and choices in the control and access to their data. Below, we provide information on how these can be exercised along with any limitations that may affect them.

6. Available choices

6.1.

Users have a right to object to the use of their data, including where it is used for marketing. They also have an entitlement to make specific data requests. These requests include the supply of copies of data in a structured and portable electronic format, and the deletion, or restriction of data. Some of these choices can be accessed via the settings and services in the account dashboard and in the case of administered accounts, via initial contact with your account administrator. Requests that fall outside of these parameters can be dealt with via an assistance request using our contact page.

There may be certain circumstances that limit your available choices and some of these include situations where such a request may reveal information relating to another individual, matters of law, and other legal restraints that are placed upon us. Should you consider that your request is not being met in accordance with your rights under the GDPR, you can further appeal or complain to the data protection body within your own country.

6.2. Information access and updating

Certain information can be easily accessed and updated through our services and their related documentation. These may include such things as your personal profile and other content within its parameters which can easily be modified using the tools that we provide to our platform users.

6.3. Account deactivation

In the event that you decide that for one reason or another it is no longer appropriate for you to use our services, there may be the option of the user or administrator choosing to deactivate such an account. If there is no setting to do so within an account it is likely that the administrator needs to carry out such an operation and the user should contact them. If an administrator is further unable to access the facility to deactivate an account themselves it will be necessary to contact Raverus support.
*Some information that is relevant to users based on your past use of the services will remain on the system even after your account has been deactivated and details concerning that are covered below.

6.4. Deletion of your information

While there is the ability to remove certain information using our services and the documentation that appertains to them, some data has to be retained by us to comply with legal obligations and proper record keeping. Such things as content that contains your data can be searched using our keyword facility and deleted by the user along with certain information concerning your profile.

6.5. Request that we stop using your information

There may be circumstances when you request that we cease accessing storing, processing, and/or using your data in relation to appropriate rights on our part to do so. This could, for example, be a case where you have had an account created on your behalf without your permission or you simply wish to cease using our services. In such cases, you can request that we delete your account as outlined in this policy. In instances where you may have given us the use of your data in respect of a limited use, you have the option to contact us and withdraw that consent. Such actions will not, however, impact on any processing that has already been carried out using the data.
Our opt-out of utilising information for marketing purposes can also be initiated by contacting us as outlined below. Users that chose this method should be aware that there may be a further timescale involved while we comply and investigate such requests. Should there be a dispute or delay concerning our right to continue utilising your data, we agree to restrict such use until the issue is resolved or the request has been complied with. In situations where an administrator is involved, such request will be dealt with provided that they have no objections to us doing so.

6.6. Communication opt-out

Opting out of promotional communications is a simple matter of using the unsubscribe link that is included in every marketing and promotional email that we send to you. Further email preferences can be selected from within the settings menu of your user account or by contacting us. Transactional notifications will still be sent after user’s opt-out of marketing emails while some notifications can be opted from in the account settings area of your user account.

6.7. Data portability

Electronic files can be provided to fulfil a request for data that users wish to transport to other providers. This is how we enable user requests for data such as basic account information and other more detailed data pending request and our legal obligations to meet such requests.

Transferring collected data internationally

7

7. International transfers of collected data

7.1.

The information that we store on servers in Ireland is collected globally and we then transfer, process, and hold it with our third party service providers who operate the platforms that our users access. When such information is transferred in this way, we take every possible action to ensure its protection.

7.2. Transferring to international third parties

Some of our contracted third party service providers may be located in countries that fall outside of the remit of the GDPR and they may not have data protection laws on a par with those of your own country of residence.

In the instance of any privacy-related issues concerning the use of your personal data, we urge you to contact us through the facilities outlined below. If you feel that you have any unresolved privacy issues in connection with the services we provide to you please contact us or your local EU data protection authority.

Additional privacy information that is important to our users

8

8. Gaining access to and updating your personal information

8.1.

As a user afforded the protection of the GDPR, you have an entitlement to request a copy of the information that we hold concerning you (there may be in some circumstances a small fee to pay).  Should you feel that any of the information that we hold concerning you is incorrect, it can be quickly rectified once you make contact with us.

8.2. Your third-party disclosures in relation to our privacy practices

It should be born in mind that we have no control over the activities of third parties that our users choose to visit or use via links from our website.
These third-party providers are responsible for their own data privacy policies and the cover that we extend to our users does not automatically pass to other third-party sites. Users should make every effort therefore to check the reach and implications of how their data may be used by such sites.

8.3. Updates and amendments

We would draw our user’s attention to our option of updating and amending these policies from time to time as and when it is deemed necessary. Any such updates will be included in this section of our site and we advise those using our services to check here for any updates on a regular basis.

If we make a change to this policy that materially affects you – for example, we wish to use your information for a purpose not set out in this policy and for which we need your express consent – then we will seek your consent to the change and the change will only take effect once you have given us your consent.

In all other cases, the change will take effect on the date that we post it on this page. We will take your continued use of the site and our services after that date as your acceptance of the change, so if an amendment is not acceptable to you then you should stop using the web site and our services.

8.4. Our policy in relation to children

Our services are directed at adults over the age of 18 and we do not deliberately collect any data on individuals below that age. Our users can be assured that if we become aware that we do hold any data on anyone below 18 years of age we will take immediate steps to ensure that any such data is deleted. We further encourage our users to make us aware should they suspect that we have unwittingly collected any information from an individual under 18 years of age.

8.5. Contacting us concerning data privacy issues

In the instance of any privacy issues, you can contact us at hello@gdprhq.io or by clicking on the Exercise your rights button below.  Any enquiries, comments or complaints connected with our privacy policy should also be addressed to the same source.

Contact information

Owner and Data Controller

Raverus d.o.o.
Bozidara Adzije 19
10000 Zagreb, Croatia, European Union
Email: hello@gdprhq.io
Phone: +385 1 35-35-252

Our Data Protection Officer (DPO)

Sanela Rasinec
Email: sanela@raverus.com
Phone: +385 1 35-35-252

Exercising your rights

The GDPR gives individuals certain rights related to your personal information and clicking on the Exercise your rights button will start the process of exercising those rights in motion.

Privacy policy version: 2018-05-09.1
Privacy policy history: there are no previous versions of this document.