Data Protection

GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Introduction

The General Data Protection Regulation (GDPR) is a European Union regulation that governs data protection and privacy. Uvance is committed to complying with GDPR and protecting the personal data of our users, including those located in the European Economic Area (EEA). This page outlines your rights under GDPR and how we handle your personal data.

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to obtain confirmation as to whether or not we process your personal data and, if so, to access that data and receive information about how it is being processed.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update your information through your account settings or by contacting us.

Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller, where technically feasible.

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the information provided in the "Contact Information" section below. We will:

  • Respond to your request within one month (may be extended by two months for complex requests)
  • Verify your identity before processing your request
  • Provide information free of charge, unless requests are manifestly unfounded or excessive
  • Inform you if we cannot comply with your request and explain why

Lawful Basis for Processing

Under GDPR, we process your personal data based on the following lawful bases:

  • Contract Performance: Processing necessary to perform our contract with you (providing our services)
  • Legitimate Interests: Processing necessary for our legitimate business interests (platform security, fraud prevention, service improvement)
  • Consent: Processing based on your explicit consent (marketing communications, optional features)
  • Legal Obligations: Processing necessary to comply with legal obligations (tax, accounting, regulatory requirements)

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. When determining retention periods, we consider:

  • The nature and sensitivity of the data
  • The purposes for which we process the data
  • Legal and regulatory requirements
  • The potential risk of harm from unauthorized use or disclosure

International Data Transfers

Your personal data may be transferred to and processed in countries outside the EEA. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

Right to Lodge a Complaint

If you believe that we have not adequately addressed your concerns or that we have violated your data protection rights, you have the right to lodge a complaint with your local data protection authority (supervisory authority). You can find your local authority at the European Data Protection Board website.

Contact Information

For questions about GDPR compliance or to exercise your data protection rights, please contact us:

Data Protection Officer:
Email: dpo@uvance.io
Address: 123 Market Street, Suite 400, San Francisco, CA 94105, United States

General Privacy Inquiries:
Email: privacy@uvance.io
Address: 123 Market Street, Suite 400, San Francisco, CA 94105, United States

Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We encourage you to review this page periodically to stay informed about your data protection rights.