GDPR Compliance Statement

A. What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

Key GDPR Principles:

• Lawfulness, fairness and transparency: Processing must be lawful, fair and transparent to the data subject.
• Purpose limitation: Data must be collected for specified, explicit and legitimate purposes.
• Data minimization: Data must be adequate, relevant and limited to what is necessary.
• Accuracy: Data must be accurate and, where necessary, kept up to date.
• Storage limitation: Data must be kept in a form which permits identification for no longer than necessary.
• Integrity and confidentiality: Data must be processed in a manner that ensures appropriate security.
• Accountability: The controller shall be responsible for, and be able to demonstrate compliance.

B. How Wrypa Complies with GDPR

Data Protection by Design and Default

We implement appropriate technical and organizational measures to ensure that, by default, only personal data which are necessary for each specific purpose of the processing are processed.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you give us clear consent to process your personal data for specific purposes.
• Contract: When processing is necessary for the performance of a contract with you.
• Legitimate interests: When we have a legitimate interest in processing your data that doesn't override your rights.
• Legal obligation: When we need to process data to comply with legal requirements.

Data Security Measures

• End-to-end encryption for data transmission
• Strong access controls and authentication
• Regular security audits and assessments
• Employee training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, we securely delete or anonymize it.

C. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to your personal data.

Right to Rectification

You have the right to have inaccurate personal data rectified and incomplete personal data completed.

Right to Erasure (Right to be Forgotten)

You have the right to obtain the erasure of personal data concerning you under certain circumstances, such as when the data is no longer necessary for the original purpose.

Right to Restrict Processing

You have the right to restrict the processing of your personal data under certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used and machine-readable format and to transmit it to another controller.

Right to Object

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects you.

D. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

• Use the privacy controls in your Wrypa account settings
• Contact us directly using the contact information below
• Submit a formal request through our privacy request form

We will respond to your request within one month of receipt. In some cases, we may extend this period by two additional months where necessary, taking into account the complexity and number of requests.

Identity Verification

To protect your privacy and security, we may need to verify your identity before processing your request. We will only use the information you provide for verification purposes.

E. Data Transfers

When we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place to protect your data. These safeguards include:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules
• Certification schemes and codes of conduct

F. Data Breach Notification

In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

What We'll Tell You

• The nature of the data breach
• The categories and approximate number of data subjects concerned
• The likely consequences of the breach
• The measures taken or proposed to address the breach
• Contact information for further inquiries

G. Third-Party Services

We work with third-party service providers who may process your personal data on our behalf. We ensure that all such providers:

• Provide sufficient guarantees regarding data protection
• Implement appropriate technical and organizational measures
• Process data only on our documented instructions
• Maintain confidentiality of personal data
• Assist us in responding to data subject requests

We maintain Data Processing Agreements (DPAs) with all third-party processors to ensure GDPR compliance.

H. Children's Privacy

Wrypa is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

I. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR. You can contact the supervisory authority in:

• The EU Member State where you live
• The EU Member State where you work
• The EU Member State where the alleged infringement occurred

However, we encourage you to contact us first so we can try to resolve any concerns directly.

J. Updates to This Statement

We may update this GDPR compliance statement from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

• Posting the updated statement on our website
• Sending you an email notification
• Providing notice through our platform

We encourage you to review this statement periodically to stay informed about how we protect your data.

Contact Us

If you have any questions, concerns, or requests regarding this GDPR compliance statement or our data practices, please contact us: