GDPR Compliance
Last updated: January 1, 2025
What Is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union that governs how organisations collect, process, store, and transfer personal data of EU residents. It applies to any organisation that processes EU personal data, regardless of where that organisation is based.
Our Role Under GDPR
Depending on the nature of the engagement, Breeze.io may act as: • Data Controller, when we determine the purposes and means of processing personal data • Data Processor, when we process personal data on behalf of a client according to their instructions Where Breeze acts as a Data Processor, we are prepared to execute a Data Processing Agreement (DPA) that complies with Article 28 of the GDPR.
Legal Bases for Processing
We process personal data only where we have a lawful basis: • Contract: processing necessary to fulfil our engagement agreement with you • Legitimate interests: improving our platform, fraud prevention, and business communications • Consent: where we ask for and receive your explicit consent • Legal obligation: where processing is required to comply with applicable law
Your Rights Under GDPR
If you are an EU resident, you have the following rights: • Right of access, request a copy of the personal data we hold about you • Right to rectification, request correction of inaccurate data • Right to erasure, request deletion where there is no lawful basis for continued processing • Right to restriction, request that we limit how we use your data • Right to data portability, receive your data in a structured, machine-readable format • Right to object, object to processing based on legitimate interests Contact us at privacy@breeze.io. We will respond within 30 days.
International Data Transfers
When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place: • Standard Contractual Clauses (SCCs) approved by the European Commission • Data Processing Agreements with all sub-processors that handle EU data • Transfer impact assessments where required
Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. You may request early deletion of your data at any time by contacting privacy@breeze.io.
Sub-Processors
We use a limited number of trusted third-party service providers who may process personal data on our behalf. All sub-processors are bound by data processing agreements requiring GDPR-standard data protection. A list of our current sub-processors is available on request.
Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the breach poses a high risk, we will also notify affected individuals without undue delay.
Requesting a DPA
If you process EU personal data and require a Data Processing Agreement with Breeze.io, please contact us at legal@breeze.io. We will provide and execute a DPA prior to any engagement involving EU data processing.
Contact & Complaints
For GDPR-related inquiries or to exercise your rights, contact us at privacy@breeze.io. If you are unsatisfied with our response, you have the right to lodge a complaint with your local EU data protection supervisory authority.