GDPR Compliance

Introduction

We are committed to protecting personal data in accordance with the General Data Protection Regulation (GDPR). This page explains our compliance practices and your rights under the regulation.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

1. Right to Access (Article 15)

• What: Access your personal data we hold
• How: Email privacy@namoslabs.com with your request
• Response Time: Within 30 days

2. Right to Rectification (Article 16)

• What: Correct inaccurate data
• How: Email privacy@namoslabs.com with corrections
• Response Time: Within 48 hours

3. Right to Erasure (Article 17)

• What: Request deletion of your data
• How: Email privacy@namoslabs.com
• Response Time: Within 30 days

4. Right to Restrict Processing (Article 18)

• What: Limit how we use your data
• How: Email your request

5. Right to Data Portability (Article 20)

• What: Receive your data in machine-readable format
• Format: JSON or CSV
• Response Time: Within 30 days

6. Right to Object (Article 21)

• What: Object to processing based on legitimate interests
• Applies To: Marketing, analytics, profiling
• How: Email your objection

7. Right to Withdraw Consent (Article 7)

• What: Withdraw consent to optional processing
• How: Email or update preferences

8. Right to Lodge a Complaint

• What: File complaint with data protection authority
• Who: Your country's Data Protection Authority

Legal Basis for Processing

We process personal data based on these legal bases under GDPR Article 6:

Contract Performance

• Account creation and management
• Providing website services
• Processing contact form submissions
• Customer support

Legal Obligation

• Tax and financial records (7 years)
• Law enforcement requests
• Fraud prevention

Legitimate Interests

• Security and abuse prevention
• Service improvement
• Direct communication about service

Consent

• Marketing communications (explicit opt-in)
• Optional analytics
• Non-essential cookies

Data Protection Officer

Data Transfers

International Transfers

• Servers located in secure data centers
• Third-party services are GDPR-compliant
• Standard contractual clauses protect transfers

Third-Party Processors

• Database Hosting: Enterprise-grade secure servers
• Email Service: Resend (GDPR-compliant)
• Web Hosting: Netlify (GDPR-compliant)

Data Processing Agreements

All processors have Data Processing Agreements (DPAs) complying with GDPR Article 28. Contact us for copies.

Data Retention

Retention Periods

• Account Data: Until account deletion
• Contact Form Data: Until account deletion
• Email Preferences: Until withdrawal
• IP Addresses: Not permanently stored
• Audit Logs: Minimum 90 days
• Financial Records: 7 years (tax compliance)

Right to Be Forgotten

Upon account deletion, we remove all personal data within 30 days, except:

• Legally required records (7-year tax retention)
• Anonymized analytics data
• Data for ongoing legal claims

Data Breach Notification

Our Commitment

• Notify affected users within 72 hours
• Notify Data Protection Authority as required
• Provide full transparency about scope
• Share remediation plan immediately

Privacy by Design

Our Approach

• Data Minimization: Collect only what is necessary
• Encryption: All data encrypted in transit and at rest
• Access Control: Role-based security
• Anonymization: Data anonymized where possible
• Audits: Annual compliance audits

Questions or Complaints

Contact Us

Data Protection Authorities

If unsatisfied with our response, you can lodge a complaint with your local Data Protection Authority (DPA).