GDPR Compliance | PackComply

Our Commitment to GDPR

PackComply is fully committed to compliance with the General Data Protection Regulation (GDPR) and ensuring the highest standards of data protection for our users. As the first AI-powered SaaS for packaging compliance, we understand the importance of protecting personal data while delivering exceptional service.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It strengthens and unifies data protection for individuals within the European Union (EU) and addresses the export of personal data outside the EU.

Your Rights Under GDPR

Right to be Informed

You have the right to be informed about the collection and use of your personal data. Our Privacy Policyprovides detailed information about how we process your data.

Right of Access

You have the right to request access to your personal data and obtain information about:

What personal data we hold about you
Why we are processing it
Who it might be shared with
How long we will keep it

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

Under certain circumstances, you can request that we delete your personal data. This includes when:

The data is no longer necessary for the original purpose
You withdraw consent for processing
The data has been unlawfully processed
You object to processing and there are no overriding legitimate grounds

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You can object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Rights Related to Automated Decision Making

You have rights regarding automated decision-making, including profiling. While our AI analyzes packaging compliance data, we ensure human oversight in critical decisions.

How We Protect Your Data

Technical Safeguards

Encryption: End-to-end encryption for data in transit and at rest
Access Controls: Role-based access with multi-factor authentication
Data Centers: SOC 2 Type II certified facilities with physical security
Network Security: Firewalls, intrusion detection, and monitoring

Organizational Measures

Privacy by Design: Data protection built into our systems from the ground up
Staff Training: Regular GDPR and data protection training for all employees
Data Protection Officer: Dedicated DPO overseeing compliance
Regular Audits: Internal and external security and privacy audits

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance

Processing necessary to provide our AI-powered packaging compliance services as outlined in our Terms of Service.

Legitimate Interest

Processing for our legitimate business interests, such as:

Improving our AI algorithms and services
Preventing fraud and ensuring security
Direct marketing (with opt-out options)
Analytics and service optimization

Consent

Where we rely on consent, you can withdraw it at any time through your account settings or by contacting us.

Legal Obligation

Processing required to comply with legal obligations, such as tax reporting or regulatory compliance.

Data Transfers

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards:

Adequacy Decisions: Transfers to countries with adequate protection
Standard Contractual Clauses: EU-approved contract terms
Binding Corporate Rules: Internal data protection policies
Additional Safeguards: Technical and organizational measures

Data Retention

We retain personal data only as long as necessary:

Account Data: While your account is active plus 7 years for legal compliance
Packaging Data: As specified in your service agreement
Marketing Data: Until you unsubscribe or object
Analytics Data: Aggregated and anonymized after 26 months

Exercising Your Rights

To exercise any of your GDPR rights, you can:

Online: Use your account settings to manage preferences
Email: Contact our DPO at dpo@packcomply.com
Support: Contact our support team who can assist with requests

Response Time

We will respond to your requests within one month. For complex requests, we may extend this by up to two additional months with explanation.

Verification

To protect your privacy, we may need to verify your identity before responding to certain requests.

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

Notify the relevant supervisory authority within 72 hours
Inform affected individuals without undue delay
Provide clear information about the breach and our response
Offer guidance on protective measures you can take

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For EU residents, you can find your authorityhere.

Updates to Our GDPR Practices

We regularly review and update our data protection practices to ensure continued GDPR compliance. Significant changes will be communicated through our Privacy Policy.

Contact Our Data Protection Officer

For GDPR-related questions or to exercise your rights:

Email: dpo@packcomply.com
Subject: GDPR Request - [Type of Request]
Address: PackComply Data Protection Officer, [Address]

AI and Automated Processing

As an AI-powered platform, we want to be transparent about our automated processing:

Our AI analyzes packaging data to assess compliance automatically
Human oversight ensures quality and accuracy of compliance reports
You can request human review of any automated compliance assessment
No significant decisions about individuals are made solely by automated means