GDPR Compliance
Learn how GTA AI complies with the General Data Protection Regulation (GDPR) and protects your personal data.
2025/01/15
GDPR Compliance
Last updated: January 15, 2025
GTA AI is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.
What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all companies that process personal data of individuals in the European Union (EU), regardless of where the company is located.
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights:
1. Right to Information
You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy.
2. Right of Access
You have the right to request access to your personal data and receive information about how we process it.
3. Right to Rectification
You have the right to have inaccurate personal data corrected or completed if it's incomplete.
4. Right to Erasure (Right to be Forgotten)
You have the right to request deletion of your personal data in certain circumstances, such as:
- The data is no longer necessary for the original purpose
- You withdraw consent and there's no other legal basis for processing
- The data has been unlawfully processed
5. Right to Restrict Processing
You have the right to request restriction of processing your personal data in certain situations.
6. Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.
7. Right to Object
You have the right to object to processing of your personal data for direct marketing purposes or based on legitimate interests.
8. Rights Related to Automated Decision Making
You have the right not to be subject to automated decision-making, including profiling, that produces legal effects or significantly affects you.
How We Protect Your Data
Data Security Measures
- Encryption: All data is encrypted in transit and at rest using industry-standard encryption protocols
- Access Controls: Strict access controls ensure only authorized personnel can access personal data
- Regular Audits: We conduct regular security audits and assessments
- Staff Training: Our team receives regular training on data protection and privacy
Data Processing Principles
We process personal data in accordance with GDPR principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality
- Accountability
Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent
When you provide explicit consent for specific processing activities, such as:
- Marketing communications
- Optional features that require additional data processing
Contract Performance
When processing is necessary for:
- Providing GTA AI services
- Account management
- Payment processing
Legitimate Interests
When we have legitimate interests that don't override your rights, such as:
- Improving our services
- Security and fraud prevention
- Analytics for service optimization
Legal Obligations
When we must process data to comply with legal requirements.
Data Transfers
International Transfers
If we transfer your personal data outside the EU/EEA, we ensure adequate protection through:
- Adequacy decisions by the European Commission
- Standard Contractual Clauses (SCCs)
- Binding Corporate Rules where applicable
Third-Party Services
We work with trusted third-party service providers who are GDPR compliant and have appropriate data protection measures in place.
Data Retention
We retain personal data only for as long as necessary to:
- Fulfill the purposes for which it was collected
- Comply with legal obligations
- Resolve disputes
- Enforce our agreements
Specific retention periods are outlined in our Privacy Policy.
Exercising Your Rights
To exercise any of your GDPR rights, please contact us:
Contact Information
- Email: privacy@gtaai.com
- Subject Line: "GDPR Request - [Type of Request]"
- Response Time: We will respond within 30 days (may be extended by 60 days for complex requests)
Required Information
When making a request, please provide:
- Your full name
- Email address associated with your account
- Specific details about your request
- Proof of identity (if required)
Verification Process
To protect your privacy, we may need to verify your identity before processing certain requests.
Data Protection Officer
Our Data Protection Officer (DPO) oversees GDPR compliance and can be contacted at:
- Email: dpo@gtaai.com
Complaints
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with:
Supervisory Authority
You can contact your local data protection authority or the lead supervisory authority in Ireland:
- Data Protection Commission (Ireland)
- Website: https://www.dataprotection.ie
- Email: info@dataprotection.ie
Updates to This Policy
We may update this GDPR compliance page from time to time. We will notify you of any material changes by:
- Posting the updated policy on our website
- Sending email notifications for significant changes
- Updating the "Last updated" date at the top of this page
Contact Us
If you have any questions about our GDPR compliance or data protection practices, please contact us:
- Email: privacy@gtaai.com
- Support: Contact Support
- Address: [Your Company Address]
We are committed to protecting your privacy and ensuring full compliance with GDPR requirements.