GDPR Compliance

1. GDPR Compliance Statement

ZenVerifier is fully compliant with the General Data Protection Regulation (GDPR) (EU) 2016/679. We are committed to protecting the privacy and security of your personal data in accordance with GDPR requirements.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for specific purposes
• Contract: Processing is necessary for the performance of our services
• Legal Obligation: Processing is necessary to comply with legal requirements
• Legitimate Interests: Processing is necessary for our legitimate business interests

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

4. Data Protection Measures

We implement the following security measures:

• End-to-end encryption for data in transit
• Encryption at rest for stored data
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Data anonymization where possible
• Regular staff training on data protection
• Incident response and breach notification procedures

5. Data Processing Agreement

If you use ZenVerifier to process personal data of EU residents, we act as a data processor. We have Data Processing Agreements (DPA) available that outline our responsibilities and your rights as the data controller.

6. International Data Transfers

When transferring data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the EU Commission
• Adequacy decisions for certain countries
• Binding Corporate Rules where applicable

7. Data Retention

We retain personal data only for as long as necessary:

• Account data: Duration of account plus 30 days
• Verification history: According to subscription plan
• Billing information: 7 years for tax purposes
• Logs and analytics: 90 days maximum

8. Data Breach Notification

In the event of a data breach, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals without undue delay
• Provide information about the nature and consequences of the breach
• Describe measures taken to address the breach

9. Privacy by Design

We implement privacy by design principles:

• Data minimization - collecting only necessary data
• Purpose limitation - using data only for stated purposes
• Storage limitation - keeping data only as long as needed
• Accuracy - ensuring data is accurate and up-to-date
• Integrity and confidentiality - protecting data security

10. Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it.

11. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You can contact your local data protection authority in the EU.

12. Updates to This Policy

We may update this GDPR compliance statement as regulations evolve or our practices change. We will notify you of significant changes via email.

13. Data Protection Officer

For questions about GDPR compliance or to exercise your rights, contact our Data Protection Officer: