GDPR Compliance

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

GDPR aims to give individuals control over their personal data and to unify data protection regulations across Europe. It applies to any organization that processes personal data of individuals in the EU/EEA, regardless of where the organization is located.

2. Our Commitment to GDPR

EfficientPIM is committed to protecting your personal data and complying with GDPR requirements. We have implemented appropriate technical and organizational measures to ensure GDPR compliance.

Our GDPR compliance program includes:

• Regular privacy impact assessments
• Data protection by design and by default
• Comprehensive staff training on data protection
• Regular audits of our data processing activities
• Clear procedures for handling data subject requests
• Robust security measures to protect personal data

3. Data We Process

In the context of our email scraping service, we may process the following types of personal data:

• Contact Information: Email addresses, names, company information
• Account Information: Registration details, login credentials (encrypted)
• Usage Data: IP addresses, browser information, search queries
• Payment Information: Payment method details (processed securely by third parties)

4. Legal Basis for Processing

We only process personal data when we have a valid legal basis under GDPR. Our legal bases include:

• Contractual Necessity: Processing is necessary to provide our service to you
• Legitimate Interest: Processing is necessary for our legitimate business interests, such as improving our service and preventing fraud
• Legal Obligation: Processing is necessary to comply with legal requirements
• Consent: You have given clear consent for specific processing activities

We will always identify the specific legal basis for each type of data processing activity.

5. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

6. Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

• SSL/TLS encryption for data in transit
• Encryption for data at rest
• Access controls and authentication systems
• Regular security assessments and penetration testing
• Secure data centers with restricted access
• Incident response procedures
• Employee confidentiality agreements

We regularly review and update our security measures to ensure they remain effective against evolving threats.

7. International Data Transfers

As a global service, we may transfer personal data outside the EU/EEA. We ensure such transfers are protected by:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses (SCCs)
• Binding Corporate Rules (BCRs)
• Specific derogations under GDPR

We have implemented appropriate safeguards to ensure your personal data remains protected during international transfers.

8. Data Breach Notification

We have established procedures to detect, investigate, and report data breaches. In the event of a personal data breach, we will:

• Assess the risk to individuals' rights and freedoms
• Notify the relevant supervisory authority within 72 hours (where required)
• Inform affected individuals without undue delay (if the breach poses a high risk)
• Implement measures to prevent future breaches

10. Contact Information