GDPR Compliance
Your data protection rights under the General Data Protection Regulation
Last Updated: March 16, 2026
GDPR Compliant
Fully aligned with EU data protection requirements
Data Protection
Appropriate security measures for your data
Your Rights
Full control over your personal information
Our Commitment to GDPR
We are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). As a data controller, we ensure that all personal data processing activities comply with GDPR principles and requirements.
This page provides specific information about your GDPR rights and how we comply with the regulation. For comprehensive information about our data practices, please also review our Privacy Policy.
GDPR Principles We Follow
Lawfulness, Fairness, and Transparency
We process data lawfully, fairly, and in a transparent manner
Purpose Limitation
Data collected for specified, explicit, and legitimate purposes
Data Minimization
We collect only data adequate and relevant for our purposes
Accuracy
Personal data is kept accurate and up to date
Storage Limitation
Data retained only as long as necessary
Integrity and Confidentiality
Appropriate security measures protect your data
Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request copies of your personal data and information about how we process it
What this means:
- Obtain confirmation of data processing
- Access your personal data
- Receive information about processing purposes
- Know the retention period
- Learn about data recipients
Right to Rectification
Request correction of inaccurate or incomplete personal information
What this means:
- Correct inaccurate data
- Complete incomplete data
- Update outdated information
- Amend misleading data
Right to Erasure
Request deletion of your personal data under certain conditions
What this means:
- Data no longer necessary for original purpose
- Withdraw consent
- Object to processing
- Data unlawfully processed
- Legal obligation to delete
Right to Restriction
Request limitation of processing your personal data
What this means:
- Contest accuracy of data
- Processing is unlawful
- Data no longer needed but required for legal claims
- Objection to processing pending verification
Right to Portability
Receive your data in a structured, machine-readable format
What this means:
- Receive data in portable format (JSON, CSV)
- Transfer data to another controller
- Request direct transfer when technically feasible
Right to Object
Object to processing of your personal data in certain circumstances
What this means:
- Object to processing for legitimate interests
- Object to direct marketing
- Object to profiling
- Object to automated decision-making
How to Exercise Your Rights
You can exercise your GDPR rights through multiple channels:
Self-Service Tools
Access automated tools in your account settings:
- Export your data (JSON/CSV format)
- Update your personal information
- Delete your account and data
Contact Us Directly
For requests requiring manual processing:
Response Time: We will respond to your request within 30 days. For complex requests, we may extend this by an additional 60 days and will inform you of the extension within the first 30 days.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
| Processing Activity | Legal Basis |
|---|---|
| Account management and service delivery | Contract performance |
| Payment processing | Contract performance |
| Marketing communications | Consent |
| Service improvement and analytics | Legitimate interests |
| Fraud prevention and security | Legitimate interests |
| Tax and accounting records | Legal obligation |
Data Retention Periods
We retain personal data only for as long as necessary:
- Active accounts:Duration of service use plus 90 days
- Closed accounts:90 days after closure
- Financial records:7 years (legal requirement)
- Marketing data:Until consent withdrawn
- Analytics data:Anonymized and retained indefinitely
International Data Transfers
Your data may be transferred outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): EU Commission-approved clauses with all data processors
- Adequacy Decisions: Transfers to countries deemed adequate by the EU Commission
- Binding Corporate Rules: For transfers within corporate groups
- Data Processing Agreements: Comprehensive DPAs with all third-party processors
You can request a copy of the safeguards in place by contacting us at info@webese.ai.
Automated Decision Making and Profiling
We use automated processing in the following ways:
- Fraud Detection:
Automated systems analyze transactions to detect fraudulent activity. You have the right to request human review of automated decisions.
- AI Content Generation:
Our AI analyzes your inputs to generate website content. This does not involve profiling or decisions with legal effects.
- Service Personalization:
We may use your usage patterns to personalize feature recommendations. You can opt out through your settings.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:
Data Protection Officer
Webese, Inc.
Email: info@webese.ai
Address: 123 Tech Avenue, Suite 400, San Francisco, CA 94105, USA
Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where the alleged infringement occurred.
EU Supervisory Authorities:
Find your local supervisory authority: European Data Protection Board →
Contact Us
For questions about GDPR compliance or to exercise your rights:
Privacy Team: info@webese.ai
Data Protection Officer: info@webese.ai
EU Representative:
Webese EU Ltd.
Dublin Digital Hub
Dublin 8, Ireland
Email: info@webese.ai