Legal

GDPR Compliance

Last Updated: August 1, 2023

GDPR Compliance Statement

At Essential Apps, LLC ("we", "us", "our"), we are committed to protecting the privacy and security of your personal data. This GDPR Compliance Statement explains how we comply with the European Union's General Data Protection Regulation (GDPR) and outlines your rights under this regulation.

1. DATA CONTROLLER

Essential Apps, LLC, based in the United States, acts as the data controller for personal data collected through our mobile applications and websites. As data controller, we determine the purposes and means of processing your personal data.

For matters relating to data protection, you can contact us at:
[email protected]

2. LAWFUL BASIS FOR PROCESSING

Under the GDPR, we process your personal data based on one or more of the following lawful bases:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legitimate Interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.
  • Legal Obligation: The processing is necessary for us to comply with the law.

We will always be transparent about which lawful basis we rely on for each processing activity.

3. YOUR RIGHTS UNDER GDPR

The GDPR provides you with the following rights regarding your personal data:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data.
  • Right of access: You have the right to request a copy of the personal data we hold about you.
  • Right to rectification: You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
  • Right to erasure: You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data.
  • Right to data portability: You have the right to obtain and reuse your personal data for your own purposes across different services.
  • Right to object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights related to automated decision making and profiling: You have rights related to automated decision making and profiling.

To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month.

4. DATA PROTECTION MEASURES

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data where appropriate
  • Regular testing, assessing, and evaluating the effectiveness of our security measures
  • Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident

5. DATA BREACH NOTIFICATION

In the case of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of the breach.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

6. INTERNATIONAL DATA TRANSFERS

As a company based in the United States, we may transfer personal data from the European Economic Area (EEA) to locations outside the EEA. When we do so, we ensure that appropriate safeguards are in place to protect your data, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Ensuring the recipient country has been deemed by the European Commission to provide adequate protection

7. DATA PROTECTION IMPACT ASSESSMENTS

Where processing operations are likely to result in a high risk to your rights and freedoms, we will carry out Data Protection Impact Assessments (DPIAs) to assess and mitigate the risks.

8. RECORD KEEPING

We maintain records of our processing activities, including:

  • The name and contact details of our organization
  • The purposes of processing
  • A description of the categories of individuals and personal data
  • The categories of recipients of personal data
  • Details of transfers to third countries including documentation of the transfer mechanism safeguards in place
  • Retention schedules
  • A description of technical and organizational security measures

9. CHANGES TO THIS STATEMENT

We may update this GDPR Compliance Statement from time to time in response to changing legal, technical, or business developments. When we update our statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make.

10. CONTACT US

If you have any questions about this GDPR Compliance Statement or our data protection practices, please contact us at:

Essential Apps, LLC
8 THE GREEN STED
DOVER DE 19901
UNITED STATES
[email protected]

You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes the GDPR.