1) Scope
This Policy explains how we collect, use, disclose, and protect personal data when you:
– visit eurocomply.net and related subdomains;
– use our products, services, or apps; and
– interact with us (e.g., support, sales, marketing).
This Policy applies where we act as a controller. Where we act as a processor on behalf of a customer, we process personal data pursuant to that customer instructions and relevant data processing agreement.
2) What personal data we collect
Data you provide:
- Account & profile (name, email, password, role, company, preferences)
- Communications (support tickets, emails, chat, survey responses)
- Billing & transactions (billing address, VAT/Tax ID, payment method tokens we do not store full card numbers)
- Data we obtain automatically:
Device & log data (IP address, browser/OS, timestamps, pages viewed, referrer/UTM, crash logs)
Approximate location (derived from IP)
Cookies/SDKs and similar technologies (see Section 10, Cookies & Tracking)
Data from third parties:
Identity/verification providers; analytics or marketing partners; publicly available sources; resellers or integration partners.
We do not intentionally collect special category/sensitive data. Please do not provide such data through our services.
3) Purposes and legal bases (EU/UK)
We process personal data for the purposes listed below and rely on the following legal bases under the EU GDPR and UK GDPR:
– Provide and secure the service: account creation, authentication, service delivery, troubleshooting, security monitoring
– Contract performance; legitimate interests (operate, secure services)
– Billing and account management, subscriptions, invoicing, fraud prevention
– Contract performance; legal obligation; legitimate interests
– Communications, service messages, product updates, support
– Contract performance; legitimate interests
– Analytics and product improvement, usage metrics, feature performance
– Consent for non-essential cookies/SDKs; legitimate interests for aggregated non-cookie analytics where permitted
– Marketing, newsletters, campaigns, events
– Consent (where required, incl. PECR/opt-in e-mail where applicable); legitimate interests for B2B where permitted
– Compliance, tax, accounting, responding to lawful requests
– Legal obligation; legitimate interests
– Legitimate interests assessments are available on request.
4) Swiss law (nFADP) bases
Under Swiss nFADP we process personal data where necessary for the purpose indicated, based on consent, contract, legal obligations, or overriding private/public interests, and in line with principles of good faith, proportionality, and transparency. Where we rely on consent, you may withdraw it at any time (see Section 11).
5) How we share personal data
We share personal data with:
- Service providers/processors (hosting, support, analytics, email delivery, payment processing, customer success, security);
- Business partners (with your consent or as necessary to provide integrations you enable);
- Corporate transactions (merger, acquisition, financing, or sale of assets with appropriate safeguards);
- Legal and compliance (to comply with laws, enforce terms, protect rights, safety, and security).
- We require recipients to protect personal data in accordance with applicable law and this Policy.
6) International transfers
We may transfer personal data to countries outside the EEA, the UK, and Switzerland. Where we do so, we implement appropriate safeguards, such as:
– EU Standard Contractual Clauses (SCCs);
– UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs; and
– Swiss addendum / guidance alignment for data transfers from Switzerland.
We also assess local laws and implement supplementary measures when necessary. Copies of relevant safeguards can be requested (subject to redactions).
7) Data retention
We retain personal data only for as long as necessary to fulfill the purposes described above, to comply with legal, accounting, or reporting requirements, and to resolve disputes. Retention periods vary by data category and context. When no longer needed, data is securely deleted or anonymized.
8) Security
We implement appropriate technical and organizational measures to protect personal data, including encryption in transit, access controls and authentication, least‑privilege principles, logging and monitoring, secure development practices, employee training, and vendor due diligence. While no system is 100% secure, we continually improve our security program.
9) Cookies & tracking technologies
We use cookies, SDKs, and similar technologies (e.g., pixels, local storage) to:
- enable core site functionality (authentication, security, load balancing);
- remember preferences; and
- measure usage and improve our services; and
- (where consented) personalize content/ads and measure performance.
Consent: We obtain consent for non‑essential cookies in the EEA, UK, and Switzerland before setting them. You can withdraw consent at any time via our Cookie Preferences (see below). Essential cookies do not require consent but are disclosed.
Your choices:
- Manage preferences via [link/button to Cookie Preferences Center];
- Use browser settings to block/clear cookies; and
- Opt‑out of certain third‑party analytics/ads per provider instructions. Service functionality may be limited if non‑essential cookies are refused.
- Do Not Track: Our services currently do not respond to browser Do Not Track signals. You may use the controls above to manage tracking.
10) Your rights
EU/UK residents
Subject to conditions and exemptions, you have the right to request access, rectification, erasure, restriction, objection (including to direct marketing), and data portability; and to withdraw consent at any time. You also have the right to lodge a complaint with a supervisory authority (see Section 15).
Switzerland
Under the nFADP you may request access, correction, deletion, and data portability (where processing is automated and data is provided by you), and object to processing on grounds relating to your situation where overriding interests do not prevail. You may withdraw consent at any time.
To exercise rights, contact us at [privacy@company.com]. We will verify your identity and respond within statutory timeframes. If we process data as a processor for a customer, we will forward your request to that customer where appropriate.
11) Children privacy
Our services are not directed to children under [age] (e.g., 13 or 16 depending on jurisdiction). We do not knowingly collect personal data from children. If you believe a child provided personal data, contact us to delete it.
12) Automated decisions & profiling
We do not make decisions based solely on automated processing that produce legal or similarly significant effects without human involvement. Where we use profiling for analytics or marketing, it is subject to consent (where required) and you can object or withdraw consent at any time.
13) Third‑party links and services
Our site may include links to third‑party websites, plug‑ins, or integrations. Those services are governed by their own privacy terms. We are not responsible for their practices.
14) Supervisory authorities & contacts
EU: You may lodge a complaint with your local supervisory authority.
UK (ICO): Information Commissioner Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, ico.org.uk.
Switzerland (FDPIC): Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, edoeb.admin.ch.
15) International users
Depending on your location, additional local rights may apply. Where EU/UK/Swiss law conflicts with other local laws, we apply the stricter standard where we are required to do so.
16) Changes to this Policy
We may update this Policy from time to time. We will post the updated version with a new Last updated date and take additional steps where required by law (e.g., obtaining renewed consent or providing prominent notice).
Last updated: July 31, 2025.
