GDPR Compliance

AurumFlow is fully committed to compliance with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right to Access: Request access to your personal data we hold
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data ("right to be forgotten")
  • Right to Restriction: Request restriction of processing your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time where we rely on consent

Legal Basis for Processing

We process personal data under the following legal bases:

  • Consent: When you have given clear consent for specific purposes
  • Contract: When processing is necessary for contract performance
  • Legal Obligation: When processing is required by law
  • Legitimate Interests: For our legitimate business interests, provided your rights are not overridden

Data Processing Activities

We process personal data for the following purposes:

  • Providing and maintaining our services
  • Processing transactions and billing
  • Communicating with you about our services
  • Analyzing usage to improve our platform
  • Ensuring security and preventing fraud
  • Complying with legal obligations

Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Adequacy decisions for countries deemed to provide adequate protection
  • Privacy Shield certification (where applicable)

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required by law. Upon account deletion, we will permanently delete your data within 90 days, except where retention is required for legal compliance.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at dpo@aurumflow.com

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at privacy@aurumflow.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local supervisory authority if you believe our processing of your personal data violates GDPR.

Updates to This Policy

We may update this GDPR compliance statement from time to time. We will notify you of any material changes by email or through our platform.