GDPR Compliance
Our commitment to protecting your data rights under the General Data Protection Regulation.
Last updated: January 1, 2024
Our GDPR Commitment
Hair Counting Solutions is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we ensure compliance and protect your rights.
GDPR Compliance Summary
- • We only process data when we have a legal basis
- • You have full control over your personal data
- • We implement privacy by design principles
- • Data protection is built into our systems
Your Rights Under GDPR
Under GDPR, you have comprehensive rights regarding your personal data:
Right to Information
Transparency in data processing
- • Clear information about data use
- • Details about processing purposes
- • Information about data recipients
- • Retention period details
Right of Access
Access to your personal data
- • View all data we hold about you
- • Understand how it's processed
- • Receive a copy of your data
- • Request processing details
Right to Rectification
Correct inaccurate data
- • Update incorrect information
- • Complete incomplete data
- • Notify third parties of changes
- • Immediate correction processing
Right to Erasure
"Right to be forgotten"
- • Delete personal data
- • Withdraw consent
- • Stop processing
- • Notify data recipients
Right to Restriction
Limit data processing
- • Suspend processing
- • Object to processing
- • Pending legal claims
- • Verification processes
Right to Portability
Move your data
- • Receive data in structured format
- • Transfer to another service
- • Machine-readable format
- • Direct transfer when possible
Legal Bases for Processing
We only process your personal data when we have a valid legal basis:
Consent
When you have given clear consent for specific processing activities
- • Marketing communications
- • Optional analytics
- • Research participation
Contract
When processing is necessary for contract performance
- • Account management
- • Service delivery
- • Payment processing
Legitimate Interest
When we have a legitimate business interest that doesn't override your rights
- • Fraud prevention
- • System security
- • Service improvement
Legal Obligation
When we're required by law to process your data
- • Tax compliance
- • Regulatory requirements
- • Legal proceedings
Data Protection Measures
We implement comprehensive technical and organizational measures:
Encryption
End-to-end encryption for all data transmission and storage
Access Controls
Role-based access controls and multi-factor authentication
Audit Trails
Comprehensive logging and monitoring of all data access
Data Transfers
When we transfer data outside the EU, we ensure adequate protection:
Transfer Safeguards
- • Standard Contractual Clauses (SCCs)
- • Adequacy decisions by EU Commission
- • Binding Corporate Rules (BCRs)
- • Certification schemes
Exercising Your Rights
You can exercise your GDPR rights at any time:
How to Submit Requests
Online Portal
Use our secure data rights portal
Response Times
We commit to responding to your requests within GDPR timelines:
Standard Requests
- • Access requests: Within 30 days
- • Rectification: Within 30 days
- • Erasure: Within 30 days
- • Portability: Within 30 days
Urgent Requests
- • Data breach notifications: Within 72 hours
- • Security concerns: Within 24 hours
- • Consent withdrawals: Immediate
- • Objections: Within 5 days
Data Protection Officer
Our Data Protection Officer (DPO) is available to assist you:
GDPR Support
Questions about GDPR compliance or data protection? Contact our Data Protection Officer.
Contact DPOSupervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data appropriately. For EU residents, you can contact your local data protection authority.
Filing a Complaint
If you're not satisfied with our response to your privacy concerns, you can file a complaint with:
- • Your local data protection authority
- • The Irish Data Protection Commission (our lead authority)
- • Any EU supervisory authority