GDPR Compliance

Our commitment to protecting your data rights under the General Data Protection Regulation.

Last updated: January 1, 2024

Our GDPR Commitment

Hair Counting Solutions is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we ensure compliance and protect your rights.

GDPR Compliance Summary

  • • We only process data when we have a legal basis
  • • You have full control over your personal data
  • • We implement privacy by design principles
  • • Data protection is built into our systems

Your Rights Under GDPR

Under GDPR, you have comprehensive rights regarding your personal data:

Right to Information

Transparency in data processing

  • • Clear information about data use
  • • Details about processing purposes
  • • Information about data recipients
  • • Retention period details

Right of Access

Access to your personal data

  • • View all data we hold about you
  • • Understand how it's processed
  • • Receive a copy of your data
  • • Request processing details

Right to Rectification

Correct inaccurate data

  • • Update incorrect information
  • • Complete incomplete data
  • • Notify third parties of changes
  • • Immediate correction processing

Right to Erasure

"Right to be forgotten"

  • • Delete personal data
  • • Withdraw consent
  • • Stop processing
  • • Notify data recipients

Right to Restriction

Limit data processing

  • • Suspend processing
  • • Object to processing
  • • Pending legal claims
  • • Verification processes

Right to Portability

Move your data

  • • Receive data in structured format
  • • Transfer to another service
  • • Machine-readable format
  • • Direct transfer when possible

Legal Bases for Processing

We only process your personal data when we have a valid legal basis:

Consent

When you have given clear consent for specific processing activities

  • • Marketing communications
  • • Optional analytics
  • • Research participation

Contract

When processing is necessary for contract performance

  • • Account management
  • • Service delivery
  • • Payment processing

Legitimate Interest

When we have a legitimate business interest that doesn't override your rights

  • • Fraud prevention
  • • System security
  • • Service improvement

Legal Obligation

When we're required by law to process your data

  • • Tax compliance
  • • Regulatory requirements
  • • Legal proceedings

Data Protection Measures

We implement comprehensive technical and organizational measures:

Encryption

End-to-end encryption for all data transmission and storage

Access Controls

Role-based access controls and multi-factor authentication

Audit Trails

Comprehensive logging and monitoring of all data access

Data Transfers

When we transfer data outside the EU, we ensure adequate protection:

Transfer Safeguards

  • • Standard Contractual Clauses (SCCs)
  • • Adequacy decisions by EU Commission
  • • Binding Corporate Rules (BCRs)
  • • Certification schemes

Exercising Your Rights

You can exercise your GDPR rights at any time:

How to Submit Requests

Online Portal

Use our secure data rights portal

Email Request

Send detailed requests to our DPO

[email protected]

Response Times

We commit to responding to your requests within GDPR timelines:

Standard Requests

  • • Access requests: Within 30 days
  • • Rectification: Within 30 days
  • • Erasure: Within 30 days
  • • Portability: Within 30 days

Urgent Requests

  • • Data breach notifications: Within 72 hours
  • • Security concerns: Within 24 hours
  • • Consent withdrawals: Immediate
  • • Objections: Within 5 days

Data Protection Officer

Our Data Protection Officer (DPO) is available to assist you:

GDPR Support

Questions about GDPR compliance or data protection? Contact our Data Protection Officer.

Contact DPO

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data appropriately. For EU residents, you can contact your local data protection authority.

Filing a Complaint

If you're not satisfied with our response to your privacy concerns, you can file a complaint with:

  • • Your local data protection authority
  • • The Irish Data Protection Commission (our lead authority)
  • • Any EU supervisory authority