GDPR Compliance

1. Introduction

At SprintSimple, we are committed to protecting the privacy and security of your personal data. This GDPR Compliance statement explains how we collect, use, and store personal data in accordance with the EU General Data Protection Regulation (GDPR).

The GDPR applies to all organizations operating within the EU and to organizations outside the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company's location.

2. Data Controller

SprintSimple is the Data Controller for personal data we collect and process. Our contact details are:

3. Your Rights Under GDPR

Under the GDPR, you have the following rights:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: privacy@sprintsimple.com

4. Lawful Basis for Processing

We process personal data on the following lawful bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
• Legal Obligation: Where processing is necessary for compliance with a legal obligation.
• Legitimate Interests: Where processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

5. Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data where appropriate
• Regular testing, assessing, and evaluating the effectiveness of technical and organizational measures
• Regular security assessments
• Staff training on data protection and security
• Access controls and authentication procedures

6. International Transfers

If we transfer your personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data, such as:

• Standard contractual clauses approved by the European Commission
• Binding corporate rules
• Adherence to the EU-US Privacy Shield Framework (where applicable)

7. Data Breach Procedures

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

8. Contact Us

If you have any questions about our GDPR compliance or how we handle your personal data, please contact our Data Protection Officer at: