GDPR Made Easy - Logo

Privacy Policy

Effective Date: June 17, 2025This Privacy Policy explains how [Your Company Name] ("we," "us," or "our") collects, uses, and protects your personal data when you use our "GDPR MadeEasy" (or your chosen tool name) website and services (collectively, the "Service"). We are committed to protecting your privacy and handling your data transparently, in compliance with the General Data Protection Regulation (GDPR) and relevant national data protection laws (e.g., the UK Data Protection Act 2018).By using our Service, you agree to the collection and use of information in accordance with this policy.1. Who We Are (Data Controller)
GDPR MadeEasy
Old City Music Hall, Dublin 8, Republic of Ireland
[email protected]
GDPR-madeeasy.comWe are the Data Controller responsible for the personal data collected through our Service.2. What Personal Data We Collect and Why
We collect different types of personal data for specific purposes:a. Data You Provide Directly Through Forms (Typeform, Contact Forms):Categories of Data:Contact Information: Your name, email address, company name.Service-Related Information: Your answers to our GDPR assessment questionnaire regarding your new data processing activities (e.g., purpose of processing, data categories involved, third-party processors, international transfers, lawful basis, AI use).Optional Feedback: Any comments or feedback you provide in free-text fields.Plan Selection: Which pricing plan you choose (One-Time Assessment or Annual Unlimited Access Pre-Launch Offer).Purpose of Collection:To provide you with the requested GDPR assessment service, including the personalized action plan and pre-filled documents.To process your pre-order for future access to the Service.To communicate with you regarding your query, purchase, and the Service launch/updates.To improve our Service based on your feedback and usage patterns.Lawful Basis for Processing:Performance of a Contract: Processing is necessary to provide the service you requested (e.g., delivering the assessment report and documents, fulfilling your pre-order for future access).Legitimate Interests: To improve and optimize our Service, to manage our relationship with you, and for internal analytical purposes (where such processing does not override your fundamental rights and freedoms).Consent: If you explicitly opt-in for marketing communications (separate from service-related communications).b. Payment Data (via Stripe):Categories of Data: Your name, email address, billing address, and payment card details (processed by Stripe).Purpose of Collection: To process your payment for the Service or pre-order.Lawful Basis for Processing: Performance of a Contract (processing your payment is necessary to fulfill your order).Note: We do not directly store your full payment card details. These are processed securely by our third-party payment processor, Stripe.c. Website Usage Data (if using analytics):Categories of Data: IP address, browser type, operating system, pages visited, time spent on pages, referral sources.Purpose of Collection: To analyze website traffic, understand user behavior, and improve our website's performance and user experience.Lawful Basis for Processing: Legitimate Interests (to analyze and improve our website and services, provided basic analytics do not involve extensive profiling or override your rights). Where cookies require consent, we adhere to cookie consent rules.3. How We Use Your Personal Data
We use the personal data we collect for the following purposes:To deliver the core Service you requested (e.g., providing personalized GDPR action plans and pre-filled documents).To process and confirm your purchases and manage your account/subscription status.To communicate with you about your use of the Service, important updates, and news regarding the Summer launch (for pre-order customers).To respond to your inquiries and provide customer support.To improve and optimize our Service (e.g., by analyzing how users interact with the questionnaire and the usefulness of the generated output).To comply with legal obligations and enforce our terms and conditions.If you have provided explicit consent: To send you marketing communications about new features, offers, or relevant GDPR insights.4. How We Share Your Personal Data
We only share your personal data with third parties in the following limited circumstances:Service Providers: We use trusted third-party service providers who assist us in operating our Service and performing related business functions. These include:Hosting & Website Platform: Carrd (https://www.carrdinc.org/privacy-policy)Form & Questionnaire Provider: Typeform (https://typeformsolutions.com/about-us/privacy-policy/)Database & Logic Management: Airtable (https://www.airtable.com/company/privacy)Automation Platform: Make.com (https://www.make.com/en/privacy-notice)Payment Processor: Stripe (https://stripe.com/privacy)Email Service Provider: https://www.microsoft.com/en-gb/privacyWeb Analytics Provider - Google Analytics (https://support.google.com/analytics/answer/6004245))These providers are obligated to protect your data in accordance with GDPR and have data processing agreements (DPAs) in place with us.Legal Compliance: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).Business Transfers: In the event of a merger, acquisition, or asset sale, your personal data may be transferred as a business asset. We will notify you if such a transfer occurs and becomes subject to a different privacy policy.5. International Data Transfers
Some of our service providers (e.g., Typeform, Stripe, Airtable, Make.com, Google Workspace) may store or process data outside the European Economic Area (EEA) or the UK (e.g., in the United States). When this occurs, we ensure that appropriate safeguards are in place to protect your personal data, such as:Reliance on Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner's Office (ICO).Reliance on the EU-US Data Privacy Framework (DPF) for transfers to certified U.S. organizations.Ensuring the recipient country has been deemed to provide an adequate level of data protection by the European Commission or the UK government.By using our Service, you acknowledge and agree to such transfers, provided these safeguards are in place.6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.Service Data (Questionnaire answers, generated reports): Typically retained for [e.g., 2-5 years] after the last interaction or subscription expiry, to allow for re-access if needed and to meet accountability obligations.Payment Records: Retained for the period required by tax and accounting laws (e.g., 7 years in the UK/Ireland).Marketing Consent: Retained until you withdraw consent.After the retention period, your data will be securely deleted or anonymized.7. Data Security
We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:Using secure, reputable no-code platforms (Carrd, Typeform, Airtable, Make.com) with their own robust security protocols.Employing SSL/TLS encryption for data in transit (website and forms).Restricting access to your personal data to authorized personnel only.Regularly reviewing our data processing practices.While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.8. Your Data Protection Rights (GDPR)
Under GDPR, you have the following rights regarding your personal data:The Right to Be Informed: To receive clear, transparent, and easily understandable information about how we use your personal data and your rights. This Privacy Policy serves this purpose.The Right of Access: To request a copy of the personal data we hold about you.The Right to Rectification: To request that we correct any inaccurate or incomplete personal data we hold about you.The Right to Erasure ("Right to Be Forgotten"): To request the deletion or removal of your personal data where there is no compelling reason for its continued processing.The Right to Restrict Processing: To 'block' or suppress the processing of your personal data in certain circumstances.The Right to Data Portability: To obtain your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.The Right to Object: To object to certain types of processing, including direct marketing.Rights in Relation to Automated Decision-Making and Profiling: To not be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you, unless it's necessary for a contract, authorized by law, or based on your explicit consent. (Our MVP does not currently use automated decision-making that produces legal effects).The Right to Withdraw Consent: Where we rely on your consent for processing, you have the right to withdraw that consent at any time.To exercise any of these rights, please contact us using the contact details provided below. We will respond to your request within one month.9. Cookies
Our website, built on Carrd, and integrated services like Typeform and Stripe, may use cookies and similar tracking technologies to enhance user experience, analyze usage, and process payments.Cookies are small text files placed on your device.You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.For detailed information on the cookies used by our platform providers, please refer to their respective Privacy Policies linked in Section 4.10. Changes to This Privacy Policy
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. We encourage you to review this Privacy Policy periodically for any changes.11. Contact Us
If you have any questions about this Privacy Policy or our data processing practices, or if you wish to exercise your data protection rights, please contact us:By email: [email protected]Supervisory Authority:
You also have the right to lodge a complaint with your relevant data protection supervisory authority. For individuals in the United Kingdom, this is the Information Commissioner's Office (ICO):
Information Commissioner's Office (ICO)
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113 (local rate) or +44 1625 545 745 (if calling from overseas)
Website: www.ico.org.uk