GDPR Compliance

How AgoraBoard complies with the General Data Protection Regulation

Our Commitment to GDPR

AgoraBoard is committed to protecting the privacy and security of personal data in accordance with the European Union's General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and what rights you have under this regulation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to organizations that process personal data of individuals in the European Union, regardless of where the organization is located.

Your Rights Under GDPR

Right to Access

You have the right to request a copy of all personal data we hold about you. We will provide this information in a commonly used electronic format within 30 days of your request.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data. You can update most information directly through your account settings.

Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. You can export your data at any time through your account settings.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances, such as while we verify the accuracy of the data.

Right to Object

You have the right to object to processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have not complied with GDPR requirements.

How We Comply with GDPR

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract: To provide services you have subscribed to
  • Consent: For marketing communications and optional features
  • Legitimate Interest: For fraud prevention and service improvement
  • Legal Obligation: To comply with applicable laws

Data Protection Measures

We implement comprehensive technical and organizational measures:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Regular security audits and penetration testing
  • Access controls and multi-factor authentication
  • Data minimization and purpose limitation
  • Employee training on data protection
  • Data Processing Agreements with all processors

Data Processing Locations

We primarily process data within the European Economic Area (EEA). When data is transferred outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions from the European Commission
  • Binding Corporate Rules where applicable

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our GDPR compliance. You can contact our DPO with any questions or concerns about how we handle your personal data.

Email: [email protected]

Response Time: Within 30 days for all requests

Exercising Your Rights

To exercise any of your GDPR rights, you can:

  1. Log in to your account and use the self-service tools in your settings
  2. Email our Data Protection Officer at [email protected]
  3. Contact our support team through the help center

We will respond to all requests within 30 days. In complex cases, we may extend this period by an additional 60 days and will inform you of the extension and reasons.

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Notify affected individuals without undue delay
  • Provide details of the breach, potential consequences, and mitigation measures
  • Document all breaches, including facts, effects, and remedial actions

Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it immediately.

Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. Any automated processing is limited to:

  • Technical functionality (e.g., load balancing, spam filtering)
  • Service personalization with your explicit consent
  • Fraud detection and security measures

Certification and Compliance

AgoraBoard maintains the following certifications and compliance standards:

GDPR Compliant

Fully compliant

ISO 27001

Information Security

SOC 2 Type II

Security & Privacy

HIPAA Ready

Healthcare Data

Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to ensure we maintain the highest standards of data protection. Any significant changes will be communicated through our website and to registered users.

Related Policies

Privacy Policy →Terms of Service →Cookie Policy →
Back to Home