GDPR Compliance - ProxiGuide

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, throughout the European Union. It gives individuals control over their personal data and simplifies the regulatory environment for international business.

As a platform serving users globally, ProxiGuide adheres to GDPR principles regardless of where our users are located, ensuring the highest standard of data protection for everyone.

Your GDPR Rights

Under GDPR, you have comprehensive rights over your personal data

Right to Be Informed

You have the right to know what data we collect, how we use it, and who we share it with (we don't).

Right of Access

Request a copy of all personal data we hold about you at any time, free of charge.

Right to Rectification

Correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data permanently. Also known as the "right to be forgotten."

Right to Restrict Processing

Limit how we use your data while maintaining your account active.

Right to Data Portability

Export your data in a commonly used, machine-readable format to transfer to another service.

Right to Object

Object to certain types of processing, including direct marketing and profiling.

Rights Related to Automated Decision Making

Protection from decisions based solely on automated processing. ProxiGuide does not use automated decision-making.

How ProxiGuide Complies with GDPR

We've built GDPR compliance into every aspect of our platform

ProxiGuide is built with privacy as the foundation:

• End-to-end encryption: All user data is encrypted by default using AES-256 encryption
• Minimal data collection: We only collect data absolutely necessary for service delivery
• Privacy controls: Granular privacy settings available from day one
• No tracking: We don't use tracking cookies or analytics that identify individuals

We process your data based on the following lawful grounds:

• Contract: To provide the services you've signed up for
• Consent: Where you've given explicit permission for specific uses
• Legitimate interests: For security, fraud prevention, and system maintenance
• Legal obligation: To comply with applicable laws and regulations

We implement robust technical and organizational measures:

• Encryption: Data encrypted at rest and in transit (TLS 1.3)
• Access controls: Role-based access with multi-factor authentication
• Regular audits: Annual security audits by independent third parties
• Incident response: 24/7 security monitoring and rapid response procedures
• Staff training: Regular data protection training for all employees

If we transfer your data outside the EEA, we ensure adequate protection:

• Standard Contractual Clauses: EU-approved contracts with data processors
• Adequacy decisions: Only transfer to countries with adequate protection
• Additional safeguards: Encryption and pseudonymization during transfer
• Server locations: Primary data centers located in EU regions

In the unlikely event of a data breach:

• 72-hour notification: We notify supervisory authorities within 72 hours
• User notification: You'll be informed without undue delay if you're affected
• Mitigation steps: Immediate action to contain and remediate the breach
• Documentation: All incidents documented and lessons learned implemented

Note: Due to our end-to-end encryption, even in a breach scenario, your encrypted data remains protected and unreadable without your decryption key.

We have appointed a dedicated Data Protection Officer who:

• Monitors GDPR compliance across the organization
• Conducts data protection impact assessments
• Serves as point of contact for supervisory authorities
• Available to answer your data protection questions

Contact Our DPO:

Email: dpo@proxiguide.com

How to Exercise Your GDPR Rights

Through Your Account Dashboard

Most GDPR rights can be exercised directly from your ProxiGuide account:

→ Access your data: Settings → Privacy → Download My Data
→ Update information: Settings → Account → Edit Profile
→ Delete account: Settings → Privacy → Delete Account
→ Export data: Settings → Privacy → Export Data (JSON/CSV format)

By Contacting Us

For requests not available through the dashboard, contact us at:

Email: gdpr@proxiguide.com

Data Protection Officer: dpo@proxiguide.com

Response time: Within 30 days (may extend to 60 days for complex requests)

What to Include in Your Request

✓ Your full name and email address associated with your account
✓ Clear description of your request and which right you're exercising
✓ Any relevant details to help us locate your information

Data Retention Policy

We retain your personal data only as long as necessary for the purposes outlined in our Privacy Policy:

Active Accounts

Data retained while your account remains active and for legitimate business purposes

Deleted Accounts

All personal data permanently deleted within 30 days of account deletion request

Backups

Deleted data removed from all backups within 90 days

Legal Requirements

Minimal data retained only if required by law (e.g., financial records)

Right to Lodge a Complaint

While we strive to resolve any concerns you may have about our data practices, you have the right to lodge a complaint with your local data protection supervisory authority.

In the EU, you can find your supervisory authority here: European Data Protection Board - Supervisory Authorities

However, we encourage you to contact us first at dpo@proxiguide.com so we can address your concerns directly.

Updates to This GDPR Policy

We may update this GDPR compliance page from time to time. We'll notify you of significant changes via email and provide 30 days notice before implementing changes that affect your rights.

Last Updated: January 15, 2026

Version: 1.0

GDPR Compliant by Design