Effective Date: January 2025
At Soft Digital Edge LLC, we are committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This document outlines how we comply with GDPR requirements and your rights as a data subject.
1. What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals residing in the European Union (EU), regardless of where the organization is located.
GDPR Applies When:
- You are an EU resident using our services
- We process your personal data for business purposes
- We offer goods or services to EU residents
- We monitor behavior of individuals in the EU
2. Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data:
🔍 Right of Access
You have the right to request a copy of all personal data we hold about you, including how it's being processed.
✏️ Right of Rectification
You can request correction of inaccurate or incomplete personal data we hold about you.
🗑️ Right of Erasure
Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances.
🚫 Right to Restrict Processing
You can request that we limit how we process your personal data under specific conditions.
📦 Right to Data Portability
You can request to receive your personal data in a structured, machine-readable format for transfer to another service.
⛔ Right to Object
You can object to processing of your personal data for direct marketing or other legitimate interests.
🤖 Rights Related to Automated Decision Making
You have rights regarding automated decision-making, including profiling that affects you legally or significantly.
❌ Right to Withdraw Consent
Where processing is based on consent, you have the right to withdraw that consent at any time.
3. Lawful Basis for Processing
We only process your personal data when we have a lawful basis to do so under GDPR Article 6:
Our Lawful Bases for Processing
- Contract (Article 6(1)(b)): Processing necessary for performing our contract with you or taking steps to enter into a contract
- Legitimate Interest (Article 6(1)(f)): Processing necessary for our legitimate business interests, balanced against your rights
- Consent (Article 6(1)(a)): You have given clear, informed consent for specific processing activities
- Legal Obligation (Article 6(1)(c)): Processing necessary to comply with legal obligations
- Vital Interest (Article 6(1)(d)): Processing necessary to protect someone's life (rarely applicable)
4. How We Ensure GDPR Compliance
Our GDPR Compliance Measures
- ✅ Privacy by Design: We integrate data protection into all our systems and processes from the outset
- ✅ Data Minimization: We only collect and process personal data that is necessary for our specified purposes
- ✅ Transparency: We provide clear, understandable information about our data processing activities
- ✅ Security Measures: We implement appropriate technical and organizational security measures
- ✅ Data Subject Rights: We have procedures in place to respond to data subject requests within 30 days
- ✅ Breach Notification: We can notify supervisory authorities within 72 hours of becoming aware of a breach
- ✅ Record Keeping: We maintain detailed records of our processing activities
- ✅ Staff Training: Our team is trained on GDPR requirements and data protection best practices
5. International Data Transfers
When we transfer personal data outside the EU/EEA, we ensure adequate protection through:
- Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
- Standard Contractual Clauses (SCCs): EU-approved contractual terms for international transfers
- Binding Corporate Rules: Internal data protection rules for multinational companies
- Certification Schemes: Recognized data protection certification programs
6. Data Processing Activities
We process personal data for the following purposes under GDPR:
Processing Activities Summary
- Client Services: Software development, consulting, project management (Lawful basis: Contract)
- Marketing: Email newsletters, promotional communications (Lawful basis: Consent)
- Analytics: Website usage analysis, service improvement (Lawful basis: Legitimate Interest)
- Legal Compliance: Tax records, regulatory reporting (Lawful basis: Legal Obligation)
- Security: Fraud prevention, system security (Lawful basis: Legitimate Interest)
- Course Delivery: Online education services, progress tracking (Lawful basis: Contract)
7. Data Retention
We retain personal data only for as long as necessary for the purposes for which it was collected:
- Client Project Data: 3 years after project completion
- Course Records: 2 years after course completion
- Marketing Data: Until consent is withdrawn
- Legal/Tax Records: As required by applicable law (typically 7 years)
- Analytics Data: 2 years (anonymized after 6 months)
8. Exercising Your Rights
To exercise any of your GDPR rights, please contact us using the information below. We will:
- Respond to your request within 30 days (or explain if we need more time)
- Verify your identity before processing the request
- Provide information free of charge (unless the request is manifestly unfounded or excessive)
- Inform you if we cannot comply with your request and explain why
Making a GDPR Request
When contacting us about your GDPR rights, please include:
- Your full name and contact information
- Description of your request and which right you're exercising
- Any relevant details to help us locate your data
- Proof of identity (if requested for verification)
9. Data Protection Officer (DPO)
While we are not required to appoint a dedicated Data Protection Officer under GDPR, we have designated our legal team to handle data protection matters and GDPR compliance.
Soft Digital Edge LLC
Email: info@softdigitaledge.com
Subject Line: "GDPR Request - [Type of Request]"
Phone: +1 (307) 204-4358
Address: 8035, 1021 E Lincolnway, Cheyenne, WY, Laramie, US, 82001
Response Time: We will acknowledge GDPR requests within 5 business days and provide a full response within 30 days.
10. Supervisory Authority
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you live, work, or where the alleged infringement occurred.
11. Updates to Our GDPR Compliance
We regularly review and update our GDPR compliance measures. Significant changes will be communicated through:
- Updates to this GDPR compliance page
- Email notifications to active users
- Notices on our website
- Updated privacy policy with clear change logs
Related Documents: For complete information about how we handle your personal data, please also review our Privacy Policy, Terms of Service, and Cookie Policy.