1. GDPR Compliance Overview

ReHaulX is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR). This page outlines our GDPR compliance measures and your rights as an EU data subject.

Our Commitment

• Full compliance with GDPR requirements
• Transparent data processing practices
• Comprehensive user rights protection
• Regular compliance audits and updates

2. Legal Basis for Processing

Lawful Basis Categories

• Consent (Art. 6(1)(a)): For marketing communications and optional features
• Contract (Art. 6(1)(b)): To provide our AI content repurposing services
• Legitimate Interest (Art. 6(1)(f)): For security, fraud prevention, and service improvement
• Legal Obligation (Art. 6(1)(c)): To comply with applicable laws and regulations

Processing Activities

• Account Management: Contract basis for user accounts and subscriptions
• Content Processing: Contract basis for AI content generation services
• Analytics: Legitimate interest for service improvement and security
• Marketing: Consent basis for promotional communications

3. Your GDPR Rights

Right of Access (Art. 15)

• Data Copies: Request copies of all personal data we hold
• Processing Information: Details about how and why we process your data
• Categories: Types of personal data we collect and process
• Response Time: Within 30 days of verified request

Right to Rectification (Art. 16)

• Correction: Update inaccurate or incomplete personal data
• Completion: Add missing information to your profile
• Notification: We'll inform third parties of corrections where applicable
• Self-Service: Many corrections available through account settings

Right to Erasure (Art. 17) - "Right to be Forgotten"

• Account Deletion: Complete removal of personal data upon request
• Conditions: Available when data no longer needed for original purpose
• Limitations: May be restricted by legal obligations or legitimate interests
• Timeline: Deletion completed within 30 days of request

Right to Restrict Processing (Art. 18)

• Temporary Halt: Limit processing while disputes are resolved
• Accuracy Disputes: During verification of data accuracy
• Objections: While we assess objections to processing
• Legal Claims: When you need data for legal proceedings

Right to Data Portability (Art. 20)

• Data Export: Receive your data in structured, machine-readable format
• Transfer: Move your data to another service provider
• Scope: Applies to data provided with consent or for contract performance
• Format: JSON, CSV, or other standard formats

Right to Object (Art. 21)

• Direct Marketing: Absolute right to opt-out of marketing
• Legitimate Interest: Object to processing based on our legitimate interests
• Profiling: Object to automated decision-making and profiling
• Assessment: We'll assess and respond to objections

4. Data Protection Measures

Technical Safeguards

• Encryption: AES-256 encryption for data at rest and in transit
• Access Controls: Multi-factor authentication and role-based access
• Network Security: Firewalls, intrusion detection, and monitoring
• Regular Updates: Security patches and software updates

Organizational Measures

• Staff Training: Regular GDPR and privacy training for all employees
• Access Policies: Strict need-to-know access policies
• Incident Response: Comprehensive data breach response procedures
• Vendor Management: Due diligence on all data processors

5. International Data Transfers

Transfer Mechanisms

• Adequacy Decisions: Transfers to countries with adequate protection levels
• Standard Contractual Clauses: EU-approved contract terms for other countries
• Binding Corporate Rules: For transfers within our corporate group
• Derogations: Specific situations allowing transfers (Art. 49)

Safeguards

• Due Diligence: Assessment of recipient country data protection laws
• Additional Measures: Extra protections where needed
• Monitoring: Regular review of transfer arrangements
• Documentation: Records of all international transfers

6. Automated Decision-Making

AI Content Processing

• Scope: Our AI systems process content to generate repurposed materials
• Human Oversight: Human review available for quality concerns
• Transparency: Clear information about AI processing methods
• Rights: Right to request human review of automated decisions

Profiling Activities

• Usage Analytics: Automated analysis of platform usage patterns
• Content Recommendations: Suggestions based on previous activity
• Opt-Out: Ability to opt-out of certain profiling activities
• Explanation: Right to explanation of automated decision logic

7. Data Retention

Retention Periods

• Account Data: Retained while account is active plus 30 days after deletion
• Processing Logs: Security logs retained for 12 months
• Generated Content: User-controlled retention, default 90 days
• Analytics Data: Anonymized data retained for 24 months maximum

Deletion Procedures

• Automated Deletion: Systematic deletion based on retention schedules
• Manual Verification: Human verification for complete data removal
• Secure Disposal: Cryptographic erasure and physical destruction methods
• Documentation: Records of deletion activities for compliance

8. Privacy by Design

Development Principles

• Data Minimization: Collect only necessary personal data
• Purpose Limitation: Use data only for specified, legitimate purposes
• Storage Limitation: Retain data only as long as necessary
• Accuracy: Maintain accurate and up-to-date personal data

Technical Implementation

• Privacy Controls: Built-in privacy settings and controls
• Default Settings: Privacy-friendly default configurations
• User Control: Granular user control over data processing
• Regular Review: Ongoing assessment of privacy measures

9. Breach Notification

Detection and Response

• Monitoring Systems: 24/7 security monitoring and alerting
• Incident Team: Dedicated data breach response team
• Assessment: Risk assessment within 24 hours of detection
• Documentation: Detailed records of all security incidents

Notification Procedures

• Supervisory Authority: Notification within 72 hours of awareness
• Individual Notification: Direct notification if high risk to rights
• Content Requirements: Comprehensive incident details and mitigation measures
• Follow-Up: Regular updates during investigation and remediation

10. Contact and Complaints

Data Protection Officer

• Email: dpo@rehaulx.com
• Role: Independent oversight of GDPR compliance
• Responsibilities: Data protection advice and complaint handling
• Availability: Response within 5 business days

Exercise Your Rights

• Request Form: Online form available in account settings
• Email: privacy@rehaulx.com for rights requests
• Identity Verification: Security measures to verify identity
• Response Time: 30 days maximum, with possible extension

Supervisory Authority

• Right to Complain: File complaints with your local data protection authority
• Contact Information: Links to EU data protection authorities
• Process: Information about complaint procedures
• Support: Assistance with complaint preparation if needed

11. Regular Compliance Reviews

Internal Audits

• Quarterly Reviews: Regular assessment of GDPR compliance measures
• Risk Assessments: Data Protection Impact Assessments for new processing
• Policy Updates: Regular review and update of privacy policies
• Staff Training: Ongoing GDPR training and awareness programs

External Validation

• Third-Party Audits: Independent GDPR compliance assessments
• Certifications: Pursuit of relevant privacy certifications
• Legal Review: Regular legal review of policies and procedures
• Best Practices: Adoption of industry privacy best practices

---

This page demonstrates our commitment to GDPR compliance and your privacy rights. We regularly review and update our practices to ensure ongoing compliance with evolving data protection requirements.