GDPR Compliance

General Data Protection Regulation Information

1. Our Commitment to GDPR

BrandXpoint is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and what rights you have regarding your personal data.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Consent (Article 6(1)(a))

When you have given clear consent for us to process your personal data for specific purposes, such as marketing communications.

Contract Performance (Article 6(1)(b))

When processing is necessary to perform our contract with you or to take steps at your request before entering into a contract.

Legal Obligation (Article 6(1)(c))

When we need to process your data to comply with legal obligations, such as tax or accounting requirements.

Legitimate Interest (Article 6(1)(f))

When processing is necessary for our legitimate interests, such as improving our services, provided your rights don't override these interests.

3. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You have the right to request access to your personal data and information about how we process it.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances.

Right to Restrict Processing (Article 18)

You have the right to request restriction of processing in certain circumstances.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Article 7(3))

You have the right to withdraw consent at any time where processing is based on consent.

4. How to Exercise Your Rights

To exercise any of your rights, you can:

  • Email us at gdpr@brandxpoint.com
  • Use the data request form in your account settings
  • Contact our Data Protection Officer
  • Send a written request to our postal address

Response Time: We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days with notification.

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure data protection:

Technical Measures

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and multi-factor authentication
  • Automated backup and disaster recovery systems
  • Network security monitoring and intrusion detection

Organizational Measures

  • Data protection training for all employees
  • Privacy by design and by default principles
  • Data processing agreements with third parties
  • Regular privacy impact assessments
  • Incident response and breach notification procedures

6. International Data Transfers

When we transfer your data outside the European Economic Area (EEA), we ensure adequate protection through:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for certain countries
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

Account DataDuration of account + 3 years
Marketing DataUntil consent withdrawn + 1 year
Transaction Data7 years (legal requirement)
Support Data3 years after case closure

8. Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing our data protection strategy and ensuring GDPR compliance.

Email: dpo@brandxpoint.com

Address: Data Protection Officer, BrandXpoint, Kutaisi, Georgia, CA 94105

9. Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority. For EU residents, you can contact your local data protection authority.

You can find contact information for EU data protection authorities at: https://edpb.europa.eu/about-edpb/board/members_en

10. Contact Information

For any GDPR-related questions or requests, please contact us:

GDPR Email: gdpr@brandxpoint.com

General Email: privacy@brandxpoint.com