GDPR Compliance

Last Updated January 15, 2024

Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union (EU) and the European Economic Area (EEA). This regulation strengthens and unifies data protection for individuals within the EU and addresses the export of personal data outside the EU.

Stover is committed to protecting your personal data and ensuring compliance with GDPR. This page explains how we comply with GDPR requirements and how you can exercise your rights under this regulation.

Your Rights Under GDPR

Under GDPR, you have several important rights regarding your personal data. We are committed to helping you exercise these rights:

Right of Access

  • You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and the following information:
  • The purposes of the processing;
  • The categories of personal data concerned;
  • The recipients or categories of recipients to whom the personal data have been or will be disclosed;
  • The envisaged period for which the personal data will be stored;
  • The existence of the right to request rectification, erasure, or restriction of processing;
  • The right to lodge a complaint with a supervisory authority.

Right to Rectification

You have the right to have inaccurate personal data concerning you rectified and, taking into account the purposes of the processing, to have incomplete personal data completed.

Right to Erasure (Right to be Forgotten)

  • You have the right to obtain the erasure of personal data concerning you where one of the following grounds applies:
  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw consent on which the processing is based and there is no other legal ground for the processing;
  • You object to the processing and there are no overriding legitimate grounds for the processing;
  • The personal data have been unlawfully processed;
  • The personal data have to be erased for compliance with a legal obligation.

Right to Restriction of Processing

  • You have the right to obtain restriction of processing where:
  • You contest the accuracy of the personal data;
  • The processing is unlawful and you oppose the erasure of the personal data;
  • We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims;
  • You have objected to processing pending the verification of whether our legitimate grounds override yours.

Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and have the right to transmit those data to another controller.

Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on legitimate interests. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms.

Legal Basis for Data Processing

  • We process your personal data based on the following legal grounds under GDPR:
  • **Consent:** Where you have given consent to the processing of your personal data for one or more specific purposes;
  • **Contract:** Where processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  • **Legal Obligation:** Where processing is necessary for compliance with a legal obligation to which we are subject;
  • **Vital Interests:** Where processing is necessary to protect the vital interests of you or another natural person;
  • **Public Task:** Where processing is necessary for the performance of a task carried out in the public interest;
  • **Legitimate Interests:** Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

International Data Transfers

  • Your personal data may be transferred to and processed in countries outside the EEA. When we transfer your personal data outside the EEA, we ensure that appropriate safeguards are in place to protect your data, including:
  • Standard Contractual Clauses approved by the European Commission;
  • Adequacy decisions by the European Commission;
  • Other appropriate safeguards as required by GDPR.
  • We take all necessary steps to ensure that your personal data is treated securely and in accordance with this GDPR notice and applicable data protection laws.

Data Retention

  • We retain your personal data only for as long as necessary to fulfill the purposes outlined in our Privacy Policy, unless a longer retention period is required or permitted by law. When determining how long to retain your personal data, we consider:
  • The amount, nature, and sensitivity of the personal data;
  • The potential risk of harm from unauthorized use or disclosure;
  • The purposes for which we process your personal data;
  • Applicable legal, regulatory, tax, accounting, or other requirements.

Data Security

  • We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
  • Encryption of data in transit and at rest;
  • Regular security assessments and penetration testing;
  • Access controls and authentication mechanisms;
  • Employee training on data protection;
  • Incident response procedures.

How to Exercise Your Rights

  • To exercise any of your GDPR rights, please contact us using one of the following methods:
  • Complete our data subject request form (link to form if available);
  • Send an email to privacy@stover.app;
  • Write to us at the address provided in the Contact section below.
  • We will respond to your request within one month of receipt. If your request is complex or we receive multiple requests, we may extend this period by an additional two months, and we will inform you of this extension.
  • We may need to verify your identity before processing your request to ensure the security of your personal data.

Right to Lodge a Complaint

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

You can find the contact details of your local supervisory authority on the European Data Protection Board website.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us:

Email: privacy@stover.app

For EU-specific inquiries, you may also contact our Data Protection Officer (if applicable) at dpo@stover.app