GDPR Compliance

General Data Protection Regulation (GDPR) compliance information and your data protection rights.

Last updated: January 1, 2025

Introduction to GDPR

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). FruitApps is committed to ensuring compliance with GDPR requirements and protecting your personal data rights.

Your Rights Under GDPR

Under GDPR, you have several rights regarding your personal data:

Right to Information

You have the right to be informed about the collection and use of your personal data. This includes information about how we process your data, why we process it, and how long we keep it.

Right of Access

You have the right to request access to your personal data that we process. This allows you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Right to Rectification

You have the right to have your personal data corrected if it is inaccurate or incomplete. We will take reasonable steps to ensure that personal data that is inaccurate is updated or deleted.

Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another data controller.

Right to Object

You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Consent: Where you have given clear consent for us to process your personal data for specific purposes
  • Contract: Where processing is necessary for the performance of a contract with you
  • Legal obligation: Where processing is necessary for compliance with a legal obligation
  • Legitimate interests: Where processing is necessary for our legitimate interests

Data Protection Measures

FruitApps implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Ongoing confidentiality, integrity, availability and resilience of processing systems
  • Regular testing, assessing and evaluating the effectiveness of technical and organizational measures
  • Access controls and authentication measures
  • Staff training on data protection principles

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

International Data Transfers

When we transfer personal data outside the European Economic Area, we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules
  • Certification mechanisms

Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us using the following methods:

  • Contact form: Contact us
  • Written request to our registered address

We will respond to your request within one month of receipt. In some cases, we may extend this period by two further months if the request is complex or we have received a number of requests.

Complaints

If you believe that your data protection rights have been breached, you have the right to complain to the relevant supervisory authority. In most EU countries, this will be your national data protection authority.