Contents
- 1. Introduction to GDPR
- 2. Data Collection and Processing
- 3. Legal Basis for Processing
- 4. Your Rights Under GDPR
- 5. Data Protection Measures
- 6. International Data Transfers
- 7. Data Retention Policy
- 8. Data Protection Officer
- 9. Breach Notification
- 10. How to Exercise Your Rights
- 11. Updates to This Policy
- 12. Contact Information
Need Help?
If you have questions about our GDPR compliance or need to exercise your data rights, please contact our Data Protection Officer.
1. Introduction to GDPR
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.
At StanbinOnline, we are committed to ensuring the privacy and protection of your personal data. This GDPR Compliance Policy outlines how we collect, process, store, and protect your personal information in accordance with the GDPR requirements.
Important Notice
This policy applies to all personal data of EU residents processed by StanbinOnline, regardless of whether the processing takes place within the EU or not. By using our services, you acknowledge that you have read and understood this policy.
For the purposes of the GDPR, StanbinOnline is the "data controller" of your personal information. This means that we determine the purposes and means of processing your personal data.
2. Data Collection and Processing
We collect and process personal data for specific, explicit, and legitimate purposes. The types of personal data we collect may include:
Identity Information
- Name
- Email address
- Phone number
- Postal address
- Business name (if applicable)
Financial Information
- Payment information
- Transaction history
- Billing address
- Tax identification numbers
Technical Information
- IP address
- Browser type and version
- Device information
- Operating system
- Log data and usage patterns
Service-Related Information
- Account preferences
- Service usage history
- Customer support communications
- Survey responses
2.1 Processing Activities
We process your personal data for the following purposes:
- To provide and maintain our services
- To notify you about changes to our services
- To allow you to participate in interactive features of our services
- To provide customer support
- To gather analysis or valuable information so that we can improve our services
- To monitor the usage of our services
- To detect, prevent and address technical issues
- To fulfill any other purpose for which you provide the information
2.2 Cookies and Similar Technologies
We use cookies and similar tracking technologies to track activity on our website and store certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service.
For more information about the cookies we use, please see our Cookie Policy.
3. Legal Basis for Processing
Under the GDPR, we must have a legal basis for processing your personal data. We rely on one or more of the following legal grounds for processing your personal information:
| Legal Basis | Description | Example |
|---|---|---|
| Consent | You have given clear consent for us to process your personal data for a specific purpose. | Marketing communications, cookies that are not strictly necessary |
| Contract | Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. | Account creation, processing payments, providing our services |
| Legal Obligation | Processing is necessary for compliance with a legal obligation to which we are subject. | Tax reporting, responding to court orders, regulatory requirements |
| Legitimate Interests | Processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights. | Fraud prevention, network security, improving our services |
Where we rely on consent as the legal basis for processing your personal data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
Important Note on Legitimate Interests
When we process your personal data based on our legitimate interests, we ensure that we consider and balance any potential impact on you and your rights. We will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required or permitted to by law.
4. Your Rights Under GDPR
The GDPR provides you with certain rights regarding your personal data. These rights include:
Right to Access
You have the right to request copies of your personal data. We may charge a small fee for this service if the request is unfounded, repetitive, or excessive.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions. Also known as the "right to be forgotten".
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Right to Object
You have the right to object to our processing of your personal data, under certain conditions, including for direct marketing purposes.
Rights Related to Automated Decision Making
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.
Right to Withdraw Consent
You have the right to withdraw your consent at any time where we relied on your consent to process your personal information.
If you wish to exercise any of these rights, please refer to the "How to Exercise Your Rights" section below. We will respond to all legitimate requests within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests.
5. Data Protection Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Encryption
All data in transit and at rest is encrypted using industry-standard encryption protocols.
Access Controls
Strict access controls and authentication mechanisms to prevent unauthorized access.
Regular Backups
Regular data backups to prevent data loss and ensure business continuity.
Regular Audits
Regular security audits and vulnerability assessments to identify and address potential risks.
Staff Training
Regular data protection and security training for all staff members who process personal data.
Data Minimization
We only collect and process the personal data that is necessary for the specified purposes.
5.1 Third-Party Processors
We may use third-party service providers to process personal data on our behalf. These third parties are carefully selected and are required to maintain the security of your personal data. We enter into data processing agreements with all third-party processors to ensure they comply with GDPR requirements.
5.2 Employee Access
We restrict access to personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
Our Commitment to Security
We are committed to ensuring that your personal data is secure. While we implement appropriate security measures, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. We continuously review and update our security measures to provide the highest level of protection.
6. International Data Transfers
As a global organization, we may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe (Standard Contractual Clauses).
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.
6.1 Transfer Mechanisms
| Transfer Mechanism | Description | When We Use It |
|---|---|---|
| Adequacy Decision | Transfers to countries recognized by the EU as having adequate data protection laws. | When transferring data to Canada, Switzerland, Japan, etc. |
| Standard Contractual Clauses (SCCs) | EU-approved contractual clauses that provide appropriate data protection safeguards. | For most transfers outside the EEA where no adequacy decision exists. |
| Binding Corporate Rules | Internal rules for transfers among members of a corporate group. | For transfers within our global corporate structure (if applicable). |
| Derogations | Specific exceptions such as explicit consent or contractual necessity. | In limited circumstances where other mechanisms are not available. |
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Important Update on International Transfers
Following the invalidation of the EU-US Privacy Shield by the Court of Justice of the European Union (Schrems II decision), we have reviewed and updated our international data transfer mechanisms to ensure continued compliance with GDPR requirements.
7. Data Retention Policy
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider:
- The amount, nature, and sensitivity of the personal data
- The potential risk of harm from unauthorized use or disclosure of your personal data
- The purposes for which we process your personal data and whether we can achieve those purposes through other means
- The applicable legal, regulatory, tax, accounting, or other requirements
7.1 Retention Periods
| Data Category | Retention Period | Rationale |
|---|---|---|
| Account Information | For the duration of your account plus 2 years after closure | To provide our services and handle any account-related inquiries |
| Financial Transactions | 7 years | Tax and accounting requirements |
| Marketing Preferences | Until you withdraw consent or 3 years after last interaction | To respect your marketing choices and maintain a record of consent |
| Technical Data (Logs) | 12 months | Security, troubleshooting, and service improvement |
| Customer Support Communications | 3 years after resolution | To handle follow-up inquiries and improve our services |
In some circumstances, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
8. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance Policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact our DPO using the details set out below.
Data Protection Officer Contact Details
Contact Information
-
Elena Schmidt
-
[email protected]
-
+1 (800) 555-9876
Postal Address
StanbinOnline
2500 W Bradley Pl
Chicago, IL 60618
United States
8.1 Role of the DPO
Our DPO's responsibilities include:
- Informing and advising StanbinOnline and our employees about their obligations under the GDPR and other data protection laws
- Monitoring compliance with the GDPR and other data protection laws, including managing internal data protection activities, advising on data protection impact assessments, training staff, and conducting internal audits
- Acting as the contact point for data subjects and the supervisory authority
- Cooperating with the supervisory authority
- Taking into account the risk associated with processing operations, considering the nature, scope, context, and purposes of processing
The DPO operates independently and does not receive any instructions regarding the exercise of their tasks. They report directly to the highest level of management at StanbinOnline.
9. Breach Notification
In the event of a personal data breach, we have procedures in place to detect, report, and investigate such a breach. We will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
9.1 Breach Notification Process
Detection and Internal Reporting
Any employee who becomes aware of a potential data breach must immediately report it to the DPO or designated security team.
Assessment and Containment
Our security team will assess the breach, contain it, and begin recovery procedures. We will document the nature of the breach and the data affected.
Risk Assessment
We will evaluate the risks associated with the breach, including potential consequences for affected individuals and the severity of those consequences.
Notification to Authorities
If required, we will notify the relevant supervisory authority within 72 hours, providing details of the breach, affected data, potential consequences, and measures taken.
Notification to Affected Individuals
When the breach is likely to result in a high risk to individuals' rights and freedoms, we will notify affected individuals without undue delay.
Documentation and Review
We will document all breaches, including facts, effects, and remedial actions taken. We will review and update our security measures as needed.
9.2 Information Included in Notifications
When notifying affected individuals about a data breach, we will provide:
- A clear and plain language description of the nature of the personal data breach
- The name and contact details of our DPO or other contact point
- A description of the likely consequences of the personal data breach
- A description of the measures taken or proposed to address the breach, including measures to mitigate possible adverse effects
- Recommendations for individuals to protect themselves from potential harm
Important Security Notice
We take data breaches very seriously. If you suspect that your personal information has been compromised or notice any suspicious activity related to your account, please contact our Data Protection Officer immediately.
10. How to Exercise Your Rights
If you wish to exercise any of your rights under the GDPR, please follow the process outlined below:
Data Subject Request Process
1
Submit Your Request
Contact our DPO by email at [email protected] or through our Data Subject Request Form on our website.
2
Verification of Identity
We will verify your identity to ensure we're providing information to the right person. This may require providing identification documents.
3
Request Assessment
We will assess your request to determine if we can fulfill it and what actions need to be taken.
4
Request Fulfillment
We will process your request and take the necessary actions. For access requests, we will provide a copy of your data.
5
Response Time
We will respond to your request within one month. For complex requests, we may extend this period by up to two additional months.
Request Progress Tracking
10.1 Fees
You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
10.2 What We May Need From You
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Request Form Available
To make it easier for you to exercise your rights, we have created a dedicated Data Subject Request Form. This form guides you through the process and ensures we have all the information needed to process your request efficiently.
11. Updates to This Policy
We may update this GDPR Compliance Policy from time to time. Any changes we make to this policy will be posted on this page, and where appropriate, notified to you by email or through a notice on our website.
We encourage you to review this policy periodically to stay informed about how we are protecting your personal data. The date at the top of this policy indicates when it was last updated.
Policy Revision History
If we make significant changes to this policy that affect how we use your personal data, we will notify you directly and may seek your consent where required.
12. Contact Information
If you have any questions, concerns, or requests regarding this GDPR Compliance Policy or our data practices, please contact us:
Data Protection Officer
-
[email protected]
-
+1 (800) 555-9876
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have processed your personal data unlawfully. The supervisory authority will depend on your habitual residence, place of work, or place of the alleged infringement.
Find your local supervisory authorityWe will respond to all legitimate inquiries within one month. Occasionally, it may take us longer if your request is particularly complex or you have made a number of requests.
Our Commitment
At StanbinOnline, we are committed to protecting your privacy and ensuring that your personal data is handled in accordance with the GDPR. We value transparency and are dedicated to maintaining your trust by safeguarding your personal information.
This GDPR Compliance Policy was last updated on April 23, 2025. By using our services, you acknowledge that you have read and understood this policy.
Related Legal Documents
Please review our other legal documents to fully understand your rights and obligations when using our services.
Terms of Service
Our Terms of Service outline the rules, guidelines, and obligations when using StanbinOnline's platform and services.
Read Terms of ServicePrivacy Policy
Our Privacy Policy explains how we collect, use, and protect your personal information when you use our services.
Read Privacy PolicyDisclaimer
Our Disclaimer outlines the limitations of liability and accuracy of content provided by StanbinOnline.
Read DisclaimerNeed a copy of our GDPR Policy?
You can print this page or download a PDF version for your records.