GDPR Policy for Acelerun

Last updated: Oct 21, 2024

Acelerun GDPR Compliance Policy

Acelerun is committed to protecting the privacy and rights of individuals whose personal data we process. This policy outlines how we comply with the General Data Protection Regulation (GDPR) in our role as both a data controller and data processor.

Data Processing Activities

As a SaaS provider, we process personal data on behalf of our clients (the data controllers) and also process data for our own business purposes. Our data processing activities include:

– Collecting user account information
– Storing customer data in our cloud infrastructure
– Analyzing usage data to improve our services
– Processing payments and billing information

Legal Basis for Processing

We only process personal data when we have a lawful basis to do so under GDPR Article 6. The legal bases we rely on include:

– Consent
– Performance of a contract
– Legitimate interests
– Legal obligation

We obtain explicit consent from individuals before processing any special category data as defined in GDPR Article 9.

Data Subject Rights

We respect the rights of data subjects under the GDPR and have implemented processes to respond to requests to exercise those rights, including:

– Right to access
– Right to rectification
– Right to erasure
– Right to restrict processing
– Right to data portability
– Right to object

Data subjects can submit requests via team@acelerun.com . We will respond to all requests within 30 days.

Subprocessors:

• Paddle – Billing services
• Stripe – Billing services
• Telegram – Communication and customer service
• Google Analytics – Website analytics service
• Cloudflare – https://www.cloudflare.com/cloudflare-customer-dpa
• Google Cloud Services – https://cloud.google.com/terms/data-processing-terms
• OVH Cloud Services – https://us.ovhcloud.com/legal/data-

Data Protection Measures

We have implemented appropriate technical and organizational measures to ensure the security of personal data, including:

– Encryption of data in transit and at rest
– Access controls and authentication
– Regular security audits and penetration testing
– Data backup and disaster recovery procedures

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours. We will also notify affected data subjects without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

Data Protection Officer

We have appointed a Data Protection Officer responsible for overseeing our GDPR compliance. The DPO can be contacted at privacy@acelerun.com

International Data Transfers

Any transfers of personal data outside the EEA will only be done in compliance with GDPR requirements, such as using Standard Contractual Clauses or adequacy decisions.

Record of Processing Activities

We maintain a record of our processing activities as required by GDPR Article 30, including purposes of processing, categories of personal data, recipients, and retention periods.

Privacy by Design

We incorporate data protection principles into our product development and business processes through privacy by design and privacy by default practices.

Training

All employees receive regular training on GDPR requirements and our data protection policies and procedures.

Policy Updates

This policy will be reviewed annually and updated as needed to reflect changes in our practices or regulatory requirements.

For any questions about this policy or our GDPR compliance, please contact privacy@acelerun.com.

Last updated: Oct 21, 2024