GDPR Compliance
Overview
Slotsy is committed to full compliance with the General Data Protection Regulation (GDPR). This page outlines our approach to data protection and the rights of individuals whose data we process.
We act as both a data controller (for data we collect directly) and a data processor (for data collected by businesses using our platform).
Data Controller Information
As a data controller, Slotsy determines the purposes and means of processing personal data for platform operations, account management, and marketing.
For data processed on behalf of businesses using our platform, the business is the data controller and Slotsy acts as a data processor under the terms of our Data Processing Agreement.
Legal Basis for Processing
We process personal data under the following legal bases: contractual necessity (providing our services), legitimate interests (security, fraud prevention, platform improvement), consent (marketing, optional analytics), and legal obligations (tax compliance, regulatory requirements).
We only process data that is necessary and proportionate to the stated purpose.
Data Subject Rights
Under GDPR, you have the following rights:
| Right | Description |
|---|---|
| Access | Request a copy of your personal data |
| Rectification | Correct inaccurate or incomplete data |
| Erasure | Request deletion of your data ("right to be forgotten") |
| Restriction | Limit how we process your data |
| Portability | Receive your data in a machine-readable format |
| Objection | Object to processing based on legitimate interests |
| Withdraw Consent | Withdraw consent at any time for consent-based processing |
Data Protection Officer
Our Data Protection Officer can be reached at [email protected] for any questions regarding GDPR compliance, data subject requests, or data protection concerns.
Data Breach Notification
In the event of a personal data breach that poses a risk to individuals' rights, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
Affected individuals will be notified without undue delay when the breach is likely to result in a high risk to their rights and freedoms.
International Data Transfers
When personal data is transferred outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission, or rely on adequacy decisions where applicable.
We conduct Data Transfer Impact Assessments for transfers to countries without adequacy decisions.
Privacy by Design
We implement data protection principles from the design stage of every new feature and system. This includes data minimization, purpose limitation, access controls, and encryption by default.
Regular privacy impact assessments are conducted for new features that process personal data.
Contact
For GDPR-related inquiries: [email protected]
For general privacy questions: [email protected]