GDPR Compliance

General Data Protection Regulation Compliance

Last updated: December 12, 2024

Our Commitment to GDPR

PicRefine is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains how we meet our obligations and your rights under GDPR.

🇪🇺 GDPR applies to all EU residents regardless of where the processing takes place. We treat all users with the same high privacy standards.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access (Article 15)

You can request a copy of all personal data we hold about you, including:

  • Account information and profile data
  • Processing history and uploaded images
  • Payment records and subscription details
  • Communication history with our support

Request time: We respond within 30 days

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data:

  • Update your profile information
  • Correct billing or payment details
  • Modify communication preferences

Right to Erasure (Article 17) - "Right to be Forgotten"

You can request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and no other legal basis exists
  • You object to processing and no overriding interest exists
  • The data has been unlawfully processed

Right to Data Portability (Article 20)

You can receive your data in a structured, machine-readable format:

  • Export account data as JSON or CSV
  • Download processed images and metadata
  • Transfer data to another service provider

Right to Object (Article 21)

You can object to processing of your personal data for:

  • Direct marketing purposes (absolute right)
  • Processing based on legitimate interests
  • Research and statistical purposes

How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Contact Our DPO

Email: dpo@picrefine.com

Subject: GDPR Rights Request

Response Time: 30 days maximum

Use Our Privacy Portal

Access your data, make requests, and track status through our secure privacy portal.

Identity Verification

To protect your privacy, we may need to verify your identity before processing certain requests. This may involve confirming account details or providing additional identification.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

Processing PurposeLegal BasisArticle
Account creation and managementContract performance6(1)(b)
Image processing servicesContract performance6(1)(b)
Payment processingContract performance6(1)(b)
Customer supportLegitimate interest6(1)(f)
Marketing communicationsConsent6(1)(a)
Fraud preventionLegitimate interest6(1)(f)
Legal complianceLegal obligation6(1)(c)

Data Transfers

We may transfer your personal data outside the European Economic Area (EEA). When we do, we ensure appropriate safeguards are in place:

  • AWS (US): Standard Contractual Clauses (SCCs)
  • Stripe (US): Adequacy decision and SCCs
  • Replicate (US): Standard Contractual Clauses
  • Google Analytics: Data Processing Amendment

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:

DPO Contact: dpo@picrefine.com

Responsibilities:

  • Monitor GDPR compliance
  • Conduct privacy impact assessments
  • Handle data subject requests
  • Serve as contact point for supervisory authorities
  • Provide privacy training and guidance

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR. You can contact:

  • The supervisory authority in your EU country of residence
  • The supervisory authority where the alleged infringement occurred
  • The Irish Data Protection Commission (our lead supervisory authority)

Irish Data Protection Commission
Website: www.dataprotection.ie
Email: info@dataprotection.ie

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours
  • We will inform affected individuals without undue delay
  • We will provide clear information about the breach and our response
  • We will take immediate steps to mitigate the impact

Our GDPR Commitment

We are committed to transparency, accountability, and protecting your privacy rights. Our GDPR compliance is not just a legal requirement—it's fundamental to how we operate and build trust with our users.