RepPreps Logo - Return to homepage

GDPR Compliance

Last updated: May 9, 2025

Introduction

This page explains how RepPreps complies with the General Data Protection Regulation (GDPR), a regulation in EU law on data protection and privacy for individuals within the European Union.

Your Data Protection Rights

Under the GDPR, if you are an EU resident, you have the following rights:

  • Right to Access: You have the right to request copies of your personal data.
  • Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.
  • Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
  • Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • Right to Object to Processing: You have the right to object to our processing of your personal data, under certain conditions.
  • Right to Data Portability: You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.

Data Processing and Analytics

We use Google Analytics to collect information about how users interact with our website. This processing is based on our legitimate interest in improving our services and website functionality. By default, analytics tracking is enabled when you visit our site (implied consent model). However, you have the right to object to this processing at any time by:

  • Installing the Google Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout)
  • Contacting us directly to set an opt-out cookie in your browser
  • Adjusting your browser settings to block analytics cookies

How We Process Your Data

We process personal data in accordance with the following principles:

  • Lawful, Fair, and Transparent: We process data lawfully, fairly, and in a transparent manner.
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.
  • Data Minimization: We limit data collection to what is necessary for the purposes for which it is processed.
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
  • Storage Limitation: We keep data for no longer than necessary for the purposes for which it is processed.
  • Integrity and Confidentiality: We process data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Consent: We obtain explicit consent for certain processing activities, such as email marketing.
  • Contract: We process data necessary to fulfill our contractual obligations to you.
  • Legal Obligation: We process data to comply with legal requirements.
  • Legitimate Interests: We process data, including analytics information, based on our legitimate interests in improving and securing our services, provided these interests are not overridden by your rights and freedoms. You have the right to object to processing based on legitimate interests.

Data Transfer Outside the EU

When we transfer personal data outside the EU, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission. This includes transfers to our analytics provider, Google Analytics, which processes data in the United States.

Our Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact our DPO: Email: [email protected], Phone: (555) 123-4567, Address: 123 Tech Lane, Suite 100, San Francisco, CA 94105

Exercising Your Rights

To exercise any of your rights under the GDPR, please submit a request to our DPO. We will respond to all legitimate requests within one month. If your request is particularly complex, it may take us longer to respond. In this case, we will notify you and keep you updated.

Complaints

You have the right to make a complaint at any time to the supervisory authority for data protection issues in your country. We would, however, appreciate the chance to deal with your concerns before you approach the authority, so please contact us in the first instance.