GDPR Compliance

Our commitment to European data protection standards

Last updated: July 17, 2025

1. Our GDPR Commitment

SyntheBrain is committed to protecting the personal data and privacy rights of individuals in the European Union (EU) and European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR).

2. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: When you have given clear consent for specific purposes
  • Contract: When processing is necessary for contract performance
  • Legal Obligation: When required by law
  • Vital Interests: When necessary to protect life or health
  • Public Task: When carrying out public interest tasks
  • Legitimate Interests: When pursuing legitimate business interests

3. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

Request access to your personal data and information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing

Request limitation of processing under specific conditions.

Right to Data Portability

Receive your personal data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or direct marketing.

4. Data Protection Measures

We implement appropriate technical and organizational measures including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and audits
  • Access controls and user authentication
  • Staff training on data protection principles
  • Data processing impact assessments
  • Incident response and breach notification procedures

5. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the European Commission
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification mechanisms

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, or resolve disputes. Specific retention periods vary based on:

  • The nature of the personal data
  • The purpose of processing
  • Legal and regulatory requirements
  • Legitimate business needs

7. Automated Decision-Making

We may use automated decision-making processes, including profiling, for legitimate business purposes. You have the right to:

  • Be informed about automated decision-making
  • Request human intervention
  • Express your point of view
  • Contest automated decisions

8. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay if there is a high risk
  • Document all data breaches and remedial actions taken
  • Conduct thorough investigations and implement preventive measures

9. Exercising Your Rights

To exercise your GDPR rights, please contact us using the information below. We will respond to your request within one month, which may be extended by two additional months in complex cases.

10. Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not adequately addressed your concerns.

11. Contact Our Data Protection Officer

For any questions about GDPR compliance or to exercise your rights, please contact our Data Protection Officer:

Data Protection Officer
SyntheBrain
Email: dpo@synthebrain.com
Phone: +1 (555) 123-4567