GDPR Compliance
We believe strong privacy protections should apply to everyone, not just EU residents. Here's how we meet GDPR requirements and respect your data rights.
Last updated: January 9, 2026
GDPR Overview
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union law that protects the personal data and privacy of EU residents. Even though we're based in the United States, we serve clients globally and respect these protections for everyone.
Our commitment
We've designed our data practices to meet GDPR standards, regardless of where you're located. This means clear consent, minimal data collection, and respect for your rights over your personal information.
Lawful Basis for Processing
Consent
For marketing emails and non-essential cookies, we ask for your explicit consent. You can withdraw consent at any time, and we make it easy to do so.
Contract performance
When you hire us for a project, we process your data as necessary to deliver our services. This includes contact details, project requirements, and payment information.
Legitimate interests
We may process limited data for legitimate business purposes like fraud prevention and service improvement, always balancing our interests against your privacy rights.
Your Rights Under GDPR
Right to access
You can request a copy of all personal data we hold about you. We'll provide it in a structured, commonly used format within 30 days.
Right to rectification
If any data we hold is inaccurate or incomplete, you have the right to have it corrected. Just let us know what needs updating.
Right to erasure
Also known as the 'right to be forgotten.' You can request deletion of your personal data, and we'll comply unless we have a legal obligation to retain it.
Right to restrict processing
You can ask us to limit how we use your data while we address concerns or verify accuracy. We'll still store the data but won't process it further.
Right to data portability
You can request your data in a machine-readable format to transfer to another service provider.
Right to object
You can object to processing based on legitimate interests or for direct marketing. We'll stop unless we have compelling legitimate grounds.
Rights related to automated decisions
We don't make significant decisions about you using purely automated processes. If this changes, you'll have the right to human review.
Data Protection Measures
Technical safeguards
We use encryption for data in transit and at rest, secure hosting with reputable providers, access controls, and regular security assessments.
Organizational measures
Our team receives privacy training. Access to personal data is limited to those who need it. We maintain documentation of our data processing activities.
Vendor management
We carefully vet third-party services that process personal data. All vendors must meet our security standards and sign data processing agreements.
International Data Transfers
Where data is processed
Our primary operations are in the United States. Some data may be processed in other countries through our service providers (e.g., cloud hosting, email services).
Transfer safeguards
For transfers outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.
Your control
If you prefer your data not be transferred outside the EU/EEA, please let us know. We'll discuss alternatives, though some services may be limited.
Data Breach Procedures
Our response plan
In the unlikely event of a data breach, we have procedures to detect, contain, and assess the impact quickly. We take all incidents seriously.
Notification
If a breach is likely to result in risk to your rights, we'll notify relevant authorities within 72 hours. If the risk is high, we'll also notify you directly with clear information about what happened and what you can do.
Continuous improvement
Every incident, however minor, is reviewed to prevent recurrence. We learn from any issues to strengthen our security posture.
Data Protection Contact
Privacy inquiries
While we're not required to have a formal Data Protection Officer, we take privacy seriously. For any GDPR-related questions or to exercise your rights, contact our privacy team.
How to reach us
Email: privacy@apzeesolutions.com Subject line: GDPR Request We aim to respond to all requests within 30 days, often sooner.
Supervisory authority
If you're unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority. We'd prefer to resolve issues directly, so please give us a chance first.
Contact Information
Get in touch
Apzee Solutions New York, NY, United States General: hello@apzeesolutions.com Privacy: privacy@apzeesolutions.com