GDPR Compliance

Last Updated: January 26, 2025

Bizlution AB ("regpilot," "we," "us," or "our") is committed to compliance with the General Data Protection Regulation (GDPR). This page outlines our data protection practices and your rights under GDPR.

Your Rights Under GDPR

Right of Access (Article 15)

You have the right to:

• Request confirmation of whether we process your personal data
• Obtain a copy of your personal data
• Receive information about our processing activities

Right to Rectification (Article 16)

You can request correction of:

• Inaccurate personal data
• Incomplete personal data
• Outdated information in your account

Right to Erasure (Article 17)

You may request deletion when:

• Personal data is no longer necessary for original purposes
• You withdraw consent and no other legal ground exists
• Data has been unlawfully processed
• Erasure is required for legal compliance

Right to Data Portability (Article 20)

You can request:

• Your personal data in a structured, machine-readable format
• Direct transmission to another controller where technically feasible

Legal Basis for Processing

We process personal data based on:

• Contract Performance: Providing our compliance platform services
• Legitimate Interests: Platform improvement, security, and business operations
• Consent: Marketing communications and optional features
• Legal Obligation: Compliance with applicable laws and regulations

Data Protection Measures

Technical Safeguards

• Encryption: AES-256 encryption for data at rest and in transit
• Access Controls: Role-based permissions and multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring
• Regular Updates: Security patches and vulnerability management

Organizational Measures

• Staff Training: Regular privacy and security awareness programs
• Data Minimization: Collecting only necessary personal data
• Retention Policies: Automatic deletion of expired data
• Incident Response: Procedures for data breach notification

International Data Transfers

When transferring data outside the EU/EEA, we ensure adequate protection through:

• Adequacy Decisions: Transfers to countries with adequate protection
• Standard Contractual Clauses: EU-approved data transfer agreements
• Binding Corporate Rules: Internal data protection policies
• Consent: Explicit consent for specific transfers

Data Breach Notification

In case of a personal data breach, we will:

• Notify supervisory authorities within 72 hours when required
• Inform affected individuals without undue delay if high risk exists
• Document all breaches and remedial actions taken
• Implement measures to prevent future incidents

Exercising Your Rights

To exercise your GDPR rights:

1. Contact us at privacy@regpilot.dev
2. Provide identification to verify your identity
3. Specify your request clearly and include relevant details
4. Allow up to 30 days for us to respond to your request

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, workplace, or where an alleged infringement occurred.

Swedish Data Protection Authority (IMY)
Website: www.imy.se
Email: imy@imy.se

Contact Information

For GDPR-related questions or requests:

Data Protection Officer: dpo@regpilot.dev
Privacy Team: privacy@regpilot.dev
Address: Bizlution AB, Gothenburg, Sweden

Compliance Disclaimer

IMPORTANT: This GDPR compliance information is provided for transparency purposes. regpilot:

• Does not provide legal advice regarding GDPR compliance
• Cannot guarantee your organization's GDPR compliance
• Recommends consulting qualified data protection counsel
• Updates practices as regulations and guidance evolve

Organizations remain responsible for ensuring their own GDPR compliance when using our services.