GDPR Overview

Last updated: 22/06/2022

What is data privacy and data protection anyway?

Data protection focuses on protecting assets from unauthorized use, while data privacy defines who is authorized to access the data. In a way, data privacy is about the user being in control of their own data, while data protection is about how the company handles the data.

What is personal data?

Personal data is any data that can be linked back to a natural person. This includes obvious things like your name, address, phone number, and email. But it also extends to less obvious digital footprints — your IP address, browser cookies, social media activity, and location data all count as personal data under GDPR.

What's General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) was implemented in 2018 as a comprehensive data protection law for the European Union. It introduced several key changes:

•  Strengthened consent requirements — companies must obtain clear, affirmative consent before processing personal data

•  Mandatory breach reporting — organizations must report data breaches within 72 hours

•  Greater accountability — companies must demonstrate compliance through documentation and impact assessments

•  Significant penalties — fines of up to 4% of annual global turnover or €20 million, whichever is greater

Does GDPR apply to me?

Yes — even if your business is based outside the European Economic Area (EEA). GDPR applies to any organization that processes the personal data of individuals located in the EU, regardless of where the company itself is based. If you offer goods or services to people in the EU, or monitor their behavior, GDPR applies to you.

Frequently Asked Questions

How do I manage my data or unsubscribe?

You can manage your data preferences or unsubscribe at any time by contacting us directly at oi@nichemat.es. We will process your request promptly and ensure your data is handled according to your wishes.

Where is my data stored?

Your data is stored on servers operated by Vercel, our hosting provider. Vercel maintains industry-standard security practices and compliance certifications to ensure your data remains protected.

What steps have you taken to ensure GDPR compliance?

We have signed Data Processing Agreements (DPAs) with all our subprocessors, implemented appropriate technical and organizational measures, and regularly review our data handling practices. We maintain transparent data processing records and have designated points of contact for data protection inquiries.

What happens in case of a data breach?

In the event of a data breach, we will notify the relevant supervisory authority within 72 hours as required by GDPR. If the breach poses a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Where can I learn more about GDPR?

We recommend reviewing the official GDPR full text, consulting your local data protection authority, or reaching out to a qualified legal professional for specific advice regarding your situation.

Resources & Links

→  Privacy Policy→  Data Processing Agreement→  German Federal Commissioner for Data Protection→  EU Data Protection Commissioner→  GDPR Full Text (PDF)

Disclaimer

The information provided on this page is for general informational purposes only and does not constitute legal advice. For specific guidance regarding data protection and GDPR compliance, we recommend consulting a qualified legal professional.