1. Introduction to GDPR

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations processing personal data of individuals in the European Union, regardless of where the organization is located.

Kojable is committed to full compliance with GDPR and Irish data protection law. This page explains your rights under GDPR and how we protect your personal data.

2. Our GDPR Commitment

As a company registered in Ireland, we are subject to the supervision of the Irish Data Protection Commission (DPC). We have implemented robust data protection measures to ensure:

• Lawful, fair, and transparent processing of personal data
• Data minimization - we only collect necessary data
• Accuracy and timely updates of personal data
• Storage limitation - data retained only as long as necessary
• Integrity and confidentiality through appropriate security measures
• Accountability - we can demonstrate compliance with GDPR

3. Your Rights Under GDPR

3.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether your personal data is being processed and, if so, access to that data and information about how it is being used.

How to exercise: Email hello@kojable.com with subject line "Data Access Request"

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

How to exercise: Update your information in account settings or contact us at hello@kojable.com

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed
• Erasure is required for compliance with a legal obligation

How to exercise: Email hello@kojable.com with subject line "Data Deletion Request"

3.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of data or object to processing.

How to exercise: Email hello@kojable.com with subject line "Restrict Processing Request"

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and transmit it to another data controller.

How to exercise: Email hello@kojable.com with subject line "Data Portability Request"

3.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests, direct marketing, or for scientific/historical research purposes.

How to exercise: Email hello@kojable.com or use unsubscribe links in marketing emails

3.7 Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal or similarly significant effects.

3.8 Right to Withdraw Consent (Article 7)

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

3.9 Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority, particularly in your country of habitual residence, place of work, or place of alleged infringement.

4. How We Process Your Data

4.1 Legal Bases for Processing

We process personal data based on the following legal grounds:

• Consent (Article 6(1)(a)): For marketing communications, cookies, and specific features
• Contract (Article 6(1)(b)): To provide our services and fulfill contractual obligations
• Legal Obligation (Article 6(1)(c)): To comply with legal and regulatory requirements
• Legitimate Interests (Article 6(1)(f)): For fraud prevention, security, and business analytics

4.2 Data We Collect

We collect and process the following categories of personal data:

• Identity data (name, username)
• Contact data (email, phone, address)
• Technical data (IP address, browser type, device information)
• Usage data (how you use our website and services)
• Marketing and communications data (preferences, communication history)

For complete details, see our Privacy Policy.

5. Data Protection Measures

5.1 Technical Measures

• Encryption of data in transit (TLS/SSL) and at rest
• Secure authentication and access controls
• Regular security testing and vulnerability assessments
• Secure backup and disaster recovery procedures
• Firewall and intrusion detection systems

5.2 Organizational Measures

• Data Protection Officer (DPO) oversight
• Employee training on data protection
• Data protection impact assessments (DPIAs)
• Vendor due diligence and data processing agreements
• Incident response and breach notification procedures
• Regular compliance audits

6. Data Transfers Outside the EU

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs): Approved by the European Commission
• Adequacy Decisions: Countries recognized by the EU as providing adequate data protection
• Binding Corporate Rules: For intra-group transfers

We conduct Transfer Impact Assessments (TIAs) to ensure the safety of international data transfers, in accordance with the Schrems II decision.

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the Data Protection Commission within 72 hours of becoming aware of the breach
• Notify affected individuals without undue delay if the breach poses a high risk
• Document all breaches, including facts, effects, and remedial action taken

8. Children's Data

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will delete it promptly.

Where processing is based on consent and the child is under 16, we require parental or guardian consent (Article 8 GDPR).

9. Automated Decision-Making and Profiling

We may use automated decision-making or profiling for the following purposes:

• Fraud detection and prevention
• Personalized content recommendations
• Customer service optimization

You have the right to:

• Obtain human intervention
• Express your point of view
• Contest the automated decision

10. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected. Retention periods vary depending on:

• The nature of the data and purpose of processing
• Legal and regulatory requirements (e.g., tax, accounting)
• Statute of limitations periods
• Our legitimate business needs

When data is no longer needed, we securely delete or anonymize it.

11. Making a GDPR Request

11.1 How to Submit a Request

To exercise any of your GDPR rights, please contact us:

• Email: hello@kojable.com
• Data Protection Officer: hello@kojable.com
• Mail: Data Protection Officer, Kojable, [Address], Ireland

11.2 Verification Process

To protect your privacy, we will verify your identity before processing requests. We may ask for:

• Proof of identity (e.g., government-issued ID)
• Additional information to locate your data
• Confirmation of account ownership

11.3 Response Time

We will respond to your request within one month of receipt. In complex cases, we may extend this by two additional months, and we will inform you of the extension and reasons.

11.4 Fees

We do not charge a fee for processing requests unless they are manifestly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable fee or refuse to act on the request.

12. Complaints and Disputes

If you believe we have not complied with GDPR, you may:

1. Contact us directly at hello@kojable.com to resolve the issue
2. Lodge a complaint with the Irish Data Protection Commission:
   • Data Protection Commission
   • 21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland
   • Phone: +353 (0)761 104 800 / +353 57 868 4800
   • Email: info@dataprotection.ie
   • Website: www.dataprotection.ie
3. If you reside in another EU country, you may also contact your local supervisory authority

13. Our Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO regarding any data protection matters:

• Email: hello@kojable.com
• Address: Data Protection Officer, Kojable, [Company Address], Ireland

14. Updates to This Page

We may update this page to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page indicates when it was last modified.

15. Additional Resources

For more information about GDPR and your rights:

• Irish Data Protection Commission
• European Data Protection Board
• European Commission - Data Protection
• Kojable Privacy Policy
• Kojable Cookie Policy