GDPR Compliance

Your rights under the General Data Protection Regulation (GDPR) and how we protect your data.

Last updated: December 20, 2024

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, in the European Union. It gives EU residents greater control over their personal data and requires organizations to be more transparent about how they collect, use, and protect personal information.

Thalatha is committed to complying with GDPR and protecting the privacy rights of all our users, regardless of their location.

2. Your Rights Under GDPR

2.1 Right to Information

You have the right to know what personal data we collect, how we use it, and why we process it. This information is provided in our Privacy Policy.

2.2 Right of Access

You can request a copy of all personal data we hold about you, including information about how we use it and who we share it with.

2.3 Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

2.4 Right to Erasure (Right to be Forgotten)

You can request that we delete your personal data in certain circumstances, such as when it's no longer necessary for the purpose it was collected.

2.5 Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

2.6 Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format, or ask us to transfer it to another service provider.

2.7 Right to Object

You can object to the processing of your personal data for certain purposes, such as direct marketing or profiling.

2.8 Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

3. How to Exercise Your Rights

3.1 Making a Request

To exercise any of your GDPR rights, you can contact us using the information provided in the Contact section below. We will respond to your request within 30 days.

3.2 Verification

For security reasons, we may need to verify your identity before processing your request. This may involve asking for additional information or documentation.

3.3 Response Time

We will respond to your request within 30 days. In complex cases, we may extend this period by up to 60 days, but we will inform you of any delay and the reasons for it.

Quick Access to Your Data

You can also access and manage some of your data directly through your account settings:

  • Update your profile information
  • Change your privacy settings
  • Manage notification preferences
  • Download your data
  • Delete your account

4. Legal Basis for Processing Your Data

Under GDPR, we must have a legal basis for processing your personal data. We process your data based on the following legal grounds:

4.1 Consent

We process some of your data based on your explicit consent, such as marketing communications and non-essential cookies.

4.2 Contract Performance

We process your data to provide our services and fulfill our contractual obligations to you.

4.3 Legitimate Interests

We process some data based on our legitimate interests, such as improving our services, preventing fraud, and ensuring security.

4.4 Legal Obligations

We may process your data to comply with legal obligations, such as tax requirements or law enforcement requests.

5. International Data Transfers

As a global service, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place:

5.1 Adequacy Decisions

Some countries have been deemed adequate by the European Commission, meaning they provide an equivalent level of data protection.

5.2 Standard Contractual Clauses

We use standard contractual clauses approved by the European Commission to ensure adequate protection when transferring data to non-adequate countries.

5.3 Binding Corporate Rules

We have implemented binding corporate rules to ensure consistent data protection standards across our organization.

6. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and handle data protection matters.

Contact Our Data Protection Officer

Email: dpo@thalatha.app

Address: Data Protection Officer, Thalatha Inc., Kuwait City Business District, Kuwait City, Kuwait

Phone: +965 1234 5678

7. Right to Complain

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

7.1 Supervisory Authority

You can contact the supervisory authority in your country of residence, or the supervisory authority in the country where the alleged violation occurred.

7.2 Contact Us First

We encourage you to contact us first so we can try to resolve any concerns you may have about how we handle your personal data.

8. Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements.

We will notify you of any material changes and update the "Last updated" date at the top of this page.

9. Contact Us

If you have any questions about our GDPR compliance or want to exercise your rights, please contact us:

Email: privacy@thalatha.app

Address: Thalatha Inc., Kuwait City Business District, Kuwait City, Kuwait

Phone: +965 1234 5678

Data Protection Officer: dpo@thalatha.app

Exercise Your Rights

Contact us to exercise your GDPR rights or learn more about our data protection practices.

Contact Data Protection Team View Privacy Policy