OrderSlotsOrderSlots

GDPR Compliance

Your Privacy Rights Under the General Data Protection Regulation

Last updated: November 29, 2024

1. Our Commitment to GDPR

OrderSlots is committed to protecting and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page explains how we comply with GDPR requirements and outlines your data protection rights.

GDPR applies to all businesses that process personal data of individuals within the European Union (EU) and European Economic Area (EEA), regardless of where the business is located.

2. Legal Basis for Processing

Under GDPR, we process your personal data only when we have a legal basis to do so:

Contractual Necessity

Processing is necessary to perform our contract with you (e.g., managing your account, processing orders, providing delivery services).

Legitimate Interests

Processing is necessary for our legitimate business interests (e.g., improving services, fraud prevention, analytics) while respecting your rights.

Consent

You have given clear consent for us to process your data for specific purposes (e.g., marketing communications, cookies).

Legal Obligation

Processing is necessary to comply with legal requirements (e.g., tax records, financial regulations).

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request copies of your personal data. We will provide you with a copy of your data in a commonly used format.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data ("right to be forgotten") under certain circumstances.

Right to Restrict Processing

Request restriction of processing of your personal data in certain situations.

Right to Data Portability

Request transfer of your data to another organization or directly to you in a machine-readable format.

Right to Object

Object to processing of your personal data based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw your consent at any time where we rely on consent to process your data. This will not affect the lawfulness of processing before withdrawal.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

Submit a Request

  • Email:gdpr@orderslots.com or privacy@orderslots.com
  • Portal:Use the "Data Rights Request" form in your account settings
  • Support:Contact our support team at support@orderslots.com

Response Time: We will respond to your request within 30 days (or sooner). If we need more time, we will explain why and keep you updated.

5. Data Protection Measures

We implement appropriate technical and organizational measures to protect your personal data:

Encryption

Data encrypted in transit (SSL/TLS) and at rest

Access Controls

Role-based access and authentication

Regular Audits

Security assessments and vulnerability scans

Data Minimization

Collect only necessary data

Pseudonymization

Anonymize data where possible

Staff Training

Regular GDPR awareness training

6. International Data Transfers

When we transfer your data outside the EU/EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions (transfers to countries with adequate data protection)
  • Binding Corporate Rules (where applicable)
  • Your explicit consent for specific transfers

7. Data Breach Notification

In the event of a personal data breach, we will:

1.

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (if required)

2.

Inform affected individuals if the breach is likely to result in high risk to their rights and freedoms

3.

Describe the nature of the breach and the likely consequences

4.

Communicate the measures taken to address the breach and mitigate harm

8. Children's Privacy

OrderSlots is a B2B platform not directed at children under 16. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child under 16 without parental consent, we will delete it promptly.

9. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your data in accordance with GDPR. While we encourage you to contact us first, you may reach out to your local data protection authority:

EU Data Protection Authorities: Find your local authority

We will cooperate fully with supervisory authorities to resolve any complaints.

10. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer:

Email: dpo@orderslots.com

GDPR Requests: gdpr@orderslots.com

General Privacy: privacy@orderslots.com

11. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures. Any material changes will be communicated to you via email or platform notification, and reflected in our Privacy Policy and this GDPR page.

Your Privacy Matters

At OrderSlots, we take your privacy seriously and are committed to transparency in how we process your personal data. If you have any questions or concerns about GDPR compliance, please don't hesitate to contact us.