GDPR Compliance

Last Updated: January 1, 2025

Adstia is committed to protecting your privacy rights under the General Data Protection Regulation (GDPR).

1. Our Commitment to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that enhances individuals' control and rights over their personal data. We are fully committed to GDPR compliance and have implemented appropriate measures to protect your data.

2. Legal Basis for Processing

We process personal data under the following legal bases:

2.1 Consent

For marketing communications and non-essential cookies, we rely on your explicit consent. You can withdraw consent at any time.

2.2 Contract Performance

We process data necessary to fulfill our contractual obligations to provide you with our services.

2.3 Legitimate Interests

We process data for legitimate business interests, such as:

  • Improving our services
  • Fraud prevention and security
  • Internal analytics and research
  • Direct marketing to existing customers

2.4 Legal Obligations

We process data when required by law, such as for tax or accounting purposes.

3. Your Rights Under GDPR

As a data subject, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data under certain circumstances.

Right to Restriction

You can request that we limit how we use your personal data.

Right to Data Portability

You can request your data in a structured, commonly used format to transfer to another provider.

Right to Object

You can object to processing of your data for direct marketing or based on legitimate interests.

Right to Withdraw Consent

Where we rely on consent, you can withdraw it at any time without affecting prior processing.

Right to Lodge a Complaint

You can file a complaint with your local data protection authority.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, contact us at:

Email: privacy@adstia.com

Subject line: "GDPR Data Subject Request"

We will respond to your request within 30 days. In some cases, we may extend this period by an additional 60 days when necessary, and we will inform you of the extension.

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure data protection:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication protocols
  • Employee training on data protection
  • Data minimization principles
  • Regular backup and disaster recovery procedures
  • Incident response and breach notification procedures

6. International Data Transfers

When we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions for countries with equivalent data protection
  • Binding Corporate Rules for intra-group transfers

7. Data Retention

We retain personal data only for as long as necessary:

  • Active clients: Duration of contract plus 7 years for accounting purposes
  • Marketing data: Until consent is withdrawn or 3 years of inactivity
  • Website analytics: 26 months from collection
  • Support tickets: 3 years from resolution

8. Data Protection Officer

Our Data Protection Officer oversees our GDPR compliance:

Email: dpo@adstia.com

Address: Data Protection Officer, Adstia, 123 Marketing Street, New York, NY 10001

9. Related Policies

For more information about how we handle your data, please review:

10. Updates to This Policy

We may update this GDPR Compliance page from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes through email or prominent notice on our website.