GDPR Compliance

Your data protection rights under European law

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and data of EU residents. At Ethical Crystals, we are committed to respecting your privacy rights and ensuring full compliance with GDPR requirements.

๐Ÿ”’

Data Protection

We implement robust security measures to protect your personal data

๐Ÿ‘ค

Your Rights

You have full control over your personal data and how it's used

๐Ÿ“‹

Transparency

Clear information about what data we collect and why

Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

๐Ÿ‘๏ธ

Right to be Informed

You have the right to know what personal data we collect, how we use it, and who we share it with.

View Privacy Policy
๐Ÿ“–

Right of Access

You can request a copy of all personal data we hold about you.

โœ๏ธ

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

๐Ÿ—‘๏ธ

Right to Erasure

You can request deletion of your personal data under certain circumstances.

โธ๏ธ

Right to Restrict Processing

You can request that we limit how we use your personal data.

๐Ÿ“ฆ

Right to Data Portability

You can request your data in a structured, commonly used format.

๐Ÿšซ

Right to Object

You can object to certain types of processing, including direct marketing.

โš–๏ธ

Rights Related to Automated Decision Making

Protection against automated processing and profiling.

Learn More

What Data We Collect

We collect and process the following categories of personal data:

Account Information

  • Name and email address
  • Account preferences
  • Authentication data
Legal Basis: Contract performance, legitimate interests

Business Information

  • Company name and details
  • Certification documents
  • Supply chain information
Legal Basis: Contract performance, legitimate interests

Usage Data

  • Platform interaction data
  • Feature usage analytics
  • Performance metrics
Legal Basis: Legitimate interests, consent

Communication Data

  • Support tickets and messages
  • Survey responses
  • Marketing communications
Legal Basis: Consent, legitimate interests

How We Process Your Data

๐Ÿ”„ Automated Processing

We use automated systems to:

  • Calculate trust scores and certifications
  • Detect fraudulent or unethical practices
  • Recommend relevant businesses to consumers
  • Analyze platform usage patterns

Your Rights: You can request human review of automated decisions that significantly affect you.

๐ŸŒ International Transfers

Your data may be transferred outside the EU to:

  • Our cloud service providers (AWS, Google Cloud)
  • Analytics and support tools
  • Global certification partners

Safeguards: We only transfer data to countries with adequate protection or under appropriate safeguards.

โฐ Data Retention

We retain your data for:

  • Account data: Duration of account + 2 years
  • Certification data: 7 years (legal requirements)
  • Analytics data: 3 years (aggregated, anonymized)
  • Marketing data: Until consent withdrawal

Note: Some data may be retained longer for legal compliance.

Cookie Consent Management

Manage your cookie preferences and consent for various tracking technologies:

Essential Cookies

Required

Necessary for website functionality and security.

Analytics Cookies

Help us understand how you use our platform to improve user experience.

Marketing Cookies

Used to deliver relevant advertisements and measure campaign effectiveness.

Contact Our Data Protection Officer

If you have any questions about your data protection rights or wish to exercise any of your rights, please contact our Data Protection Officer:

๐Ÿ“ง Email

dpo@ethicalcrystals.com

๐Ÿ“ฎ Mail

Data Protection Officer
Ethical Crystals
123 Ethical Way, Suite 400
San Francisco, CA 94105
United States

โฑ๏ธ Response Time

We will respond to your request within 30 days as required by GDPR.

Supervisory Authority

If you are not satisfied with how we handle your data protection concerns, you have the right to lodge a complaint with your local supervisory authority or the Irish Data Protection Commission (our lead supervisory authority).

Quick Actions