GDPR Compliance
Our commitment to protecting your personal data under the General Data Protection Regulation.
Last updated: January 1, 2026
Your Rights Under GDPR
The GDPR provides you with specific rights regarding your personal data. Here's what you can do:
Right to Access
You have the right to request a copy of the personal data we hold about you.
Right to Rectification
You can request that we correct any inaccurate or incomplete personal data.
Right to Erasure
You can request that we delete your personal data in certain circumstances.
Right to Data Portability
You can request your data in a structured, machine-readable format.
Right to Restrict Processing
You can request that we limit how we use your personal data.
Right to Object
You can object to the processing of your personal data for certain purposes.
How We Ensure Compliance
We've implemented comprehensive measures to protect your data and ensure GDPR compliance.
Data Protection by Design
We integrate data protection into our systems and processes from the ground up.
EU Data Residency
European customer data is stored and processed within the European Union.
Data Processing Agreements
We provide DPAs compliant with GDPR Article 28 requirements.
Security Measures
We implement robust technical and organizational security measures.
Enterprise-Grade Security
PriceJoule maintains SOC 2 Type II certification and undergoes regular third-party security audits.
1. Our Commitment to GDPR
Compliance Overview
PriceJoule is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). We process personal data lawfully, fairly, and transparently, collecting only what is necessary for specified, explicit, and legitimate purposes.
Data Controller
PriceJoule, Inc. acts as the data controller for personal data collected through our website and marketing activities. For customer data processed through our platform, we act as a data processor on behalf of our customers who remain the data controllers.
2. Legal Basis for Processing
Contractual Necessity
We process personal data when necessary to perform our contract with you, such as providing access to our platform, processing payments, and delivering customer support.
Legitimate Interests
We may process data based on our legitimate business interests, such as improving our services, preventing fraud, and ensuring network security, provided these interests do not override your fundamental rights.
Consent
Where required, we obtain your explicit consent before processing personal data, such as for marketing communications. You can withdraw consent at any time.
Legal Obligation
We process personal data when required to comply with legal obligations, such as tax reporting, regulatory requirements, or responding to lawful requests from authorities.
3. International Data Transfers
Transfer Mechanisms
When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
Sub-Processors
We maintain a list of sub-processors who may process personal data on our behalf. We ensure all sub-processors meet GDPR requirements and enter into appropriate data processing agreements.
4. Data Retention
Retention Periods
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Different categories of data may have different retention periods.
Deletion Procedures
When personal data is no longer needed, we securely delete or anonymize it using industry-standard methods to prevent unauthorized access or recovery.
5. Data Security
Technical Measures
We implement encryption in transit (TLS 1.3) and at rest (AES-256), access controls, intrusion detection systems, and regular security testing to protect personal data.
Organizational Measures
We maintain security policies, conduct regular staff training, perform background checks, and implement role-based access controls to minimize data access to authorized personnel only.
Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours where required by GDPR, and affected individuals without undue delay if there is a high risk to their rights and freedoms.
6. Data Processing Agreements
DPA Availability
We offer a comprehensive Data Processing Agreement (DPA) that complies with GDPR Article 28 requirements. Enterprise customers can request a DPA as part of their subscription agreement.
DPA Contents
Our DPA covers the subject matter and duration of processing, nature and purpose of processing, types of personal data, categories of data subjects, and obligations and rights of the controller.
7. Exercising Your Rights
How to Submit a Request
You can exercise your GDPR rights by emailing us at privacy@pricejoule.com or using the contact form on our website. Please provide sufficient information to verify your identity and specify which right you wish to exercise.
Response Time
We will respond to your request within one month. This period may be extended by two additional months where necessary, depending on the complexity and number of requests.
Verification
To protect your privacy, we may need to verify your identity before fulfilling your request. We will not charge a fee for most requests, unless they are manifestly unfounded or excessive.
8. Data Protection Officer
DPO Contact
PriceJoule has appointed a Data Protection Officer to oversee our data protection strategy and ensure GDPR compliance. You can contact our DPO at dpo@pricejoule.com for any data protection related queries.
9. Supervisory Authority
Right to Complain
If you believe we have not handled your personal data properly or have not responded adequately to your requests, you have the right to lodge a complaint with your local data protection supervisory authority.
Lead Supervisory Authority
For customers in the European Union, our lead supervisory authority is the Irish Data Protection Commission, as we have established our EU representative in Ireland.
Contact Our Data Protection Team
For any GDPR-related questions, data subject requests, or to request a Data Processing Agreement:
Contact Us