GDPR Compliance
Our commitment to protecting your data and privacy in accordance with the General Data Protection Regulation (GDPR).
Table of Contents
1. Introduction
At SafeDown, we are committed to protecting and respecting your privacy and ensuring we comply with the European Union's General Data Protection Regulation (GDPR). This policy explains how we handle personal data in compliance with GDPR requirements.
The GDPR is a regulation in EU law on data protection and privacy that applies to all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside these areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
This GDPR Compliance policy works alongside our Privacy Policy, which provides more detailed information on how we collect, use, and protect your personal information.
2. GDPR Core Principles
We adhere to the following GDPR principles when processing personal data:
Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner in relation to the data subject.
Purpose Limitation
We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
Data Minimization
We ensure that personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
Accuracy
We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
Storage Limitation
We keep personal data in a form that permits identification of data subjects for no longer than necessary for the purposes for which it is processed.
Integrity and Confidentiality
We process personal data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
Accountability
We are responsible for and can demonstrate compliance with the GDPR principles.
3. Personal Data We Collect
We may collect and process the following categories of personal data:
- Identity Data: First name, last name, username or similar identifier.
- Contact Data: Email address, telephone number, physical address.
- Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
- Usage Data: Information about how you use our website and services.
- Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
For a more detailed list of the personal data we collect and how we use it, please refer to our Privacy Policy.
4. Legal Basis for Processing
Under the GDPR, we must have a legal basis for processing your personal data. We generally rely on the following legal bases:
- Consent: Where you have explicitly agreed to us processing your data for a specific purpose.
- Contract: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into a contract.
- Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests: Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.
We will always be transparent about which legal basis we are relying on for each processing activity.
5. Your Rights Under GDPR
The GDPR provides you with the following rights regarding your personal data:
Right to Be Informed
You have the right to be informed about the collection and use of your personal data, which we fulfill through our Privacy Policy and this GDPR Compliance policy.
Right of Access
You have the right to request copies of your personal data that we hold.
Right to Rectification
You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete personal data.
Right to Erasure (Right to be Forgotten)
You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.
Right to Restrict Processing
You have the right to request that we restrict or suppress the processing of your personal data in certain circumstances.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Right to Object
You have the right to object to our processing of your personal data in certain circumstances, including for direct marketing purposes.
Rights Related to Automated Decision Making and Profiling
You have rights related to automated decision making and profiling. We do not currently make decisions based solely on automated processing, including profiling, which produce legal effects concerning you or similarly significantly affect you.
To exercise any of these rights, please contact us using the information provided in the "Contact for GDPR Matters" section below. We will respond to your request within one month.
6. International Data Transfers
Our servers are located in Europe. If you are accessing our website from outside Europe, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information, in Europe and other countries.
When we transfer personal data outside the European Economic Area (EEA), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Transferring to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Using specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- For transfers to the United States, ensuring the recipient is Privacy Shield certified, where applicable.
7. Data Security Measures
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our website is at your own risk. You should only access our services within a secure environment.
Our security measures include:
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication procedures
- Regular staff training on data protection and security
- Data backup and recovery procedures
8. Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. This notification will include:
- A description of the nature of the breach
- The name and contact details of our data protection officer or other contact point
- A description of the likely consequences of the breach
- A description of the measures taken or proposed to address the breach
9. Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR Compliance policy and our privacy practices. If you have any questions about this policy, including any requests to exercise your legal rights, please contact our DPO using the details provided in the next section.
10. Contact for GDPR Matters
GDPR Inquiries and Requests
If you have any questions about our GDPR compliance or wish to exercise any of your rights under the GDPR, please contact us at:
FBZ Hungária Kft.
Attention: Data Protection Officer
Address: 6000 Kecskemét, Kandó Kálmán utca 47.
Email: dpo@safedown.eu
You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.
Last Updated: May 20, 2025