GDPR Compliance

Your rights under the General Data Protection Regulation

Last Updated: October 28, 2025

Our Commitment to GDPR Compliance

VWS (Viral Web SEM) is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains your rights and how we handle your personal data in accordance with GDPR requirements.

Data Controller: VWS (Viral Web SEM)
Contact: privacy@viralwebsem.com

Your GDPR Rights

Under the GDPR, EU residents have the following rights regarding their personal data:

πŸ” Right of Access

You can request a copy of all personal data we hold about you, including how we use it and who we share it with.

✏️ Right to Rectification

You can ask us to correct any personal data that is inaccurate or incomplete.

πŸ—‘οΈ Right to Erasure

Also known as the "right to be forgotten" - you can request deletion of your personal data under certain circumstances.

⏸️ Right to Restrict Processing

You can ask us to temporarily stop processing your data while we verify its accuracy or your objections.

πŸ“¦ Right to Data Portability

You can receive your personal data in a structured, commonly used format to transfer to another service.

❌ Right to Object

You can object to processing of your data for direct marketing, research, or legitimate interests.

🚫 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

βš–οΈ Right to Lodge a Complaint

You can file a complaint with your local data protection authority if you believe we've violated GDPR.

Legal Basis for Processing

We process your personal data under the following legal bases:

  • Consent: Newsletter subscriptions, marketing communications, cookies
  • Contract Performance: Providing services, processing payments, customer support
  • Legitimate Interest: Website analytics, security, business development
  • Legal Obligation: Tax records, compliance reporting, legal requirements

Data Protection Measures

We implement appropriate technical and organizational measures to protect your data:

Technical Safeguards

  • SSL/TLS encryption for data transmission
  • Encrypted database storage
  • Regular security updates and patches
  • Access controls and authentication systems
  • Regular backups with secure storage
  • Network security monitoring

Organizational Measures

  • Staff privacy training and awareness programs
  • Data protection policies and procedures
  • Regular privacy impact assessments
  • Vendor due diligence and contracts
  • Incident response procedures
  • Data minimization practices

International Data Transfers

When we transfer your data outside the EU, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate protection as determined by the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contract terms that provide appropriate safeguards
  • Binding Corporate Rules: For transfers within multinational companies
  • Certification Schemes: Recognized certification programs for data protection

Current third-party services that may involve international transfers:

  • Google Analytics (US) - Standard Contractual Clauses
  • Mailchimp (US) - Standard Contractual Clauses
  • Stripe (US) - Adequacy decision framework

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in our Privacy Policy:

  • Active client data: Duration of service plus 7 years for legal compliance
  • Marketing data: Until consent is withdrawn or 3 years of inactivity
  • Website analytics: 26 months (Google Analytics default)
  • Support tickets: 3 years for service improvement
  • Financial records: 7 years as required by law

Exercise Your Rights

Use this form to exercise your GDPR rights or contact us with privacy questions:

We may request additional verification to protect your privacy
Response Time: We will respond to your request within 30 days as required by GDPR. Complex requests may take up to 3 months with proper notification.

Data Protection Officer

For questions about data protection or GDPR compliance, you can contact our privacy team:

Supervisory Authority

If you believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection authority:

  • For EU residents: Contact your national data protection authority
  • Information Commissioner's Office (UK): ico.org.uk
  • European Data Protection Board: edpb.europa.eu

Questions about your data rights?

Our privacy team is here to help you understand and exercise your rights under GDPR.

Contact Privacy Team