EU Policies & GDPR Compliance

Last Updated: January 1, 2025

1. Introduction

Shaivo is committed to protecting the privacy and personal data of individuals in the European Union (EU) and European Economic Area (EEA). This policy outlines our compliance with the General Data Protection Regulation (GDPR) and other relevant EU regulations.

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined by the GDPR:

  • Consent: You have given clear consent for us to process your personal data for specific purposes
  • Contract: Processing is necessary to fulfill our contractual obligations to you
  • Legal Obligation: Processing is necessary to comply with legal requirements
  • Legitimate Interests: Processing is necessary for our legitimate business interests, provided these do not override your rights

3. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

Right to Access

You have the right to request copies of your personal data that we hold.

Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You have the right to request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You have the right to request that we limit the processing of your personal data under certain conditions.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transfer it to another controller.

Right to Object

You have the right to object to our processing of your personal data under certain circumstances.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time.

4. Exercising Your Rights

To exercise any of these rights, you can:

  • Access your account settings to update or delete your data
  • Contact us through our contact page
  • Email our Data Protection Officer (contact details below)

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

5. Data Transfers Outside the EU/EEA

Your personal data may be transferred to and processed in countries outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules
  • Your explicit consent

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Providing our services to you
  • Complying with legal, accounting, or reporting obligations
  • Resolving disputes and enforcing our agreements

When personal data is no longer needed, we will securely delete or anonymize it.

7. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance. You can contact our DPO at:

Data Protection Officer

Shaivo

Contact DPO

8. Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities can be found at:

European Data Protection Board - Supervisory Authorities

9. Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights
  • Provide information about the nature of the breach and the measures taken to address it

10. Privacy by Design and by Default

We implement appropriate technical and organizational measures to ensure that, by default, only personal data necessary for each specific purpose is processed. This includes:

  • Data minimization - collecting only what is necessary
  • Pseudonymization and encryption where appropriate
  • Regular security assessments and updates
  • Privacy impact assessments for high-risk processing

11. Children's Privacy

Our Service is not directed to children under 16 years of age. If you are under 16, you may only use our Service with the consent of a parent or guardian. We do not knowingly collect personal data from children under 16 without parental consent.

12. Updates to This Policy

We may update this EU Policy to reflect changes in our practices or legal requirements. We will notify you of significant changes through email or a prominent notice on our Service. We encourage you to review this policy periodically.

13. Contact Information

For questions about this EU Policy or our GDPR compliance, please contact:

Contact Us