GDPR Compliance - BackMetric

Nutrigen Sp. z o.o. is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR). This page explains your rights under GDPR and how we process your personal data.

1. Legal Basis for Processing

We process your personal data based on the following legal grounds: (a) Contract Performance: Processing is necessary to provide our Service to you; (b) Legitimate Interests: We process data for our legitimate business interests, such as improving our Service and preventing fraud; (c) Consent: Where required, we obtain your explicit consent before processing certain types of data; (d) Legal Obligations: We process data to comply with legal requirements.

2. Your GDPR Rights

Under GDPR, you have the following rights: (a) Right to Access: Request copies of your personal data; (b) Right to Rectification: Request correction of inaccurate data; (c) Right to Erasure: Request deletion of your data ("right to be forgotten"); (d) Right to Restrict Processing: Request limitation of how we use your data; (e) Right to Data Portability: Request transfer of your data to another service; (f) Right to Object: Object to processing based on legitimate interests; (g) Rights Related to Automated Decision-Making: Right to human review of automated decisions that significantly affect you.

3. Data Controller

Nutrigen Sp. z o.o. acts as the data controller for personal data processed through the BackMetric service. We are responsible for ensuring that your personal data is processed in accordance with GDPR and other applicable data protection laws.

4. Data Processing Activities

We process the following categories of personal data: (a) Identity Data: name, username, account ID; (b) Contact Data: email address, billing address; (c) Financial Data: payment card details (processed by our payment processor); (d) Technical Data: IP address, browser type, device information; (e) Usage Data: how you interact with our Service; (f) Monitoring Data: backlinks and URLs you choose to monitor. All data is processed only for specified, explicit, and legitimate purposes.

5. Data Retention Periods

We retain personal data only as long as necessary for the purposes we collected it. Account data is retained while your account is active. Backlink monitoring data is retained according to your subscription plan (30-365 days). After account deletion, personal data is anonymized or deleted within 30 days, except where we are required by law to retain it longer.

6. Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including: (a) Encryption of data in transit and at rest; (b) Regular security assessments and penetration testing; (c) Access controls and authentication mechanisms; (d) Employee training on data protection; (e) Incident response procedures; (f) Regular backups and disaster recovery plans.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with GDPR requirements.

8. Third-Party Data Processors

We work with trusted third-party service providers who process data on our behalf. All processors are carefully selected and required to: (a) Process data only on our instructions; (b) Implement appropriate security measures; (c) Sign data processing agreements (DPAs); (d) Comply with GDPR requirements. We remain responsible for their processing activities.

9. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and 34.

10. Children's Data

Our Service is not directed at children under 16 years of age. We do not knowingly collect or process personal data from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

11. Exercising Your Rights

To exercise any of your GDPR rights, you can: (a) Access your account settings to view, update, or delete your data; (b) Contact us at [email protected]; (c) Submit a formal request through our contact form. We will respond to your request within 30 days. There is no fee for exercising your rights, unless your request is clearly unfounded or excessive.

12. Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority. In Poland, this is the Personal Data Protection Office (Urząd Ochrony Danych Osobowych - UODO).

Supervisory Authority

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warszawa, Poland

Website: https://uodo.gov.pl

Email: [email protected]