GDPR Compliance

At Clicks & Code, we value your privacy and are committed to safeguarding your personal data. As part of our dedication to transparency and compliance, we adhere to the General Data Protection Regulation (GDPR), the EU regulation designed to protect the rights of individuals with regard to personal data.

This page explains how we collect, process, store, and protect personal data, as well as your rights under GDPR.

1. What is GDPR?

The General Data Protection Regulation (EU 2016/679) is a European Union regulation effective from May 25, 2018. It sets strict requirements on how businesses handle personal data of individuals in the EU, regardless of where the business is located.

Clicks & Code ensures that all personal data collected from EU residents is handled in line with GDPR principles.

2. Personal Data We Collect

We may collect the following types of personal data:

• Identity Information: Name, company name, job title.
• Contact Information: Email address, phone number, mailing address.
• Technical Data: IP address, browser type, device information, geolocation (where legally permitted).
• Marketing & Communication Preferences: Subscription details, feedback, or survey responses.
• Project Information: Any content or data provided by clients for project execution.

3. How We Use Personal Data

We process personal data only for legitimate business purposes, such as:

• Delivering and managing our services.
• Responding to inquiries, support requests, and client communications.
• Sending newsletters, updates, or marketing communications (with consent).
• Improving our website, user experience, and service offerings.
• Meeting legal, regulatory, or contractual obligations.

We do not sell or rent personal data to third parties.

4. Lawful Basis for Processing

We process personal data under the following lawful bases:

• Consent – when you explicitly agree to our use of your data.
• Contractual Necessity – when processing is required to deliver services you request.
• Legitimate Interests – for improving services, preventing fraud, and business analytics.
• Legal Obligation – when we are required to comply with applicable laws.

5. Data Retention

We retain personal data only as long as necessary:

• For the duration of our contractual relationship.
• To comply with legal, tax, or accounting obligations.
• For resolving disputes or enforcing agreements.

Once data is no longer required, it will be securely deleted or anonymized.

6. Data Sharing and Third Parties

We may share data with trusted third-party partners to facilitate our services, including:

• Cloud hosting and IT service providers.
• Analytics and marketing platforms.
• Payment processing providers.

All third parties are required to maintain GDPR-compliant safeguards and may not use your data for purposes beyond service delivery.

7. Data Transfers Outside the EU

As a U.S.-based company, some personal data may be transferred outside the EU. In such cases, we ensure data protection through mechanisms like:

• Standard Contractual Clauses (SCCs) approved by the European Commission.
• Contracts requiring equivalent data protection standards.

8. Your GDPR Rights

As an EU resident, you have the following rights:

• Right to Access – request copies of your personal data.
• Right to Rectification – correct inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”) – request deletion of your data where applicable.
• Right to Restrict Processing – limit how we use your data.
• Right to Data Portability – receive your data in a machine-readable format.
• Right to Object – object to processing based on legitimate interests or direct marketing.
• Right to Withdraw Consent – withdraw consent at any time without affecting prior processing.

To exercise your rights, please contact us using the details below.

9. Security of Your Data

We implement industry-standard technical, organizational, and administrative measures to protect your personal data against unauthorized access, loss, or misuse. These include:

• Encrypted data transfers (SSL/TLS).
• Restricted access to personal data.
• Regular security audits and monitoring.

10. Cookies and Tracking

We use cookies and similar technologies to improve user experience, track website performance, and personalize services. Details on our cookie practices can be found in our Cookie Policy.

11. Data Breach Policy

In the unlikely event of a data breach, we will:

• Notify the relevant supervisory authority within 72 hours (where legally required).
• Inform affected individuals if the breach poses a high risk to their rights and freedoms.
• Take immediate steps to mitigate and investigate the breach.

12. Changes to This Policy

We may update this GDPR Compliance page from time to time. Any changes will be posted here with a revised “Last updated” date.

13. Contact Us

If you have questions about GDPR compliance or want to exercise your rights, please contact us:

Last updated: August 18, 2025