GDPR Compliance

Our Commitment to GDPR

Scempunsic is committed to complying with the General Data Protection Regulation (GDPR) and ensuring the protection of your personal data. This page explains how we meet our obligations under GDPR and your rights as a data subject.

We process personal data fairly, lawfully, and transparently, collecting only what we need and keeping it secure.

Data Controller Information

For the purposes of GDPR, Scempunsic acts as the data controller for personal information collected through our website and coaching services.

Contact details for data protection inquiries:

• Email: [email protected]
• Location: Vienna, Austria

Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by GDPR:

Contractual Necessity

Processing is necessary to provide our coaching services and fulfill our contractual obligations to you. This includes managing your coaching sessions, communication, and billing.

Legitimate Interests

We process certain data based on our legitimate business interests, such as:

• Improving the quality of our coaching services
• Managing our business operations efficiently
• Protecting against fraud or security threats
• Understanding how visitors use our website

We always balance these interests against your rights and freedoms.

Consent

For certain activities, such as marketing communications or optional cookies, we rely on your explicit consent. You can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

Legal Obligations

We process data when required to comply with legal obligations, such as tax laws and accounting requirements.

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You can request confirmation of whether we process your data and obtain a copy of that data. We will provide this information in a commonly used electronic format.

Right to Rectification

You can ask us to correct inaccurate personal data or complete incomplete information about you.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data when:

• The data is no longer necessary for the purpose it was collected
• You withdraw consent and there is no other legal basis for processing
• You object to processing and there are no overriding legitimate grounds
• The data has been unlawfully processed

Note that we may retain certain information where required by law or for legitimate business purposes.

Right to Restriction of Processing

You can request that we limit how we use your data in certain circumstances, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

You can request a copy of your personal data in a structured, machine-readable format and have it transmitted to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with the following information:

• Your name and contact information
• The specific right you wish to exercise
• Any relevant details to help us locate your data

We will respond to your request without undue delay and within one month of receipt. This period may be extended by two additional months where necessary, considering the complexity and number of requests.

We may request specific information to confirm your identity before processing your request, particularly for access or deletion requests.

Data Security Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data during transmission and storage
• Regular security assessments and penetration testing
• Access controls limiting who can view personal data
• Staff training on data protection and security
• Secure backup and disaster recovery procedures
• Incident response plans for potential data breaches

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR.

Our notification will include the nature of the breach, likely consequences, and measures taken or proposed to address it.

International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If we transfer data to countries outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent data protection standards
• Binding Corporate Rules for transfers within corporate groups

Data Protection Officer

While we are not legally required to appoint a Data Protection Officer, we have designated internal responsibilities for data protection compliance. For all data protection inquiries, please contact us at [email protected].

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. In Austria, the relevant authority is:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40-42
1030 Vienna, Austria
Website: www.dsb.gv.at

We encourage you to contact us first so we can address your concerns directly.

Children's Data

Our services are not directed to children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without appropriate parental consent, we will delete it promptly.

Updates to This Information

We may update this GDPR information from time to time to reflect changes in our practices or legal requirements. The most current version will always be available on our website with the date of last update clearly displayed.

Additional Resources

For more detailed information about how we handle personal data, please review our:

• Privacy Policy
• Cookies Policy