Effective Date: January 1, 2026
Effective Date: January 1, 2026
ADA Check Pro is committed to protecting the privacy and rights of individuals in the European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This statement outlines our compliance measures and your rights under GDPR.
We take data protection seriously. This page explains how we comply with GDPR and what it means for you.
We adhere to the following GDPR principles in all our data processing activities:
We process data lawfully, fairly, and transparently. You know exactly what data we collect and why.
Data is collected for specified, explicit, and legitimate purposes. We never use data for anything other than what you consented to.
We only collect data that is necessary for the purpose. No unnecessary information is requested.
We keep your data accurate and up-to-date. You can request corrections anytime.
Data is retained only as long as necessary. We have clear retention policies.
We implement appropriate security measures to protect your data from unauthorized access or breach.
We maintain documentation of our compliance measures and can demonstrate them to regulators if required.
Under GDPR, we must have a valid legal basis for processing your personal data. Here's how we apply each basis:
When: You purchase an audit service from us.
What we process: Name, email address, website URL, payment status (via PayPal).
Why: This information is necessary to deliver your audit report and communicate with you about your purchase. Without this data, we cannot provide the service.
Retention: 2 years after service completion (for customer support and legal compliance).
When: You browse our website.
What we process: Anonymized analytics data (pages visited, time on site, referral source).
Why: We use this data to improve our website and understand what content is valuable to visitors. This is balanced against your privacy rights – all data is anonymized and cannot identify you personally.
Opt-out: You can opt out via our Cookie Policy or browser settings.
When: You accept non-essential cookies or sign up for marketing communications.
What we process: Cookie preferences, email address (if you opt-in to marketing).
Why: We only process this data if you explicitly agree. You can withdraw consent anytime.
Withdrawal: Use cookie settings or unsubscribe link in emails.
Under GDPR, you have the following rights regarding your personal data. We are committed to honoring all of them:
| Right | Article | What It Means | How to Exercise |
|---|---|---|---|
| Right to Access | Article 15 | You can request a copy of all data we hold about you. | Email privacy@adacheck.net |
| Right to Rectification | Article 16 | You can correct inaccurate or incomplete data. | Email with corrected information |
| Right to Erasure | Article 17 | "Right to be forgotten" – you can request deletion of your data. | Email deletion request |
| Right to Restrict Processing | Article 18 | You can limit how we use your data in certain circumstances. | Email with restriction request |
| Right to Data Portability | Article 20 | You can receive your data in a machine-readable format. | Email requesting data export |
| Right to Object | Article 21 | You can object to processing based on legitimate interests. | Email with objection details |
| Rights Related to Automated Decision-Making | Article 22 | We don't use automated decision-making, but you have rights if we did. | N/A |
Response time: We respond to all requests within 72 hours (GDPR requirement).
We are based in Kenya, which is outside the European Economic Area. When you use our services, your data may be transferred to and processed in Kenya. We ensure this is done lawfully through:
We use European Commission-approved SCCs for all data transfers. These contracts ensure your data receives the same level of protection as required by GDPR, even when processed outside the EEA.
We implement technical and organizational measures to protect your data, including encryption, access controls, and regular security audits.
Only necessary data is transferred. Your audit data is processed only for the duration needed to deliver your report.
While not strictly required for our size of operations, we have designated a contact person for all GDPR and data protection matters:
DPO Contact: Alex Mwangi
Email: dpo@adacheck.net
Response time: Within 72 hours
Purpose: All GDPR-related inquiries, data subject requests, and privacy concerns
In the unlikely event of a data breach affecting EEA residents, we have a clear procedure:
Immediately upon discovery, we assess the scope and impact of the breach.
We take immediate steps to contain the breach and prevent further data exposure.
Within 72 hours, we notify the relevant supervisory authority as required by Article 33 of GDPR.
If the breach poses a risk to your rights and freedoms, we notify you without undue delay (Article 34).
All breaches are documented, including facts, effects, and remedial actions taken.
You have the right to lodge a complaint with your local Data Protection Authority if you believe we have not handled your data properly.
European Data Protection Board
Website: edpb.europa.eu
Your local DPA contact details can be found via the EDPB website.
We encourage you to contact us first at dpo@adacheck.net – we're committed to resolving any concerns.
| Data Category | Specific Data | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Contact Information | Name, Email | Service delivery, communication | Contract (Article 6.1.b) | 2 years |
| Website Data | URL submitted for audit | Perform the audit service | Contract (Article 6.1.b) | 2 years (in report) |
| Payment Data | Processed by PayPal | Payment processing | Contract (Article 6.1.b) | Handled by PayPal |
| Analytics | Anonymized browsing data | Website improvement | Legitimate Interests (Article 6.1.f) | 26 months |
| Cookie Consent | Preference setting | Remember your choices | Consent (Article 6.1.a) | 1 year |
We use the following third-party services that may process your data. All are GDPR-compliant:
| Processor | Purpose | Data Processed | Location | Safeguards |
|---|---|---|---|---|
| PayPal | Payment processing | Payment details, name, email | USA/EU | SCCs, Binding Corporate Rules |
| Vercel | Website hosting | IP addresses (temporary) | Global | SCCs, GDPR-compliant |
| Google Analytics | Website analytics | Anonymized usage data | USA | SCCs, IP anonymization |
We implement the following technical and organizational measures to protect your data:
SSL/TLS encryption for all data in transit. AES-256 for stored data where applicable.
Strict role-based access controls. Only authorized personnel can access customer data.
Enterprise-grade firewalls protecting our infrastructure.
All systems are regularly patched and updated to address vulnerabilities.
Regular security audits and vulnerability assessments.
All team members are trained in data protection and GDPR requirements.
Our services are not directed to individuals under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. When we make changes:
For all GDPR-related inquiries, please contact:
We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.