Effective Date: January 1, 2026
ADASCANPRO is fully committed to protecting the privacy and rights of individuals in the European Economic Area (EEA) in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This statement outlines our compliance measures and your rights under GDPR.
Our Commitment to GDPR
We take data protection seriously. This page explains how we comply with GDPR and what it means for you. As a company serving clients globally, we ensure that all EEA residents receive the full protection of GDPR when interacting with our services.
Data Protection Principles
We adhere to the following GDPR principles in all our data processing activities:
Lawfulness, Fairness & Transparency
We process data lawfully, fairly, and transparently. You know exactly what data we collect and why.
Purpose Limitation
Data is collected for specified, explicit, and legitimate purposes. We never use data for anything other than what you consented to.
Data Minimization
We only collect data that is necessary for the purpose. No unnecessary information is requested.
Accuracy
We keep your data accurate and up-to-date. You can request corrections anytime.
Storage Limitation
Data is retained only as long as necessary. We have clear retention policies.
Integrity & Confidentiality
We implement appropriate security measures to protect your data from unauthorized access or breach.
Accountability
We maintain documentation of our compliance measures and can demonstrate them to regulators if required.
Legal Bases for Processing
Under GDPR, we must have a valid legal basis for processing your personal data. Here's how we apply each basis:
1. Contract Performance
When: You purchase an audit service from us.
What we process: Name, email address, website URL, payment status (via PayPal).
Why: This information is necessary to deliver your audit report and communicate with you about your purchase. Without this data, we cannot provide the service.
Retention: 2 years after service completion (for customer support and legal compliance).
2. Legitimate Interests
When: You browse our website.
What we process: Anonymized analytics data (pages visited, time on site, referral source).
Why: We use this data to improve our website and understand what content is valuable to visitors. This is balanced against your privacy rights – all data is anonymized and cannot identify you personally.
Opt-out: You can opt out via our Cookie Policy or browser settings.
3. Consent
When: You accept non-essential cookies or sign up for marketing communications.
What we process: Cookie preferences, email address (if you opt-in to marketing).
Why: We only process this data if you explicitly agree. You can withdraw consent anytime.
Withdrawal: Use cookie settings or unsubscribe link in emails.
Data Subject Rights
Under GDPR, you have the following rights regarding your personal data. We are committed to honoring all of them:
| Right | Article | What It Means | How to Exercise |
|---|---|---|---|
| Right to Access | Article 15 | You can request a copy of all data we hold about you. | Email privacy@adascanpro.com |
| Right to Rectification | Article 16 | You can correct inaccurate or incomplete data. | Email with corrected information |
| Right to Erasure | Article 17 | "Right to be forgotten" – you can request deletion of your data. | Email deletion request |
| Right to Restrict Processing | Article 18 | You can limit how we use your data in certain circumstances. | Email with restriction request |
| Right to Data Portability | Article 20 | You can receive your data in a machine-readable format. | Email requesting data export |
| Right to Object | Article 21 | You can object to processing based on legitimate interests. | Email with objection details |
| Rights Related to Automated Decision-Making | Article 22 | We don't use automated decision-making, but you have rights if we did. | N/A |
Response time: We respond to all requests within 72 hours (GDPR requirement).
International Data Transfers
We are based in Kenya, which is outside the European Economic Area. When you use our services, your data may be transferred to and processed in Kenya. We ensure this is done lawfully through:
Standard Contractual Clauses (SCCs)
We use European Commission-approved SCCs for all data transfers. These contracts ensure your data receives the same level of protection as required by GDPR, even when processed outside the EEA.
Adequate Safeguards
We implement technical and organizational measures to protect your data, including encryption, access controls, and regular security audits.
Data Minimization
Only necessary data is transferred. Your audit data is processed only for the duration needed to deliver your report.
Data Protection Officer (DPO)
While not strictly required for our size of operations, we have designated a contact person for all GDPR and data protection matters:
DPO Contact: Alex Mwangi
Email: dpo@adascanpro.com
Response time: Within 72 hours
Purpose: All GDPR-related inquiries, data subject requests, and privacy concerns
Data Breach Procedure
In the unlikely event of a data breach affecting EEA residents, we have a clear procedure:
Detection & Assessment
Immediately upon discovery, we assess the scope and impact of the breach.
Containment
We take immediate steps to contain the breach and prevent further data exposure.
Notification to Authorities
Within 72 hours, we notify the relevant supervisory authority as required by Article 33 of GDPR.
Notification to Affected Individuals
If the breach poses a risk to your rights and freedoms, we notify you without undue delay (Article 34).
Documentation
All breaches are documented, including facts, effects, and remedial actions taken.
Supervisory Authority
You have the right to lodge a complaint with your local Data Protection Authority if you believe we have not handled your data properly.
European Data Protection Board
Website: edpb.europa.eu
Your local DPA contact details can be found via the EDPB website.
We encourage you to contact us first at dpo@adascanpro.com – we're committed to resolving any concerns.
Data We Collect and Why
| Data Category | Specific Data | Purpose | Legal Basis | Retention |
|---|---|---|---|---|
| Contact Information | Name, Email | Service delivery, communication | Contract (Article 6.1.b) | 2 years |
| Website Data | URL submitted for audit | Perform the audit service | Contract (Article 6.1.b) | 2 years (in report) |
| Payment Data | Processed by PayPal | Payment processing | Contract (Article 6.1.b) | Handled by PayPal |
| Analytics | Anonymized browsing data | Website improvement | Legitimate Interests (Article 6.1.f) | 26 months |
| Cookie Consent | Preference setting | Remember your choices | Consent (Article 6.1.a) | 1 year |
Third-Party Processors
We use the following third-party services that may process your data. All are GDPR-compliant:
| Processor | Purpose | Data Processed | Location | Safeguards |
|---|---|---|---|---|
| PayPal | Payment processing | Payment details, name, email | USA/EU | SCCs, Binding Corporate Rules |
| Vercel | Website hosting | IP addresses (temporary) | Global | SCCs, GDPR-compliant |
| Google Analytics | Website analytics | Anonymized usage data | USA | SCCs, IP anonymization |
Security Measures
We implement the following technical and organizational measures to protect your data:
Encryption
SSL/TLS encryption for all data in transit. AES-256 for stored data where applicable.
Access Controls
Strict role-based access controls. Only authorized personnel can access customer data.
Firewalls
Enterprise-grade firewalls protecting our infrastructure.
Regular Updates
All systems are regularly patched and updated to address vulnerabilities.
Audits
Regular security audits and vulnerability assessments.
Staff Training
All team members are trained in data protection and GDPR requirements.
Children's Privacy
Our services are not directed to individuals under 18. We do not knowingly collect data from minors. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.
Changes to This GDPR Statement
We may update this GDPR Compliance Statement to reflect changes in our practices or legal requirements. When we make changes:
- The "Effective Date" at the top will be updated
- Material changes will be notified via our website
- We encourage you to review this page periodically
Contact Information
For all GDPR-related inquiries, please contact:
GDPR Compliant
We respect your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.