← Back to Home

GDPR Compliance

Last Updated: October 3, 2025

Business Accelerator AI is committed to protecting your personal data and privacy rights under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and your rights as a data subject.

Important: If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have specific rights under GDPR that we fully respect and honor.

1. Our Commitment to GDPR

We are committed to:

  • Processing personal data lawfully, fairly, and transparently
  • Collecting data only for specified, explicit, and legitimate purposes
  • Ensuring data accuracy and keeping it up to date
  • Retaining personal data only as long as necessary
  • Implementing appropriate security measures
  • Being accountable for our data processing activities

2. Legal Basis for Processing

We process your personal data under the following legal bases:

Consent

When you provide explicit consent for specific processing activities, such as marketing communications or newsletter subscriptions.

Contract Performance

When processing is necessary to fulfill our contractual obligations to provide AI automation services to you.

Legitimate Interests

When processing is necessary for our legitimate business interests, such as:

  • Improving our services and user experience
  • Detecting and preventing fraud
  • Network and information security
  • Business development and marketing

Legal Obligation

When processing is required to comply with legal or regulatory requirements.

3. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request access to your personal data and obtain information about how we process it. We will provide you with a copy of your data in a commonly used format.

Right to Rectification

You can request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Erasure is required to comply with a legal obligation

Right to Restriction of Processing

You can request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.

Right to Object

You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local supervisory authority if you believe we have violated your data protection rights.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at:

Response Time: We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you if this is necessary.

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security:

Technical Measures

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Secure authentication and access controls
  • Automated backup and disaster recovery systems
  • Firewall and intrusion detection systems

Organizational Measures

  • Staff training on data protection and GDPR compliance
  • Data protection policies and procedures
  • Access control and authorization protocols
  • Regular compliance audits and reviews
  • Incident response and breach notification procedures

6. Data Transfers

If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection
  • Binding Corporate Rules for intra-group transfers
  • Your explicit consent for specific transfers

7. Data Processing Records

We maintain records of our data processing activities, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Recipients of personal data
  • International data transfers
  • Retention periods
  • Security measures implemented

8. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify the relevant supervisory authority within 72 hours when feasible
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Document all data breaches and our response actions
  • Take immediate steps to mitigate the breach and prevent recurrence

9. Data Protection Officer

For questions about GDPR compliance or to exercise your rights, you can contact our data protection team:

10. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Automated Decision-Making and Profiling

We may use automated decision-making in certain circumstances:

  • You have the right to not be subject to decisions based solely on automated processing
  • You can request human intervention in automated decisions
  • You can express your point of view and contest automated decisions
  • We will provide meaningful information about the logic involved in automated processing

12. Updates to GDPR Compliance

We regularly review and update our GDPR compliance practices to ensure we meet the highest standards of data protection. This page will be updated to reflect any changes.

13. Supervisory Authority

If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with your local supervisory authority. For EEA residents, you can find your supervisory authority at: https://edpb.europa.eu/about-edpb/board/members_en

14. Additional Resources

For more information about our data practices, please review:

We are committed to maintaining the highest standards of data protection and GDPR compliance. Your trust is important to us, and we continuously work to protect your privacy rights.