GDPR Compliance

1. Our Commitment to GDPR

Inverra is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page explains how we ensure compliance and protect your rights as a data subject.

2. Data Controller Information

Inverra acts as the data controller for the personal data we collect from you. For business data you input into our platform, you remain the data controller and we act as a data processor on your behalf.

3. Legal Basis for Processing

We process personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services and fulfill our contractual obligations
• Legitimate Interests: Processing for our legitimate business interests, such as improving our services and fraud prevention
• Consent: Processing based on your explicit consent, such as marketing communications
• Legal Obligation: Processing required to comply with legal requirements

4. Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

4.1 Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will respond within 30 days of receiving your request.

4.2 Right to Rectification (Article 16)

You have the right to request correction of any inaccurate personal data. You can update most information directly in your account settings.

4.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data. This right is subject to certain exceptions, such as legal retention requirements.

4.4 Right to Restriction of Processing (Article 18)

You have the right to request that we limit how we process your personal data in certain circumstances.

4.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format. You can export your data from your account at any time.

4.6 Right to Object (Article 21)

You have the right to object to processing of your personal data for direct marketing purposes or based on legitimate interests.

4.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or significant effects. We do not make such automated decisions.

5. Exercising Your Rights

To exercise any of your rights, please contact us at privacy@inverra.app. We may need to verify your identity before processing your request.

We will respond to your request within:

• 30 days for most requests
• Up to 60 additional days for complex requests (with notification)

6. Data Protection Measures

We implement comprehensive technical and organizational measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access controls and multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Employee Training: Regular GDPR and data protection training
• Incident Response: Documented breach notification procedures

7. Data Processing Agreements

When you use Inverra to process personal data of your customers (as a data controller), we act as your data processor. We offer a Data Processing Agreement (DPA) that meets GDPR requirements. Contact us to request a copy.

8. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Additional technical and organizational measures

9. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours
• Notify affected individuals without undue delay when required
• Document all breaches and remediation measures

10. Supervisory Authority

If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority. For Belgium, this is:

11. Contact Our DPO

For any GDPR-related inquiries or to exercise your rights, please contact our Data Protection team:

Email: privacy@inverra.app