GDPR & Data Protection

Your rights under GDPR and how we protect your data in our SEO services

Last updated: August 4, 2025

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations processing personal data of EU residents, regardless of where the organization is located. At Labescape, we are committed to full GDPR compliance in all our programmatic SEO services.

2. Legal Basis for Data Processing

Under GDPR, we process your personal data based on the following legal grounds:

Our Legal Bases

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our SEO services
  • Legitimate Interest (Art. 6(1)(f)): Business operations, fraud prevention, service improvement
  • Consent (Art. 6(1)(a)): Marketing communications, non-essential cookies
  • Legal Obligation (Art. 6(1)(c)): Compliance with tax, accounting, and legal requirements

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

3.1 Right of Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data and, if so, access to that data along with specific information about the processing.

What you can request:

  • Copy of your personal data we hold
  • Information about how we use your data
  • Details about data sharing with third parties
  • Data retention periods

3.2 Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

Examples:

  • Updating contact information
  • Correcting business details
  • Fixing website analytics data

3.3 Right to Erasure (Article 17) - "Right to be Forgotten"

You can request deletion of your personal data under certain circumstances.

When erasure applies:

  • Data no longer necessary for original purpose
  • You withdraw consent and no other legal basis exists
  • Data has been unlawfully processed
  • Erasure required for legal compliance

3.4 Right to Restrict Processing (Article 18)

You can request limitation of processing under specific conditions.

3.5 Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used format and transmit it to another controller.

3.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

4. How to Exercise Your Rights

4.1 Making a Request

To exercise your GDPR rights, contact us through any of these methods:

  • Email: gdpr@labescape.com
  • Data Protection Officer: dpo@labescape.com
  • Phone: [Your Phone Number]
  • Mail: [Your Business Address]
  • Online Form: Contact Form

4.2 Request Requirements

To process your request efficiently, please provide:

  • Clear identification of the right you wish to exercise
  • Sufficient information to verify your identity
  • Specific details about the data or processing in question
  • Preferred method for receiving our response

4.3 Response Timeline

We will respond to your request:

  • Within 1 month of receiving a valid request
  • Extended to 3 months for complex requests (with notification)
  • Free of charge for reasonable requests
  • May charge fees for excessive or repetitive requests

5. Data Protection Measures

5.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based permissions and multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Regular Updates: Security patches and vulnerability assessments

5.2 Organizational Measures

  • Staff Training: Regular GDPR and data protection training
  • Data Minimization: Collect only necessary data for specific purposes
  • Retention Policies: Automatic deletion based on defined schedules
  • Incident Response: Procedures for handling data breaches

6. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure adequate protection through:

6.1 Transfer Mechanisms

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved contract terms
  • Binding Corporate Rules: Internal data protection policies
  • Certification Schemes: Industry-recognized privacy certifications

7. Data Breach Notification

In the event of a personal data breach, we will:

  • Notify supervisory authority within 72 hours (if high risk)
  • Inform affected individuals without undue delay (if high risk)
  • Document the breach including facts, effects, and remedial action
  • Implement measures to address the breach and prevent recurrence

8. Contact Our Data Protection Officer

Our Data Protection Officer (DPO) is responsible for monitoring GDPR compliance and serving as your point of contact for data protection matters.

DPO Contact Information

  • Email: dpo@labescape.com
  • Phone: [DPO Phone Number]
  • Address: [Your Business Address]
  • Response Time: Within 5 business days

Exercise Your GDPR Rights

Have questions about your data or want to exercise your GDPR rights? Our team is here to help.

Contact GDPR TeamGeneral Contact