GDPR Compliance

Overview

At Merchzap, we are committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This policy outlines how we process and protect personal data for users in the European Economic Area (EEA).

Your Rights Under GDPR

Under GDPR, you have the following rights:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Rights related to automated decision-making

Data Processing Principles

We process personal data according to these principles:

• Lawfulness, fairness, and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality
• Accountability

Legal Basis for Processing

We process personal data under the following legal bases:

• Consent
• Contractual necessity
• Legal obligation
• Legitimate interests

International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place through:

• Standard contractual clauses
• Adequacy decisions
• Binding corporate rules

Data Protection Officer

Our Data Protection Officer (DPO) can be contacted at:

Email: dpo@merchzap.com
Address: 123 Innovation Drive, Palo Alto, CA 94301

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay when required by GDPR.

Exercising Your Rights

To exercise your GDPR rights or file a complaint, please contact our DPO. We will respond to your request within one month.

Updates to This Policy

We regularly review and update our GDPR compliance policy. Any changes will be posted on this page with an updated revision date.