GDPR Policy

TrustEverest GDPR Policy

Last Updated: December 2024

This GDPR Policy explains how TrustEverest complies with the General Data Protection Regulation (GDPR) and protects the personal data of users in the European Economic Area (EEA), United Kingdom, and other regions with similar data protection laws.

1. Our Commitment to GDPR

1.1 Data Protection Principles

TrustEverest processes personal data in accordance with GDPR principles:

• Lawfulness, Fairness, and Transparency: We process data lawfully and transparently
• Purpose Limitation: We collect data for specified, explicit, and legitimate purposes
• Data Minimization: We only collect data that is necessary
• Accuracy: We keep personal data accurate and up to date
• Storage Limitation: We do not keep data longer than necessary
• Integrity and Confidentiality: We ensure appropriate security
• Accountability: We demonstrate compliance with these principles

1.2 Data Controller

TrustEverest acts as the data controller for personal data processed through our platform. We determine the purposes and means of processing personal data.

1.3 Data Processor

In some cases, TrustEverest acts as a data processor on behalf of business users who collect reviews. In these cases, businesses are the data controllers.

2. Legal Bases for Processing

2.1 Contract Performance

We process data when necessary to perform our contract with you:

• Creating and managing your account
• Publishing your reviews
• Processing payments for business services
• Providing customer support

2.2 Legitimate Interests

We process data based on our legitimate interests when those interests are not overridden by your rights:

• Fraud prevention and security
• Platform improvement and analytics
• Protecting our legal rights
• Marketing to existing customers

We conduct balancing tests to ensure our interests do not override your rights.

2.3 Consent

We process data based on your consent for:

• Marketing communications to non-customers
• Non-essential cookies and tracking
• Special categories of data
• Data sharing with third parties for their marketing

You can withdraw consent at any time without affecting the lawfulness of prior processing.

2.4 Legal Obligation

We process data when required by law:

• Tax and accounting requirements
• Legal proceedings and court orders
• Regulatory requests

2.5 Vital Interests

We may process data to protect vital interests in emergency situations.

3. Your GDPR Rights

3.1 Right to Access (Article 15)

You have the right to:

• Confirm whether we process your personal data
• Access your personal data
• Receive information about how we process your data
• Request a copy of your data in a common format

How to Exercise:

Email TrustEverestReviews@gmail.com with subject "Data Access Request"

3.2 Right to Rectification (Article 16)

You have the right to:

• Correct inaccurate personal data
• Complete incomplete personal data
• Update outdated information

How to Exercise:

Update your account settings or email us with corrections

3.3 Right to Erasure (Article 17)

You have the right to request deletion of your data when:

• Data is no longer necessary for its original purpose
• You withdraw consent (where consent was the basis)
• You object to processing based on legitimate interests
• Data was processed unlawfully
• Deletion is required by law

Exceptions:

We may retain data when necessary for:

• Legal claims or compliance
• Public interest in free expression
• Scientific or historical research

How to Exercise:

Email TrustEverestReviews@gmail.com with subject "Data Deletion Request"

3.4 Right to Restriction (Article 18)

You have the right to restrict processing when:

• You contest the accuracy of data (pending verification)
• Processing is unlawful but you prefer restriction to erasure
• We no longer need the data but you need it for legal claims
• You have objected to processing (pending our assessment)

How to Exercise:

Email TrustEverestReviews@gmail.com with subject "Data Restriction Request"

3.5 Right to Data Portability (Article 20)

You have the right to:

• Receive your data in a structured, machine-readable format
• Transmit data to another controller
• Have us transmit data directly where technically feasible

Scope:

This applies to data you provided, processed by automated means, based on consent or contract.

How to Exercise:

Email TrustEverestReviews@gmail.com with subject "Data Portability Request"

3.6 Right to Object (Article 21)

You have the right to object to processing based on:

• Legitimate Interests: We must stop unless we demonstrate compelling grounds
• Direct Marketing: We must stop immediately upon objection
• Research/Statistics: Unless processing is for public interest tasks

How to Exercise:

Email TrustEverestReviews@gmail.com with subject "Processing Objection"

3.7 Rights Related to Automated Decision-Making (Article 22)

You have the right to:

• Not be subject to decisions based solely on automated processing
• Obtain human intervention
• Express your point of view
• Contest automated decisions

Our Practices:

We use automated systems for fraud detection and content moderation. You can request human review of automated decisions.

3.8 Right to Withdraw Consent (Article 7)

Where we rely on consent:

• You can withdraw consent at any time
• Withdrawal does not affect prior lawful processing
• We will stop processing based on that consent

How to Withdraw:

• Marketing: Click "unsubscribe" in emails
• Cookies: Adjust cookie preferences
• Other: Email TrustEverestReviews@gmail.com

4. Exercising Your Rights

4.1 How to Submit Requests

Email: TrustEverestReviews@gmail.com

Subject: [Type of Request] - GDPR

Include in Your Request:

• Your full name
• Email address associated with your account
• Type of request
• Specific details about your request
• Any supporting information

4.2 Identity Verification

To protect your data, we may need to verify your identity before processing requests. We may ask for:

• Confirmation from your registered email
• Account verification
• Additional identifying information

4.3 Response Timeframes

• Initial Response: Within one month of receiving your request
• Extension: Up to two additional months for complex requests (we will inform you)
• Refusal: We will explain reasons and inform you of your right to complain

4.4 Fees

Requests are generally free. We may charge a reasonable fee or refuse requests that are:

• Manifestly unfounded
• Excessive or repetitive

5. Data Transfers

5.1 Transfers Outside the EEA

We may transfer personal data outside the EEA. When we do, we ensure appropriate safeguards:

Adequacy Decisions:

Transfers to countries with adequate data protection as determined by the European Commission.

Standard Contractual Clauses:

We use EU-approved contractual clauses with service providers outside the EEA.

Binding Corporate Rules:

For transfers within corporate groups that have approved binding rules.

5.2 Your Rights Regarding Transfers

You can:

• Request information about transfers
• Obtain copies of safeguards
• Object to transfers in certain circumstances

6. Data Security

6.1 Technical Measures

• Encryption of data in transit (TLS/SSL)
• Encryption of data at rest
• Secure server infrastructure
• Regular security testing
• Access controls and authentication

6.2 Organizational Measures

• Data protection policies and procedures
• Staff training on data protection
• Access limited to authorized personnel
• Confidentiality agreements
• Regular audits and assessments

6.3 Breach Response

In the event of a personal data breach:

• We will assess the risk to individuals
• We will notify the supervisory authority within 72 hours (where required)
• We will notify affected individuals without undue delay (where required)
• We will document the breach and our response

7. Data Protection Officer

7.1 Contact

For data protection matters, contact us at:

Email: TrustEverestReviews@gmail.com

Subject: Data Protection Inquiry

7.2 Responsibilities

Our data protection contact handles:

• Data subject requests
• Data protection inquiries
• Compliance monitoring
• Liaison with supervisory authorities

8. Complaints

8.1 Internal Complaints

If you are unhappy with how we handle your data:

1. Contact us at TrustEverestReviews@gmail.com
2. Describe your concern
3. We will investigate and respond

8.2 Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You can complain to:

• The authority in your country of residence
• The authority in your place of work
• The authority where the alleged violation occurred

9. Children Data

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we discover we have collected data from a child, we will delete it.

10. Data Retention

10.1 Retention Periods

We retain personal data for as long as necessary to:

• Provide our services
• Comply with legal obligations
• Resolve disputes
• Enforce agreements

10.2 Deletion

When data is no longer needed:

• We securely delete or anonymize it
• We review retention regularly
• We honor deletion requests

11. Third-Party Processors

11.1 Our Processors

We engage third-party processors who comply with GDPR:

• Cloud hosting providers
• Payment processors
• Email service providers
• Analytics providers
• Customer support tools

11.2 Processor Agreements

We have data processing agreements with all processors that include:

• Processing only on our instructions
• Confidentiality obligations
• Security requirements
• Sub-processor restrictions
• Cooperation with data subject requests

12. Updates to This Policy

We may update this GDPR Policy. Changes will be posted on our website with the updated date. Significant changes will be communicated to you.

13. Contact Us

For any GDPR-related questions:

Email: TrustEverestReviews@gmail.com

Subject: GDPR Inquiry

TrustEverest is committed to protecting your personal data and respecting your privacy rights.