GDPR Compliance

Last updated: 7/5/2025

Our Commitment to Data Protection

SupportTik is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). We have implemented comprehensive measures to ensure compliance with GDPR requirements and to safeguard your personal information.

Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract (Article 6(1)(b)): To provide our services as agreed in our terms of service and to fulfill our contractual obligations to you.
  • Legitimate Interest (Article 6(1)(f)): To improve our services, prevent fraud, ensure security, and conduct business analytics.
  • Consent (Article 6(1)(a)): For marketing communications and optional features where you have provided explicit consent.
  • Legal Obligation (Article 6(1)(c)): To comply with applicable laws, regulations, and legal processes.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

  • Right of Access (Article 15): Request copies of your personal data and information about how we process it.
  • Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data.
  • Right to Erasure (Article 17): Request deletion of your personal data under certain circumstances.
  • Right to Restrict Processing (Article 18): Request limitation of how we use your personal data.
  • Right to Data Portability (Article 20): Request transfer of your data to another service provider in a structured format.
  • Right to Object (Article 21): Object to processing of your personal data for direct marketing or legitimate interests.
  • Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.

Data Protection Measures

We implement comprehensive technical and organizational measures to protect your data:

  • Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
  • Access Controls: Strict role-based access controls and multi-factor authentication for all systems.
  • Regular Audits: Quarterly security assessments and annual third-party penetration testing.
  • Staff Training: Regular data protection and security training for all employees.
  • Incident Response: Comprehensive incident response procedures with 72-hour breach notification.
  • Data Minimization: We collect and process only the minimum data necessary for our services.
  • Privacy by Design: Data protection considerations are built into all our systems and processes.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. Our retention periods are:

  • Account Data: Retained while your account is active and for 3 years after account closure.
  • Support Data: Retained for 5 years to provide ongoing support and service improvement.
  • Billing Data: Retained for 7 years as required by financial regulations.
  • Marketing Data: Retained until consent is withdrawn or for 2 years of inactivity.

International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to countries with adequate data protection
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct where applicable

Data Processing Activities

We maintain detailed records of our data processing activities, including:

  • Categories of personal data processed
  • Purposes of processing
  • Categories of data subjects
  • Recipients of personal data
  • International transfers
  • Retention periods
  • Security measures implemented

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to identify and mitigate privacy risks before implementing new systems or processes.

Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

  • Email our Data Protection Officer at dpo@supporttik.com
  • Use the data subject request form in your account settings
  • Send a written request to our postal address (see contact section below)

We will respond to your request within one month (extendable by two months for complex requests) and provide the requested information free of charge in most cases.

Complaints and Supervisory Authority

You have the right to lodge a complaint with your local data protection supervisory authority if you believe we have not handled your personal data in accordance with GDPR. You can find your local authority at https://edpb.europa.eu/about-edpb/board/members_en.

Contact Information

Data Protection Officer:
Email: dpo@supporttik.com

SupportTik Data Protection Team:
Email: privacy@supporttik.com
Address: 123 Tech Street, San Francisco, CA 94105, USA

Updates to This Policy

We may update this GDPR compliance information from time to time to reflect changes in our practices or applicable law. We will notify you of any material changes and update the "Last updated" date at the top of this page.