GDPR Compliance
General Data Protection Regulation - Your Rights & Our Commitments
Quick Navigation
Introduction
This GDPR compliance statement explains how FatCouple OÜ ("we," "us," or "our") processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") when you use our AskRanking service.
We are committed to protecting your privacy and ensuring transparent handling of your personal data. This document outlines your rights under GDPR and our obligations as a data controller and processor.
Data Controller Information
Company Details
FatCouple OÜ
Estonian Company Registration: [Registration Number]
Address: [Company Address], Estonia
EU VAT Number: [VAT Number]
Data Protection Officer
Email: [email protected]
For all GDPR-related inquiries and data subject requests
Personal Data We Collect
Account & Profile Data
- Name, email address, and profile information
- Authentication data (encrypted passwords, OAuth tokens)
- Team and organization memberships
- User preferences and settings
Usage & Analytics Data
- Website analysis and ranking data you submit
- Search queries and optimization requests
- Usage patterns and feature interactions
- Technical data (IP address, browser type, device information)
Communication Data
- Support tickets and correspondence
- Email communications and notifications
- Feedback and survey responses
Legal Basis for Processing
Contractual Necessity (Article 6(1)(b))
Processing your account data, usage information, and service-related communications to provide and maintain our AskRanking services as outlined in our Terms of Service.
Legitimate Interest (Article 6(1)(f))
Analyzing usage patterns to improve our services, detecting fraud and abuse, ensuring security, and conducting direct marketing to existing customers where appropriate.
Consent (Article 6(1)(a))
Optional marketing communications, analytics cookies, and any processing activities for which we explicitly request your consent.
Your Rights Under GDPR
Right of Access (Article 15)
Request a copy of your personal data we hold and information about how it's processed.
Right to Rectification (Article 16)
Request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17)
Request deletion of your personal data under certain circumstances.
Right to Restrict Processing (Article 18)
Request limitation of processing your personal data in specific situations.
Right to Data Portability (Article 20)
Receive your personal data in a structured, machine-readable format.
Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
Right to Withdraw Consent (Article 7)
Withdraw consent for any consent-based processing activities.
Right to Lodge a Complaint (Article 77)
File a complaint with your local data protection authority.
How to Exercise Your Rights
Contact our Data Protection Officer at [email protected] with your request. We will respond within 30 days and may request identity verification.
Data Retention Periods
Account Data
Retained while your account is active, plus 30 days after deletion for recovery purposes.
Usage Analytics
Aggregated data retained for 25 months. Individual data anonymized after 13 months.
Legal Compliance
Some data retained longer where required by law (e.g., tax records for 7 years).
Data Sharing & Transfers
Service Providers
We share personal data with trusted service providers who assist in operating our service:
- Cloud hosting providers (AWS, Google Cloud) with EU data residency
- Email service providers for transactional communications
- Analytics providers (with pseudonymization where possible)
- Customer support tools for service delivery
International Transfers
Where data is transferred outside the EU/EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs), adequacy decisions, or other appropriate safeguards as required by Article 46 GDPR.
Data Security Measures
Technical Safeguards
- End-to-end encryption for data transmission
- AES-256 encryption for data at rest
- Multi-factor authentication options
- Regular security audits and penetration testing
- Automated vulnerability scanning
Organizational Measures
- Staff training on data protection principles
- Access controls and need-to-know basis
- Data breach response procedures
- Regular backup and disaster recovery testing
- Privacy by design in product development
Contact Information
Data Protection Officer
Email: [email protected]
Response Time: Within 30 days
Languages: English, Estonian
Supervisory Authority
Estonian Data Protection Inspectorate
Tatari 39, 10134 Tallinn, Estonia
Website: www.aki.ee/en