GDPR Compliance

General Data Protection Regulation compliance for EU residents

Last updated: 9/18/2025

1. Our Commitment to GDPR

EvolveForms is committed to protecting the privacy rights of individuals in the European Union (EU) under the General Data Protection Regulation (GDPR). This page outlines our compliance measures and your rights as an EU resident.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: To provide our form building services
  • Legitimate Interest: To improve our services and prevent fraud
  • Consent: For marketing communications and optional features
  • Legal Obligation: To comply with applicable laws and regulations

3. Your Rights Under GDPR

As an EU resident, you have the following rights:

3.1 Right of Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data, access to your personal data, and information about our processing activities.

3.2 Right to Rectification (Article 16)

You can request correction of inaccurate personal data and completion of incomplete data.

3.3 Right to Erasure (Article 17)

Also known as the "right to be forgotten," you can request deletion of your personal data under certain circumstances.

3.4 Right to Restrict Processing (Article 18)

You can request restriction of processing in specific situations, such as when you contest the accuracy of your data.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

3.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

3.7 Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling that produces legal effects.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

  • Contact our Data Protection Officer at upbrewai@gmail.com
  • Use our data subject request form (available upon request)
  • Send a written request to our postal address
  • Access certain rights through your account settings

We will respond to your request within one month, or two months for complex requests.

5. Data Transfers

When we transfer your data outside the EU, we ensure adequate protection through:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules where applicable
  • Certification schemes and codes of conduct

6. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities to ensure privacy by design and by default. These assessments help us identify and mitigate privacy risks before they occur.

7. Data Breach Notification

In the event of a data breach that poses a high risk to your rights and freedoms:

  • We will notify the supervisory authority within 72 hours
  • We will inform affected individuals without undue delay
  • We will provide clear information about the nature and impact of the breach
  • We will offer guidance on steps you can take to protect yourself

8. Privacy by Design and Default

We implement privacy by design and by default in our services by:

  • Minimizing data collection to what is necessary
  • Implementing strong security measures
  • Providing privacy-friendly default settings
  • Ensuring transparency in our processing activities

9. Children's Data

We do not knowingly process personal data of children under 16 years of age (or the applicable age in your EU member state) without parental consent. If we become aware of such processing, we will delete the data immediately.

10. Supervisory Authority

If you believe we have not complied with GDPR requirements, you have the right to lodge a complaint with your local supervisory authority:

Lead Supervisory Authority
[Your Lead Supervisory Authority]
Website: [Authority Website]
Email: [Authority Email]

European Data Protection Board:
https://edpb.europa.eu

11. Contact Information

For any GDPR-related questions or requests, contact our Data Protection Officer:

Data Protection Officer
Email: upbrewai@gmail.com
Subject: GDPR Request

12. Updates to This Information

We may update this GDPR compliance information from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes that affect your rights.