GDPR Compliance

GoldSmarters is fully compliant with the General Data Protection Regulation (GDPR). This page explains your rights under GDPR and how we protect your personal data.

Last updated: October 16, 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It strengthens and unifies data protection for individuals within the European Union (EU) and addresses the export of personal data outside the EU.

GDPR gives you greater control over your personal data and requires organizations to be more transparent about how they collect, use, and protect your information.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

1. Right to Information

You have the right to be informed about how we collect and use your personal data. This information is provided in our Privacy Policy and this GDPR page.

2. Right of Access

You have the right to request access to your personal data and receive a copy of the data we hold about you. You can request this information by contacting us.

3. Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update your information directly in your account settings or contact us for assistance.

4. Right to Erasure (Right to be Forgotten)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose or you withdraw consent.

5. Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data.

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

7. Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

8. Rights Related to Automated Decision Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless you have given explicit consent.

How We Process Your Data

We process your personal data in accordance with GDPR principles:

Lawful Basis for Processing

  • Consent: When you explicitly consent to data processing
  • Contract Performance: To provide our services under our Terms of Service
  • Legitimate Interests: For business operations, security, and service improvement
  • Legal Obligation: To comply with applicable laws and regulations

Data We Collect

  • Account Information: Name, email, company details
  • Usage Data: How you interact with our platform
  • Content Data: Articles and content you create
  • Technical Data: IP address, browser type, device information
  • Communication Data: Support tickets and correspondence

Data Protection Measures

We implement comprehensive data protection measures:

  • Encryption: All data is encrypted in transit and at rest
  • Access Controls: Strict access controls and authentication
  • Regular Audits: Regular security and privacy audits
  • Staff Training: Regular GDPR and data protection training
  • Data Minimization: We only collect data necessary for our services
  • Purpose Limitation: Data is only used for specified purposes

Data Retention

We retain your personal data only for as long as necessary:

  • Account Data: Retained while your account is active and for a reasonable period after closure
  • Content Data: Retained according to your preferences and service requirements
  • Usage Data: Typically retained for 2 years for analytics and service improvement
  • Legal Requirements: Some data may be retained longer to comply with legal obligations

International Data Transfers

When we transfer your data outside the European Economic Area (EEA), we ensure adequate protection:

  • Adequacy Decisions: We transfer to countries with adequate data protection
  • Standard Contractual Clauses: We use EU-approved standard contractual clauses
  • Binding Corporate Rules: Internal data protection policies for international transfers
  • Certification Schemes: Participation in recognized certification schemes

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:

  • Contact: [email protected]
  • Responsibilities: Monitoring compliance, providing advice, and serving as a point of contact
  • Independence: The DPO operates independently and reports directly to senior management

Exercising Your Rights

To exercise any of your GDPR rights, you can:

  • Account Settings: Update your information directly in your account
  • Contact Form: Use our contact form to submit requests
  • Email: Send requests to [email protected]
  • Response Time: We will respond to your request within 30 days
  • Verification: We may need to verify your identity before processing requests

Complaints and Supervisory Authority

If you have concerns about how we handle your personal data, you can:

  • Contact Us: First, please contact us to resolve any issues
  • Supervisory Authority: You have the right to lodge a complaint with your local data protection authority
  • Lead Authority: Our lead supervisory authority is the relevant authority in your country of residence

Updates to This Policy

We may update this GDPR compliance page from time to time to reflect changes in our practices or applicable laws. We will notify you of any significant changes and update the "Last updated" date at the top of this page.

Contact Information

For any questions about our GDPR compliance or to exercise your rights, please contact us: