GDPR Compliance
How ClickToAutomate complies with the EU General Data Protection Regulation and protects your data rights.
Our GDPR Commitment
ClickToAutomate is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all EU, EEA, and UK residents. We implement data protection by design and by default, ensuring your personal data is processed lawfully, fairly, and transparently.
Lawful Basis for Processing
We process personal data under the following lawful bases:
- Contract Performance: To provide, maintain, and improve our services
- Consent: When you explicitly agree (e.g., marketing, optional features)
- Legitimate Interests: For security, fraud prevention, and service improvement
- Legal Obligation: When required by applicable laws
- Vital Interests: To protect your safety or someone else's safety
We never process sensitive data without explicit consent, except where legally required.
Your GDPR Rights
If you are in the EU, EEA, or UK, you have the right to:
- Right of Access: Obtain a copy of your personal data
- Right to Rectification: Correct inaccurate information
- Right to Erasure: Delete your data ('Right to be Forgotten')
- Right to Restrict Processing: Limit how we use your data
- Right to Data Portability: Export your data in a portable format
- Right to Object: Oppose processing for certain purposes
- Right to Withdraw Consent: Revoke consent at any time
- Rights Related to Automated Decision-Making: Challenge automated decisions
- Right to Lodge a Complaint: File a complaint with your supervisory authority
To exercise any of these rights, contact our data protection team.
Data Transfers & International Compliance
We may transfer personal data to countries outside the EU/EEA for:
- Service delivery and support
- Data processing and analytics
- Cloud storage and backup
- Fraud prevention and security
Where we do transfer data, we ensure appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Adequacy Decisions by the European Commission
- Your explicit consent
- Data Processing Agreements with all processors
All transfers comply with current GDPR requirements and CJEU decisions.
Data Protection Officer & Accountability
ClickToAutomate has appointed a Data Protection Officer (DPO) to oversee GDPR compliance.
Contact Our DPO: • Email: dpo@clicktoautomate.in • Response Time: Within 5 business days
We maintain:
- Records of Processing Activities (ROPA)
- Data Protection Impact Assessments (DPIA)
- Data Processing Agreements with all processors
- Employee data protection training
- Regular compliance audits and reviews
- Privacy impact assessments for new features
Data Security & Protection Measures
We implement comprehensive security measures:
- Encryption: AES-256 for data at rest, TLS for data in transit
- Access Controls: Role-based access, multi-factor authentication
- Regular Audits: Independent security assessments
- Intrusion Detection: 24/7 monitoring and threat detection
- Incident Response: Rapid response procedures for breaches
- Employee Training: Regular security awareness training
- Vendor Management: Strict requirements for all data processors
- Penetration Testing: Regular security testing and updates
We maintain comprehensive audit trails of all data access and processing.
Data Retention & Deletion
We retain personal data only as long as necessary:
- Account Data: Retained during account activity
- Service Data: Retained for service delivery duration
- Usage Analytics: Retained for 12 months
- Transaction Records: Retained for 7 years (legal requirement)
- Backup Data: Retained for 30 days maximum
Upon account deletion, we remove:
- All personal identifiers within 30 days
- All usage data within 90 days
- All transaction records (after legal retention period)
You can request deletion of your data at any time subject to legal obligations.
Breach Notification Procedure
In case of a data breach, we will:
• Notify affected individuals without undue delay • Notify supervisory authorities within 72 hours • Provide information about: - Nature and scope of the breach - Likely consequences - Measures we're taking to mitigate harm - Contact information for more details
We maintain a breach register and conduct post-incident reviews to prevent recurrence.
Children's Privacy Protection
ClickToAutomate is not intended for children under 16 years old (or the age of digital consent in your country). We do not knowingly collect personal data from children. If we discover we have collected data from a child, we delete it immediately.
Parents or guardians who believe we have collected their child's data should contact us immediately.
Cookie Policy & Consent
We use cookies and similar tracking technologies:
- Essential Cookies: Required for functionality
- Performance Cookies: Track usage and improve services
- Marketing Cookies: Enable targeted advertising
- Third-party Cookies: From analytics and advertising partners
We obtain your explicit consent before setting non-essential cookies. You can manage cookie preferences in your browser settings or through our consent management interface.
Third-Party Data Sharing
We only share personal data with:
- Service Providers: Who assist us (with Data Processing Agreements)
- Legal Requirements: When required by law
- Your Consent: When you explicitly authorize sharing
- Business Transfers: In case of merger or acquisition (with prior notice)
We do not sell personal data to third parties. All sharing is limited to what's necessary for the stated purpose.
Changes & Contact Information
This GDPR policy may be updated as our practices evolve. We will notify you of material changes via email or through our platform.
For all GDPR-related inquiries: • Email: privacy@clicktoautomate.in • DPO: dpo@clicktoautomate.in • Postal: ClickToAutomate, Data Protection Office, [Address] • Response Time: Within 5 business days
You also have the right to lodge a complaint with your local supervisory authority at any time.
Last updated: July 8, 2026
We may update this policy from time to time. Your continued use of our platform after updates constitutes your acceptance of the changes.
Your Privacy Rights Matter
You have full control over your personal data. Request access, corrections, deletion, or portability of your information anytime.