Legal

GDPR Compliance

How ClickToAutomate complies with the EU General Data Protection Regulation and protects your data rights.

01

Our GDPR Commitment

ClickToAutomate is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of all EU, EEA, and UK residents. We implement data protection by design and by default, ensuring your personal data is processed lawfully, fairly, and transparently.

02

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contract Performance: To provide, maintain, and improve our services
  • Consent: When you explicitly agree (e.g., marketing, optional features)
  • Legitimate Interests: For security, fraud prevention, and service improvement
  • Legal Obligation: When required by applicable laws
  • Vital Interests: To protect your safety or someone else's safety

We never process sensitive data without explicit consent, except where legally required.

03

Your GDPR Rights

If you are in the EU, EEA, or UK, you have the right to:

  • Right of Access: Obtain a copy of your personal data
  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Delete your data ('Right to be Forgotten')
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Export your data in a portable format
  • Right to Object: Oppose processing for certain purposes
  • Right to Withdraw Consent: Revoke consent at any time
  • Rights Related to Automated Decision-Making: Challenge automated decisions
  • Right to Lodge a Complaint: File a complaint with your supervisory authority

To exercise any of these rights, contact our data protection team.

04

Data Transfers & International Compliance

We may transfer personal data to countries outside the EU/EEA for:

  • Service delivery and support
  • Data processing and analytics
  • Cloud storage and backup
  • Fraud prevention and security

Where we do transfer data, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs)
  • Adequacy Decisions by the European Commission
  • Your explicit consent
  • Data Processing Agreements with all processors

All transfers comply with current GDPR requirements and CJEU decisions.

05

Data Protection Officer & Accountability

ClickToAutomate has appointed a Data Protection Officer (DPO) to oversee GDPR compliance.

Contact Our DPO: • Email: dpo@clicktoautomate.in • Response Time: Within 5 business days

We maintain:

  • Records of Processing Activities (ROPA)
  • Data Protection Impact Assessments (DPIA)
  • Data Processing Agreements with all processors
  • Employee data protection training
  • Regular compliance audits and reviews
  • Privacy impact assessments for new features
06

Data Security & Protection Measures

We implement comprehensive security measures:

  • Encryption: AES-256 for data at rest, TLS for data in transit
  • Access Controls: Role-based access, multi-factor authentication
  • Regular Audits: Independent security assessments
  • Intrusion Detection: 24/7 monitoring and threat detection
  • Incident Response: Rapid response procedures for breaches
  • Employee Training: Regular security awareness training
  • Vendor Management: Strict requirements for all data processors
  • Penetration Testing: Regular security testing and updates

We maintain comprehensive audit trails of all data access and processing.

07

Data Retention & Deletion

We retain personal data only as long as necessary:

  • Account Data: Retained during account activity
  • Service Data: Retained for service delivery duration
  • Usage Analytics: Retained for 12 months
  • Transaction Records: Retained for 7 years (legal requirement)
  • Backup Data: Retained for 30 days maximum

Upon account deletion, we remove:

  • All personal identifiers within 30 days
  • All usage data within 90 days
  • All transaction records (after legal retention period)

You can request deletion of your data at any time subject to legal obligations.

08

Breach Notification Procedure

In case of a data breach, we will:

• Notify affected individuals without undue delay • Notify supervisory authorities within 72 hours • Provide information about: - Nature and scope of the breach - Likely consequences - Measures we're taking to mitigate harm - Contact information for more details

We maintain a breach register and conduct post-incident reviews to prevent recurrence.

09

Children's Privacy Protection

ClickToAutomate is not intended for children under 16 years old (or the age of digital consent in your country). We do not knowingly collect personal data from children. If we discover we have collected data from a child, we delete it immediately.

Parents or guardians who believe we have collected their child's data should contact us immediately.

10

Cookie Policy & Consent

We use cookies and similar tracking technologies:

  • Essential Cookies: Required for functionality
  • Performance Cookies: Track usage and improve services
  • Marketing Cookies: Enable targeted advertising
  • Third-party Cookies: From analytics and advertising partners

We obtain your explicit consent before setting non-essential cookies. You can manage cookie preferences in your browser settings or through our consent management interface.

11

Third-Party Data Sharing

We only share personal data with:

  • Service Providers: Who assist us (with Data Processing Agreements)
  • Legal Requirements: When required by law
  • Your Consent: When you explicitly authorize sharing
  • Business Transfers: In case of merger or acquisition (with prior notice)

We do not sell personal data to third parties. All sharing is limited to what's necessary for the stated purpose.

12

Changes & Contact Information

This GDPR policy may be updated as our practices evolve. We will notify you of material changes via email or through our platform.

For all GDPR-related inquiries: • Email: privacy@clicktoautomate.in • DPO: dpo@clicktoautomate.in • Postal: ClickToAutomate, Data Protection Office, [Address] • Response Time: Within 5 business days

You also have the right to lodge a complaint with your local supervisory authority at any time.

Last updated: July 8, 2026

We may update this policy from time to time. Your continued use of our platform after updates constitutes your acceptance of the changes.

Your Privacy Rights Matter

You have full control over your personal data. Request access, corrections, deletion, or portability of your information anytime.