Systemify Automation
Services
Operational AssessmentKnowledge CaptureAI Workforce Design
How It Works
Reviews
Real Client FeedbackCase Studies
BlogStore
WhatsApp
← Back to Home

GDPR Compliance

Last Updated: January 23, 2026

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations processing personal data of individuals in the European Economic Area (EEA), regardless of the organization's location.

Systemify Automation is committed to complying with GDPR requirements and protecting the privacy rights of our users in the EEA. This page outlines our GDPR compliance measures and your rights under GDPR.

2. Our Role and Responsibilities

2.1 Data Controller

Systemify Automation acts as a Data Controller when we determine the purposes and means of processing personal data through our services.

Data Controller:

Systemify Automation

30 N Gould St Ste R, Sheridan, WY 82801, United States

2.2 Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. You can contact our DPO regarding any data protection matters:

Email: dpo@systemifyautomation.com

Phone: +1 646-777-6492

2.3 Data Processor

When providing services to our clients, we may act as a Data Processor, processing personal data on behalf of our clients according to their instructions and our Data Processing Agreements (DPAs).

3. Legal Basis for Processing

We process personal data only when we have a legal basis to do so under GDPR Article 6:

3.1 Consent (Article 6(1)(a))

  • Newsletter subscriptions and marketing communications
  • Non-essential cookies and tracking
  • Optional data collection for enhanced features

You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

3.2 Contract Performance (Article 6(1)(b))

  • Providing automation services you've requested
  • Managing your account and service delivery
  • Processing payments and invoicing
  • Customer support and communication

3.3 Legal Obligation (Article 6(1)(c))

  • Tax and accounting compliance
  • Responding to legal requests and court orders
  • Regulatory reporting requirements

3.4 Legitimate Interests (Article 6(1)(f))

  • Website analytics and service improvement
  • Fraud prevention and security
  • Direct marketing to existing customers
  • Network and information security

We balance our legitimate interests against your rights and freedoms. You can object to processing based on legitimate interests.

3.5 Vital Interests (Article 6(1)(d))

Processing necessary to protect someone's life (rarely applicable to our services).

3.6 Public Interest (Article 6(1)(e))

Not typically applicable to our business operations.

4. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

4.1 Right to Be Informed (Article 13-14)

You have the right to clear, transparent information about how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR page.

4.2 Right of Access (Article 15)

You have the right to:

  • Obtain confirmation that we process your personal data
  • Access your personal data
  • Receive information about how we process your data

We will provide a copy of your data free of charge. Additional copies may incur a reasonable administrative fee.

4.3 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed. We will notify relevant third parties of corrections unless impossible or disproportionate.

4.4 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • The data is no longer necessary for the purposes it was collected
  • You withdraw consent and there's no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

We may retain certain data if required by law or for legitimate purposes (e.g., legal claims, contractual obligations).

4.5 Right to Restriction of Processing (Article 18)

You can request restriction of processing when:

  • You contest the accuracy of data (during verification)
  • Processing is unlawful but you don't want data deleted
  • We no longer need the data but you need it for legal claims
  • You've objected to processing (pending verification of legitimate grounds)

4.6 Right to Data Portability (Article 20)

You can receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and transmit it to another controller when:

  • Processing is based on consent or contract
  • Processing is carried out by automated means

4.7 Right to Object (Article 21)

You can object to processing based on:

  • Legitimate Interests: We must stop unless we demonstrate compelling legitimate grounds
  • Direct Marketing: We must stop immediately upon your objection
  • Profiling: Object to automated decision-making with legal or significant effects

4.8 Rights Related to Automated Decision-Making and Profiling (Article 22)

You have the right not to be subject to decisions based solely on automated processing (including profiling) that have legal or similarly significant effects, unless:

  • Necessary for entering into or performing a contract
  • Authorized by law with suitable safeguards
  • Based on your explicit consent

Currently, we do not engage in automated decision-making that produces legal or similarly significant effects without human intervention.

5. How to Exercise Your Rights

5.1 Making a Request

To exercise any of your GDPR rights, please:

  • Email us at yassir@systemifyautomation.com or dpo@systemifyautomation.com
  • Clearly state which right you wish to exercise
  • Provide sufficient information to verify your identity
  • Specify the scope of your request

5.2 Verification

To protect your privacy, we may require proof of identity before fulfilling your request. Acceptable forms of identification include:

  • Government-issued ID (passport, driver's license)
  • Verification through your registered account
  • Confirmation of account details

5.3 Response Time

  • We will respond to your request within 30 days
  • Complex requests may require up to 60 additional days (with explanation)
  • We will inform you if we need to extend the response time
  • Urgent requests will be prioritized when possible

5.4 No Charge

We will not charge a fee for most requests. However, we may charge a reasonable fee for:

  • Manifestly unfounded or excessive requests
  • Repeated requests for the same information
  • Additional copies of data beyond the first free copy

6. Data Protection Principles

We adhere to GDPR's six data protection principles (Article 5):

6.1 Lawfulness, Fairness, and Transparency

We process data lawfully, fairly, and transparently. We clearly communicate our data practices through our Privacy Policy and this GDPR page.

6.2 Purpose Limitation

We collect data for specified, explicit, and legitimate purposes. We don't further process data in a manner incompatible with those purposes.

6.3 Data Minimization

We collect only data that is adequate, relevant, and limited to what's necessary for our purposes.

6.4 Accuracy

We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or rectified without delay.

6.5 Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.

6.6 Integrity and Confidentiality

We implement appropriate security measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.

7. Data Security Measures

We implement technical and organizational measures to ensure appropriate data security:

7.1 Technical Measures

  • Encryption: SSL/TLS for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication
  • Network Security: Firewalls, intrusion detection/prevention systems
  • Regular Updates: Security patches and software updates
  • Secure Development: Security-by-design and security testing
  • Data Backup: Encrypted, geographically distributed backups

7.2 Organizational Measures

  • Staff Training: Regular GDPR and security awareness training
  • Access Policies: Strict need-to-know access principles
  • Confidentiality Agreements: All staff sign NDAs and confidentiality agreements
  • Security Audits: Regular internal and external security assessments
  • Incident Response: Documented procedures for data breach response
  • Vendor Management: Due diligence on third-party processors

8. Data Breach Notification

8.1 Supervisory Authority Notification

In case of a personal data breach likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, unless the breach is unlikely to result in risk.

8.2 Individual Notification

If a breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, including:

  • Nature of the personal data breach
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact point for more information

8.3 Breach Response

Our breach response plan includes:

  • Immediate containment and assessment
  • Investigation and documentation
  • Notification to affected parties and authorities
  • Remediation and prevention measures
  • Post-incident review and improvements

9. International Data Transfers

When transferring personal data outside the EEA, we ensure appropriate safeguards are in place:

9.1 Transfer Mechanisms

  • Adequacy Decisions: Transfers to countries with adequate protection as determined by the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contracts ensuring GDPR-level protection
  • Binding Corporate Rules (BCRs): Internal data protection policies for multinational organizations
  • Explicit Consent: Informed consent after being made aware of potential risks

9.2 Data Storage Locations

Our primary data storage is located in the United States with appropriate safeguards. We use cloud service providers that comply with GDPR requirements and have implemented SCCs.

10. Third-Party Processors

We work with third-party service providers who process personal data on our behalf. We ensure:

  • Data Processing Agreements (DPAs) are in place with all processors
  • Processors provide sufficient guarantees of GDPR compliance
  • Only authorized processors access personal data
  • Sub-processors are subject to the same data protection obligations

10.1 Categories of Processors

  • Cloud hosting and infrastructure providers
  • Email and communication services
  • Analytics and monitoring tools
  • Payment processors
  • CRM and marketing platforms

11. Data Protection Impact Assessments (DPIAs)

We conduct Data Protection Impact Assessments for processing activities that are likely to result in high risk to individuals' rights and freedoms, particularly when:

  • Using new technologies
  • Processing sensitive data at scale
  • Systematic monitoring of publicly accessible areas
  • Automated decision-making with legal or significant effects

12. Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children without parental consent.

If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.

13. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.

13.1 Contact Supervisory Authorities

Find your local data protection authority:

  • European Data Protection Board - List of Supervisory Authorities

13.2 Our Preference

While you have the right to complain to a supervisory authority, we encourage you to contact us first at dpo@systemifyautomation.com so we can address your concerns directly.

14. Data Retention

We retain personal data for different periods depending on the purpose and legal requirements:

Data TypeRetention PeriodReason
Account dataDuration of relationship + 1 yearService provision and legal claims
Financial records7 yearsTax and accounting requirements
Contract documents7 years after terminationLegal obligations and claims
Marketing data3 years from last engagementLegitimate interest / until consent withdrawn
Support tickets3 yearsService improvement and dispute resolution
Analytics data26 months (anonymized after 14 months)Service improvement
CookiesVaries (see Cookie Policy)Functionality and analytics

15. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to reflect:

  • Changes in GDPR interpretation and guidance
  • New technologies and processing activities
  • Feedback from supervisory authorities
  • Changes in our business practices

Material changes will be communicated through our website and, where appropriate, by email.

16. Contact Information

For GDPR-related questions, concerns, or to exercise your rights:

Data Controller:

Systemify Automation

30 N Gould St Ste R, Sheridan, WY 82801, United States

Email: yassir@systemifyautomation.com

Phone: +1 646-777-6492

Data Protection Officer:

Email: dpo@systemifyautomation.com

17. Additional Resources

For more information about GDPR and data protection:

  • GDPR Official Website
  • European Data Protection Board
  • UK ICO GDPR Guide
  • Our Privacy Policy
  • Our Cookie Policy
Systemify Automation

We redesign business operations around AI — so growing companies scale their output without proportionally scaling their headcount.

  • 30 N Gould St Ste R
    Sheridan, WY 82801
    United States
  • +1 646-777-6492
  • yassir@systemifyautomation.com
  • Mon-Fri: 7:00 AM - 10:00 PM
    Sat: 8:00 AM - 10:00 PM
    Sun: 10:00 AM - 8:00 PM MST

Company

  • Services
  • Our Offerings
  • Case Studies
  • About Us
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
  • GDPR Compliance
  • Sitemap

Subscribe

Get AI Automation SECRETS and updates from Systemify Automation

© 2026 Systemify Automation. All rights reserved.

Don't Let Competitors Leave You Behind | Join Growing Businesses Winning the AI Race