The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations processing personal data of individuals in the European Economic Area (EEA), regardless of the organization's location.
Systemify Automation is committed to complying with GDPR requirements and protecting the privacy rights of our users in the EEA. This page outlines our GDPR compliance measures and your rights under GDPR.
Systemify Automation acts as a Data Controller when we determine the purposes and means of processing personal data through our services.
Data Controller:
Systemify Automation
30 N Gould St Ste R, Sheridan, WY 82801, United States
We have appointed a Data Protection Officer to oversee our GDPR compliance efforts. You can contact our DPO regarding any data protection matters:
Email: dpo@systemifyautomation.com
Phone: +1 646-777-6492
When providing services to our clients, we may act as a Data Processor, processing personal data on behalf of our clients according to their instructions and our Data Processing Agreements (DPAs).
We process personal data only when we have a legal basis to do so under GDPR Article 6:
You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.
We balance our legitimate interests against your rights and freedoms. You can object to processing based on legitimate interests.
Processing necessary to protect someone's life (rarely applicable to our services).
Not typically applicable to our business operations.
Under GDPR, you have the following rights regarding your personal data:
You have the right to clear, transparent information about how we collect and use your personal data. This is provided through our Privacy Policy and this GDPR page.
You have the right to:
We will provide a copy of your data free of charge. Additional copies may incur a reasonable administrative fee.
You have the right to have inaccurate personal data corrected and incomplete data completed. We will notify relevant third parties of corrections unless impossible or disproportionate.
You can request deletion of your personal data when:
We may retain certain data if required by law or for legitimate purposes (e.g., legal claims, contractual obligations).
You can request restriction of processing when:
You can receive your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON) and transmit it to another controller when:
You can object to processing based on:
You have the right not to be subject to decisions based solely on automated processing (including profiling) that have legal or similarly significant effects, unless:
Currently, we do not engage in automated decision-making that produces legal or similarly significant effects without human intervention.
To exercise any of your GDPR rights, please:
To protect your privacy, we may require proof of identity before fulfilling your request. Acceptable forms of identification include:
We will not charge a fee for most requests. However, we may charge a reasonable fee for:
We adhere to GDPR's six data protection principles (Article 5):
We process data lawfully, fairly, and transparently. We clearly communicate our data practices through our Privacy Policy and this GDPR page.
We collect data for specified, explicit, and legitimate purposes. We don't further process data in a manner incompatible with those purposes.
We collect only data that is adequate, relevant, and limited to what's necessary for our purposes.
We take reasonable steps to ensure personal data is accurate and kept up to date. Inaccurate data is erased or rectified without delay.
We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law.
We implement appropriate security measures to protect against unauthorized or unlawful processing, accidental loss, destruction, or damage.
We implement technical and organizational measures to ensure appropriate data security:
In case of a personal data breach likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware, unless the breach is unlikely to result in risk.
If a breach is likely to result in a high risk to your rights and freedoms, we will notify you directly without undue delay, including:
Our breach response plan includes:
When transferring personal data outside the EEA, we ensure appropriate safeguards are in place:
Our primary data storage is located in the United States with appropriate safeguards. We use cloud service providers that comply with GDPR requirements and have implemented SCCs.
We work with third-party service providers who process personal data on our behalf. We ensure:
We conduct Data Protection Impact Assessments for processing activities that are likely to result in high risk to individuals' rights and freedoms, particularly when:
Our services are not directed at children under 16 years of age. We do not knowingly collect or process personal data from children without parental consent.
If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of alleged infringement.
Find your local data protection authority:
While you have the right to complain to a supervisory authority, we encourage you to contact us first at dpo@systemifyautomation.com so we can address your concerns directly.
We retain personal data for different periods depending on the purpose and legal requirements:
| Data Type | Retention Period | Reason |
|---|---|---|
| Account data | Duration of relationship + 1 year | Service provision and legal claims |
| Financial records | 7 years | Tax and accounting requirements |
| Contract documents | 7 years after termination | Legal obligations and claims |
| Marketing data | 3 years from last engagement | Legitimate interest / until consent withdrawn |
| Support tickets | 3 years | Service improvement and dispute resolution |
| Analytics data | 26 months (anonymized after 14 months) | Service improvement |
| Cookies | Varies (see Cookie Policy) | Functionality and analytics |
We regularly review and update our GDPR compliance measures to reflect:
Material changes will be communicated through our website and, where appropriate, by email.
For GDPR-related questions, concerns, or to exercise your rights:
Data Controller:
Systemify Automation
30 N Gould St Ste R, Sheridan, WY 82801, United States
Email: yassir@systemifyautomation.com
Phone: +1 646-777-6492
Data Protection Officer:
Email: dpo@systemifyautomation.com
For more information about GDPR and data protection: