GDPR Compliance

1. Introduction

BuildSpace Inc. is committed to protecting the privacy and personal data of all individuals, particularly those in the European Union. This document outlines our compliance with the General Data Protection Regulation (GDPR) and your rights under this regulation.

2. Legal Basis for Processing

We process personal data under the following legal bases:

• Contract: To provide our services and fulfill our contractual obligations
• Legitimate Interest: To improve our services and prevent fraud
• Consent: For marketing communications and optional features
• Legal Obligation: To comply with applicable laws and regulations

3. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

You have the right to request access to your personal data and receive information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data under certain circumstances.

Right to Restrict Processing

You can request limitation of processing of your personal data in specific situations.

Right to Data Portability

You can request to receive your personal data in a structured, machine-readable format.

Right to Object

You can object to processing of your personal data for direct marketing or legitimate interests.

4. Privacy contact

For data protection questions and requests (including GDPR rights), contact us at privacy@buildspace.site. We handle inquiries in line with applicable law and respond within the timeframes GDPR requires where it applies.

5. Data Transfers

When we transfer personal data outside the EU, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions by the European Commission.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account data: Until account deletion plus 30 days
• Billing data: 7 years for tax and accounting purposes
• Support communications: 3 years
• Marketing data: Until consent is withdrawn

7. Security Measures

We implement appropriate technical and organizational measures to protect personal data, including encryption, access controls, regular security audits, and staff training on data protection principles.

8. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay when the breach is likely to result in high risk to their rights and freedoms.

9. Exercising Your Rights

To exercise any of your GDPR rights, please contact us using the information below. We will respond to your request within one month.

10. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. You can contact your local data protection authority or the Irish Data Protection Commission, our lead supervisory authority in the EU.

11. Updates to This Document

We may update this GDPR compliance document from time to time. We will notify you of any material changes and update the "Last updated" date at the top of this page.