Our GDPR Commitment
The General Data Protection Regulation (GDPR) gives you control over your personal data. Business Review Tracker is fully committed to GDPR compliance and protecting your privacy rights. We process your data lawfully, transparently, and only for specified purposes.
Your Rights Under GDPR
Right to Information
You have the right to know what personal data we collect, how we use it, and who we share it with.
Right of Access
You can request a copy of all personal data we hold about you at any time.
Right to Rectification
You can ask us to correct any inaccurate or incomplete personal data.
Right to Erasure
You can request deletion of your personal data in certain circumstances.
Right to Restrict Processing
You can ask us to limit how we process your personal data in specific situations.
Right to Data Portability
You can receive your personal data in a structured, machine-readable format.
Right to Object
You can object to certain types of processing of your personal data.
Automated Decision Making
You have rights regarding automated decision-making and profiling.
Data We Collect
| Data Type | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Account Information | Service provision and account management | Contract performance | Account lifetime + 2 years |
| Business Details | Review monitoring and notifications | Contract performance | Account lifetime + 1 year |
| Payment Information | Billing and subscription management | Contract performance | 7 years (legal requirement) |
| Usage Analytics | Service improvement | Legitimate interest | 2 years |
| Support Communications | Customer support | Contract performance | 3 years |
How to Exercise Your Rights
Submit Request
Email us with your request using the contact information below
Identity Verification
We'll verify your identity to protect your data
Processing
We'll process your request within 30 days
Response
You'll receive a response with the requested action completed
Data Retention Policy
We only keep your personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, it is securely deleted or anonymized.
Automatic Deletion: Inactive accounts are automatically deleted after 3 years of inactivity, with 90 days advance notice.
International Data Transfers
If we transfer your data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions by the European Commission
- Appropriate technical and organizational measures
- Regular assessments of data protection levels
Data Protection Officer
While not legally required for our organization size, we have designated a Data Protection Contact to handle GDPR-related matters and ensure compliance. This person oversees data protection practices and serves as your point of contact for privacy concerns.
Complaints and Supervisory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local supervisory authority. However, we encourage you to contact us first so we can try to resolve any concerns directly.
EU Residents: You can find your local supervisory authority at https://edpb.europa.eu
Exercise Your GDPR Rights
For any GDPR-related requests or questions about your data protection rights:
[email protected]Please include "GDPR Request" in your subject line and specify which right you'd like to exercise.