Our Commitment to GDPR
sem.chat is committed to protecting the privacy and personal data of all users in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.
Important: GDPR applies to all individuals in the European Union (EU) and European Economic Area (EEA), regardless of where our company is located.
Your Rights Under GDPR
As a data subject, you have the following rights:
1. Right to Access
You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.
2. Right to Rectification
You can request that we correct any inaccurate or incomplete personal data we hold about you.
3. Right to Erasure ("Right to be Forgotten")
You can request that we delete your personal data when:
- The data is no longer necessary for its original purpose
- You withdraw your consent
- You object to the processing
- The data was unlawfully processed
4. Right to Restrict Processing
You can request that we limit how we use your data while we verify its accuracy or address your concerns.
5. Right to Data Portability
You can request your personal data in a structured, commonly used, machine-readable format to transfer to another service provider.
6. Right to Object
You can object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
7. Rights Related to Automated Decision Making
You have the right not to be subject to a decision based solely on automated processing that significantly affects you.
How We Protect Your Data
We implement appropriate technical and organizational measures to ensure data security:
- Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Strict role-based access to personal data
- Regular Audits: Security assessments and penetration testing
- Employee Training: Regular GDPR and security awareness training
- Incident Response: Procedures to detect, report, and investigate breaches
Data Processing
Legal Basis for Processing
We process personal data under the following legal bases:
- Contract: To provide our services as agreed
- Consent: For marketing communications and optional features
- Legitimate Interest: For service improvement and fraud prevention
- Legal Obligation: To comply with applicable laws
Data Retention
We retain personal data only as long as necessary for the purposes it was collected. Conversation data is retained for the duration of your subscription plus 30 days. Upon account deletion, all personal data is removed within 90 days.
International Data Transfers
When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data processing agreements with all sub-processors
- Verification of adequate protection levels
Data Protection Officer
For any GDPR-related inquiries or to exercise your rights, please contact our Data Protection Officer:
Email: [email protected]
Lodging a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can address your concerns directly.
Updates to This Policy
We may update this GDPR information periodically. Any significant changes will be communicated via email or through our platform.