GDPR Compliance

Our Commitment to GDPR

sem.chat is committed to protecting the privacy and personal data of all users in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

Your Rights Under GDPR

As a data subject, you have the following rights:

1. Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

2. Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

3. Right to Erasure ("Right to be Forgotten")

You can request that we delete your personal data when:

• The data is no longer necessary for its original purpose
• You withdraw your consent
• You object to the processing
• The data was unlawfully processed

4. Right to Restrict Processing

You can request that we limit how we use your data while we verify its accuracy or address your concerns.

5. Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format to transfer to another service provider.

6. Right to Object

You can object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.

7. Rights Related to Automated Decision Making

You have the right not to be subject to a decision based solely on automated processing that significantly affects you.

How We Protect Your Data

We implement appropriate technical and organizational measures to ensure data security:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Strict role-based access to personal data
• Regular Audits: Security assessments and penetration testing
• Employee Training: Regular GDPR and security awareness training
• Incident Response: Procedures to detect, report, and investigate breaches

Data Processing

Legal Basis for Processing

We process personal data under the following legal bases:

• Contract: To provide our services as agreed
• Consent: For marketing communications and optional features
• Legitimate Interest: For service improvement and fraud prevention
• Legal Obligation: To comply with applicable laws

Data Retention

We retain personal data only as long as necessary for the purposes it was collected. Conversation data is retained for the duration of your subscription plus 30 days. Upon account deletion, all personal data is removed within 90 days.

International Data Transfers

When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data processing agreements with all sub-processors
• Verification of adequate protection levels

Data Protection Officer

For any GDPR-related inquiries or to exercise your rights, please contact our Data Protection Officer:

Email: [email protected]

Lodging a Complaint

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local supervisory authority. We encourage you to contact us first so we can address your concerns directly.

Updates to This Policy

We may update this GDPR information periodically. Any significant changes will be communicated via email or through our platform.