Legal/GDPR Compliance

GDPR Compliance

Last updated: December 2024

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Twello is committed to complying with GDPR requirements and protecting your personal data.

How Twello Complies with GDPR

We have implemented comprehensive measures to ensure GDPR compliance across all our operations:

  • Appointed a Data Protection Officer (DPO)
  • Implemented privacy by design principles
  • Established clear data processing lawful bases
  • Created transparent privacy policies
  • Implemented data subject rights procedures
  • Established data breach notification procedures
  • Conducted privacy impact assessments

Data Protection Principles

We adhere to the following GDPR data protection principles:

  • Lawfulness, fairness and transparency: We process data lawfully, fairly and transparently
  • Purpose limitation: We collect data for specified, explicit and legitimate purposes
  • Data minimization: We ensure data is adequate, relevant and limited to what is necessary
  • Accuracy: We keep data accurate and up to date
  • Storage limitation: We keep data only as long as necessary
  • Integrity and confidentiality: We process data securely with appropriate technical measures
  • Accountability: We can demonstrate compliance with these principles

Data Subject Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to be informed: Transparent information about how we use your data
  • Right of access: You can request copies of your personal data
  • Right to rectification: You can request correction of inaccurate data
  • Right to erasure: You can request deletion of your personal data
  • Right to restrict processing: You can request limitation of data processing
  • Right to data portability: You can request transfer of your data
  • Right to object: You can object to processing of your personal data
  • Rights related to automated decision making: Protection from automated decision-making

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach. We will also notify the relevant supervisory authority as required by GDPR.

International Transfers

When we transfer your personal data outside the EU/EEA, we ensure appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses, or binding corporate rules, to protect your data in accordance with GDPR requirements.

Data Protection Officer

Our Data Protection Officer oversees our GDPR compliance and serves as your primary contact for data protection matters. You can contact our DPO at:

Email: [email protected]
Subject Line: GDPR - Data Protection Officer

Your Rights in Detail

Exercising Your Rights

To exercise any of your GDPR rights, please contact us at [email protected]. We will respond to your request within one month, though this may be extended in complex cases.

Verification Process

To protect your privacy, we may need to verify your identity before processing certain requests. This helps ensure that personal data is not disclosed to unauthorized parties.

No Fee Required

We will not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your data protection rights, please contact us:

Email: [email protected]
Subject Line: GDPR Inquiry

You also have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR.