GDPR Compliance

Last updated: July 19, 2025

At Twello, we are committed to ensuring the privacy and protection of your personal data in compliance with the General Data Protection Regulation (GDPR). This page outlines how we adhere to GDPR requirements and your rights under this regulation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA areas.

How Twello Complies with GDPR

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so, such as:

  • Consent: You have given clear consent for us to process your personal data for a specific purpose.
  • Contract: The processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • Legal obligation: The processing is necessary for us to comply with the law.
  • Legitimate interests: The processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests.

Data Protection Principles

In accordance with GDPR, we adhere to the following principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Data Subject Rights

Under GDPR, you have the following rights:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data.
  • Right of access: You have the right to request a copy of the information that we hold about you.
  • Right to rectification: You have the right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to erasure: In certain circumstances, you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing: Where certain conditions apply, you have the right to restrict the processing of your personal data.
  • Right to data portability: You have the right to have the data we hold about you transferred to another organisation.
  • Right to object: You have the right to object to certain types of processing such as direct marketing.
  • Rights in relation to automated decision making and profiling: You have the right to be subject to the legal effects of automated processing or profiling.

Data Breach Notification

In the event of a data breach that may pose a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly as soon as possible.

International Transfers

If we transfer your personal data outside the EEA, we ensure that it is protected to the same standards by using one of the following safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs)
  • Adherence to the EU-US Privacy Shield Framework (where applicable)

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPO using the details below:

Data Protection Officer

Email: [email protected]

Postal Address: 123 Twello Street, San Francisco, CA 94107, USA

Your Rights in Detail

Right to Access Your Personal Data

You have the right to request a copy of the personal data we hold about you. To do so, please contact our DPO. We will provide the information without delay and at the latest within one month of receipt of the request. We may extend this period by up to two additional months where necessary, taking into account the complexity and number of the requests.

Right to Rectification

If the personal data we hold about you is inaccurate or incomplete, you have the right to rectification. You can update some of your personal data directly through your account settings. For other data, please contact our DPO.

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion of your personal data where one of the following grounds applies:

  • The personal data is no longer necessary in relation to the purposes for which it was collected or processed.
  • You withdraw consent to the processing and there is no other legal ground for the processing.
  • You object to the processing and there are no overriding legitimate grounds for the processing.
  • The personal data has been unlawfully processed.
  • The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Contact Us

If you have any questions or concerns about our GDPR compliance, please contact our Data Protection Officer at [email protected].