GDPR Compliance
Last updated: December 8, 2025
Your privacy rights under the General Data Protection Regulation
Your GDPR Rights
Understanding your data protection rights under GDPR
Right to Access
You have the right to request a copy of the personal data we hold about you and information about how we process it.
Right to Rectification
You can request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure
Also known as the 'right to be forgotten', you can request that we delete your personal data in certain circumstances.
Right to Restrict Processing
You can request that we restrict the processing of your personal data in certain situations.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.
Right to Object
You can object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us using one of the following methods:
Send your request to: privacy@vibecallin.com
Data Protection Officer
Contact our DPO directly at: dpo@vibecallin.com
We will respond to your request within one month of receipt. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.
Our Commitment to GDPR Compliance
VibeCallin is committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
We believe in transparency, fairness, and accountability in all our data processing activities. This page outlines how we meet our GDPR obligations and how you can exercise your rights.
Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:
Consent: When you have given us explicit permission to process your data for a specific purpose.
Contract: When processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.
Legal Obligation: When we need to process your data to comply with the law.
Legitimate Interests: When processing is necessary for our legitimate interests or those of a third party, provided your rights don't override those interests.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and data protection practices.
Our DPO is responsible for monitoring our compliance, advising on data protection matters, and serving as a point of contact for data subjects and supervisory authorities.
You can contact our DPO at: dpo@vibecallin.com
International Data Transfers
If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place.
These safeguards may include Standard Contractual Clauses approved by the European Commission, adequacy decisions, or other legally approved mechanisms.
We only work with third-party service providers that agree to comply with GDPR requirements and implement appropriate security measures.
Data Security Measures
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
Encryption of personal data in transit and at rest
Regular security assessments and penetration testing
Access controls and authentication mechanisms
Employee training on data protection and security
Incident response and breach notification procedures
Regular backups and disaster recovery planning
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements.
When determining retention periods, we consider the nature and sensitivity of the data, the purposes for which we process it, and applicable legal requirements.
Once the retention period expires, we securely delete or anonymize your personal data.
Automated Decision-Making and Profiling
Our AI-powered services may involve automated decision-making and profiling to provide personalized sales automation features.
You have the right not to be subject to decisions based solely on automated processing that significantly affect you, unless necessary for a contract, authorized by law, or based on your explicit consent.
Where we use automated decision-making, we implement suitable measures to safeguard your rights and provide information about the logic involved.
Children's Privacy
Our services are not directed to children under 16 years of age, and we do not knowingly collect personal data from children.
If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete that information.
Parents or guardians who believe we may have collected information from a child should contact us immediately.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.
We maintain detailed procedures for detecting, reporting, and investigating personal data breaches.
Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe we have violated your data protection rights.
The supervisory authority in your country or region can investigate your complaint and take appropriate action.
However, we encourage you to contact us first so we can try to resolve any concerns you may have.