GDPR Compliance

GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE

Last updated: August 4, 2025

This GDPR Compliance Statement explains how Workadabra ("we", "us", or "our") complies with the General Data Protection Regulation (GDPR) when processing personal data of individuals in the European Economic Area (EEA). This document outlines our data protection practices, your rights under GDPR, and how we ensure compliance with these regulations.

WHAT IS GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and those that offer goods or services to individuals in the EU, regardless of where the organization is based. GDPR aims to give individuals greater control over their personal data and to simplify the regulatory environment for international business.

OUR COMMITMENT TO GDPR COMPLIANCE

Workadabra is committed to protecting your privacy and ensuring compliance with GDPR. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data.

LEGAL BASIS FOR PROCESSING

Under GDPR, we process personal data based on the following legal grounds:

• Consent: You have given clear consent for us to process your personal data for a specific purpose
• Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject
• Vital Interests: Processing is necessary to protect someone's life
• Public Task: Processing is necessary for the performance of a task carried out in the public interest
• Legitimate Interests: Processing is necessary for our legitimate interests or the legitimate interests of a third party, provided these interests do not override your fundamental rights and freedoms

TYPES OF PERSONAL DATA WE PROCESS

We may collect and process the following categories of personal data:

• Identity Data: Name, username, date of birth, gender
• Contact Data: Email address, phone number, postal address
• Financial Data: Bank account details, payment card information, transaction history
• Technical Data: IP address, browser type, device information, login data
• Usage Data: Information about how you use our services, products, and website
• Marketing Data: Your preferences for receiving marketing communications

PURPOSES OF PROCESSING

We process your personal data for the following purposes:

• Service Provision: To provide and maintain our services, process transactions, and manage your account
• Communication: To communicate with you about our services, respond to inquiries, and provide customer support
• Legal Compliance: To comply with legal obligations, including tax and regulatory requirements
• Security: To ensure the security of our services and prevent fraud
• Improvement: To improve our services, develop new features, and conduct research
• Marketing: To send you marketing communications (with your consent)

DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. Our retention periods are as follows:

• Account Data: Retained for the duration of your account plus 7 years for legal compliance
• Transaction Data: Retained for 7 years for tax and regulatory purposes
• Marketing Data: Retained until you withdraw consent or opt out
• Technical Data: Retained for 2 years for security and analytics purposes

YOUR RIGHTS UNDER GDPR

Under GDPR, you have the following rights regarding your personal data:

• Right of Access: You have the right to obtain confirmation of whether we process your personal data and, where we do, access to the personal data and information about the processing
• Right to Rectification: You have the right to have inaccurate personal data rectified and incomplete personal data completed
• Right to Erasure (Right to be Forgotten): You have the right to have your personal data erased in certain circumstances
• Right to Restrict Processing: You have the right to restrict the processing of your personal data in certain circumstances
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller
• Right to Object: You have the right to object to the processing of your personal data in certain circumstances
• Rights Related to Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time

HOW TO EXERCISE YOUR RIGHTS

To exercise any of your rights, please contact us using the details provided below. We will respond to your request within one month, though this period may be extended by two further months where necessary, taking into account the complexity and number of requests.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

DATA TRANSFERS

We may transfer your personal data to countries outside the EEA. When we do so, we ensure that appropriate safeguards are in place to protect your personal data, such as:

• Adequacy Decisions: The European Commission has determined that certain countries provide an adequate level of data protection
• Standard Contractual Clauses: We use EU-approved standard contractual clauses
• Certification Schemes: Where applicable, we rely on approved certification schemes
• Binding Corporate Rules: For transfers within our corporate group

DATA BREACHES

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (unless the breach is unlikely to result in a risk to individuals' rights and freedoms)
• Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
• Document all breaches, including the facts, effects, and remedial action taken

DATA PROTECTION OFFICER

We have appointed a Data Protection Officer (DPO) to oversee compliance with GDPR. You can contact our DPO at:

Email: support@workadabra.com

The DPO is responsible for:

• Informing and advising us on our data protection obligations
• Monitoring our compliance with GDPR and internal data protection policies
• Providing advice on data protection impact assessments
• Acting as a contact point for supervisory authorities and individuals

SUPERVISORY AUTHORITY

You have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes GDPR. You can find the contact details of your local supervisory authority here.

UPDATES TO THIS STATEMENT

We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated statement on our website and updating the "Last updated" date.

CONTACT US

If you have any questions about this GDPR Compliance Statement or our data protection practices, please contact us:

General Inquiries: support@workadabra.com

We will respond to your inquiry within 30 days.

ADDITIONAL RESOURCES

For more information about GDPR and your rights, you can visit:

• European Commission - Data Protection
• European Data Protection Board
• GDPR.eu