GDPR Compliance

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a European Union regulation that governs how organizations process personal data of EU residents. Monoduty is committed to full compliance with GDPR requirements.

This page outlines how we comply with GDPR and explains your rights as a data subject under this regulation.

1.1 What is Personal Data?

Personal data includes any information that can identify you directly or indirectly, such as:

Name, email address, phone number
IP addresses and device identifiers
Account information and preferences
Usage data and behavioral information

2. Data Controller

Monoduty Inc. acts as the data controller for personal data processed through our services. As a data controller, we determine the purposes and means of processing your personal data.

Data Controller: Monoduty Inc.

Address: İzmir, Turkey

Email: privacy@monoduty.com

Data Protection Officer: dpo@monoduty.com

3. Legal Basis for Processing

We process your personal data based on the following legal bases under GDPR:

3.1 Contract (Article 6(1)(b))

Processing necessary for the performance of our service contract with you, including:

Account creation and management
Service delivery and support
Billing and payment processing

3.2 Legitimate Interest (Article 6(1)(f))

Processing based on our legitimate interests, including:

Service improvement and analytics
Security monitoring and fraud prevention
Marketing communications (with opt-out option)

3.3 Consent (Article 6(1)(a))

Processing based on your explicit consent for:

Non-essential cookies and tracking
Marketing communications where required
Optional data collection for enhanced features

3.4 Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations, such as:

Tax and accounting requirements
Regulatory compliance
Law enforcement requests

4. Your Data Rights

Under GDPR, you have the following rights regarding your personal data:

4.1 Right of Access (Article 15)

You have the right to request a copy of your personal data and information about how we process it.

4.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

4.3 Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, including:

The data is no longer necessary for the original purpose
You withdraw consent (where consent was the legal basis)
The data has been unlawfully processed

4.4 Right to Restrict Processing (Article 18)

You can request limitation of processing in specific situations.

4.5 Right to Data Portability (Article 20)

You can request your data in a portable format to transfer to another service.

4.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

4.7 Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling.

4.8 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@monoduty.com. We will respond within 30 days of receiving your request.

5. Data Processing

5.1 Processing Purposes

We process personal data for the following purposes:

Service Provision: Delivering our alerting and monitoring services
Account Management: Managing user accounts and preferences
Communication: Sending notifications, support responses, and updates
Security: Protecting against fraud and ensuring system security
Analytics: Understanding usage patterns to improve our services
Compliance: Meeting legal and regulatory requirements

5.2 Data Minimization

We adhere to the principle of data minimization by:

Collecting only data necessary for specified purposes
Limiting access to personal data on a need-to-know basis
Regularly reviewing data collection practices

6. International Data Transfers

As a global service, we may transfer your personal data outside the European Economic Area (EEA). We ensure adequate protection through:

6.1 Adequacy Decisions

Transfers to countries with EU adequacy decisions where applicable.

6.2 Standard Contractual Clauses

Use of EU-approved Standard Contractual Clauses (SCCs) for transfers to third countries.

6.3 Additional Safeguards

Technical and organizational measures to protect data
Encryption of data in transit and at rest
Regular assessment of transfer mechanisms

7. Data Retention

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

Data Type	Retention Period	Legal Basis
Account Information	Duration of account + 90 days	Contract performance
Usage Data	2 years	Legitimate interest
Support Communications	3 years	Legitimate interest
Financial Records	7 years	Legal obligation

8. Security Measures

We implement appropriate technical and organizational measures to ensure data security:

8.1 Technical Measures

Encryption of data in transit and at rest
Access controls and authentication
Regular security monitoring and updates
Secure backup and recovery procedures

8.2 Organizational Measures

Staff training on data protection
Regular security assessments and audits
Incident response procedures
Privacy by design principles

9. Data Breaches

In the event of a personal data breach:

9.1 Notification to Supervisory Authority

We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless it's unlikely to result in a risk to rights and freedoms.

9.2 Notification to Data Subjects

If the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay.

9.3 Breach Response

Immediate containment and assessment
Investigation of the breach cause
Implementation of remedial measures
Documentation and lessons learned

10. Cookies and Consent

We use cookies and similar technologies in compliance with GDPR requirements:

10.1 Cookie Categories

Strictly Necessary: Essential for service functionality (no consent required)
Performance: Analytics and performance monitoring (consent required)
Functional: Enhanced features and personalization (consent required)
Marketing: Advertising and tracking (consent required)

10.2 Consent Management

Our cookie consent banner allows you to:

Accept or decline non-essential cookies
Manage cookie preferences
Withdraw consent at any time

11. Children's Data

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16 without parental consent.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete such information promptly.

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:

Data Protection Officer

Email: dpo@monoduty.com

Responsibilities:

Monitoring GDPR compliance
Conducting data protection impact assessments
Serving as contact point for supervisory authorities
Providing guidance on data protection matters

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have violated GDPR. The lead supervisory authority for Monoduty varies based on your location and the nature of the complaint.

13.1 EU Residents

EU residents can contact their local data protection authority. A list of EU data protection authorities is available at EDPB website.

13.2 Complaint Process

Before filing a complaint with a supervisory authority, we encourage you to contact us directly so we can address your concerns.

14. Contact Information

For any GDPR-related questions, requests, or concerns, please contact us:

Privacy Team: privacy@monoduty.com