EU GDPR Compliant Service

GDPR Compliance

How Airwords protects your personal data and ensures compliance with the General Data Protection Regulation

Our Commitment to GDPR Compliance

Airwords is fully committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). We have implemented comprehensive measures to ensure your data is processed lawfully, fairly, and transparently.

πŸ›‘οΈ Your GDPR Rights

Under GDPR, you have enhanced rights regarding your personal data. We make it easy for you to exercise these rights:

πŸ“‹
Right to Be Informed
You have the right to clear information about how we collect and use your personal data. This page and our Privacy Policy provide that transparency.
πŸ‘οΈ
Right of Access
You can request a copy of all personal data we hold about you, including how it's processed and who it's shared with.
✏️
Right to Rectification
You can request correction of any inaccurate or incomplete personal data we hold about you.
πŸ—‘οΈ
Right to Erasure
You can request deletion of your personal data in certain circumstances, including when it's no longer necessary for the original purpose.
⏸️
Right to Restrict Processing
You can request that we limit how we process your personal data in certain circumstances.
πŸ“€
Right to Data Portability
You can request your personal data in a structured, machine-readable format to transfer to another service.
🚫
Right to Object
You can object to processing of your personal data based on legitimate interests or for direct marketing purposes.
πŸ€–
Rights Related to Automated Decision Making
You have rights regarding automated decision-making and profiling that significantly affects you.

πŸ“Š Data Processing Activities

We maintain detailed records of all our data processing activities as required by GDPR Article 30:

Processing Activity Legal Basis Data Categories Retention Period Status
User Account Management Contract Performance Contact details, subscription info Account lifetime + 30 days Compliant
Document Content Analysis Contract Performance Document text, metadata Immediately deleted after processing Compliant
Payment Processing Contract Performance Billing information 7 years (tax compliance) Compliant
Customer Support Legitimate Interest Support communications 3 years Compliant
Service Analytics Legitimate Interest Anonymized usage data 2 years Compliant
Marketing Communications Consent Email address, preferences Until consent withdrawn Compliant

πŸ›οΈ Legal Basis for Processing

We only process your personal data when we have a valid legal basis under GDPR Article 6:

Contract Performance (Article 6(1)(b))

Processing necessary for the performance of our contract with you, including:

  • Providing term analysis services
  • Managing your account and subscription
  • Processing payments
  • Delivering customer support

Legitimate Interests (Article 6(1)(f))

Processing necessary for our legitimate interests, provided your rights don't override these interests:

  • Improving our services and developing new features
  • Preventing fraud and ensuring security
  • Analytics for business intelligence (using anonymized data)
  • Internal administration and record-keeping

Consent (Article 6(1)(a))

When you have given clear, specific consent for processing, including:

  • Marketing communications and newsletters
  • Non-essential cookies and tracking
  • Participation in surveys or feedback programs

Legal Obligation (Article 6(1)(c))

Processing required to comply with legal obligations:

  • Tax and accounting requirements
  • Regulatory compliance
  • Law enforcement requests (where legally required)

πŸ”„ Data Transfers and Safeguards

When we transfer personal data outside the European Economic Area (EEA), we ensure adequate protection through:

Transfer Mechanisms

  • Adequacy Decisions: Transfers to countries with adequacy decisions from the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contractual protections for transfers to third countries
  • Binding Corporate Rules: For intra-group transfers where applicable
  • Certification Programs: Transfers to organizations with approved certifications

Our Data Processors

Google Cloud Platform
Cloud hosting and infrastructure
EU/US (SCCs)
Stripe
Payment processing
EU/US (SCCs)
Intercom
Customer support
EU/US (SCCs)
SendGrid
Email delivery
EU/US (SCCs)

πŸ” Data Protection Impact Assessment (DPIA)

We have conducted comprehensive Data Protection Impact Assessments for our high-risk processing activities:

1
Document Content Analysis DPIA

Assessed risks related to processing user document content for term analysis. Implemented privacy-by-design measures including immediate deletion after processing and encryption throughout the analysis pipeline.

2
International Data Transfers DPIA

Evaluated risks of transferring data to third-country processors. Implemented Standard Contractual Clauses and additional technical safeguards.

3
AI/ML Processing DPIA

Assessed privacy implications of machine learning algorithms used for content analysis. Ensured no automated decision-making affecting individuals.

πŸ“š Additional Resources

For more information about GDPR and your rights:

Questions About GDPR Compliance?

If you have any questions about our GDPR compliance measures or want to exercise your rights, please don't hesitate to contact our Data Protection Officer at dpo@airwords.com or use the form above.

We're committed to transparency and will be happy to provide additional information about our data protection practices.

Legal Disclaimer: This GDPR compliance page is designed to demonstrate our commitment to data protection and provide transparency about our practices. However, GDPR compliance is complex and evolving. This page should be reviewed by qualified legal counsel to ensure it meets your specific regulatory requirements and jurisdiction-specific obligations.