GDPR Compliance

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union, regardless of where the organization is located.

GDPR establishes strict requirements for how personal data must be collected, processed, stored, and protected, and grants individuals significant rights over their personal data.

2. Our Role Under GDPR

2.1 As a Data Controller

When you create an account, visit our website, or interact with our services directly, RiskHunter acts as a Data Controller. This means we determine the purposes and means of processing your personal data.

2.2 As a Data Processor

When our customers use our API to verify their users' data, RiskHunter acts as a Data Processor. In this capacity, we process personal data on behalf of and under the instructions of our customers (the Data Controllers).

3. Legal Bases for Processing

Under GDPR, we must have a valid legal basis to process personal data. We rely on the following legal bases:

4. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

5. How to Exercise Your Rights

To exercise any of your GDPR rights, you can:

• Email us at gdpr@riskhunter.es
• Use the data management tools in your account dashboard
• Submit a request through our contact form

We will respond to your request within 30 days. In complex cases, we may extend this period by up to 60 additional days, but we will notify you of any extension.

6. Data Protection Measures

We implement comprehensive technical and organizational measures to protect personal data:

7. International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

• Adequacy Decisions: We transfer data to countries deemed adequate by the European Commission
• Standard Contractual Clauses: We use EU-approved SCCs with our data processors
• Supplementary Measures: Additional technical and organizational safeguards where required

8. Data Processing Agreement

For customers who use our API services, we offer a Data Processing Agreement (DPA) that complies with Article 28 of the GDPR. Our DPA includes:

• Subject matter and duration of processing
• Nature and purpose of processing
• Types of personal data processed
• Categories of data subjects
• Rights and obligations of the controller
• Sub-processor requirements
• Security obligations
• Data deletion and return provisions

To request a DPA, please contact us at gdpr@riskhunter.es.

9. Data Breach Notification

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach (where required)
• Notify affected data subjects without undue delay if the breach is likely to result in high risk to their rights and freedoms
• Document all breaches, including facts, effects, and remedial actions taken
• Notify our customers (Data Controllers) promptly when we detect a breach affecting their data

10. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our GDPR compliance. You can contact our DPO at:

11. Supervisory Authority

If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with your local supervisory authority. In Spain, the supervisory authority is:

12. Contact Us

For any questions or concerns about our GDPR compliance, please contact us: