GDPR COMPLIANCE
Our commitment to data protection
PERFRIG.COM is committed to protecting the privacy and personal data of users in the European Economic Area (EEA), United Kingdom, and Switzerland. This page explains how we comply with the General Data Protection Regulation (GDPR) and your rights under EU data protection law.
For our complete privacy practices, see our Privacy Policy.
Who this applies to
This GDPR compliance information applies to individuals located in:
- European Economic Area (EEA) member states
- United Kingdom
- Switzerland
- Any other jurisdiction where GDPR or equivalent data protection laws apply
Legal basis for processing
We process your personal data under the following legal bases:
Consent
Cookies, marketing communications
Legitimate interests
Security, analytics, improvement
Legal obligations
Legal requests, compliance
Contractual necessity
Services you requested
Consent
We obtain your explicit consent before placing non-essential cookies (analytics, advertising, marketing), sending marketing communications, and processing data for purposes beyond essential site operations. You can withdraw consent at any time through our cookie settings or by contacting us.
Legitimate interests
We process certain data based on legitimate interests: site security and fraud prevention, improving user experience and content, operating our business and providing services, and analyzing site performance. We’ve balanced these interests against your rights and freedoms. You can object to processing based on legitimate interests.
Legal obligations
We process data to comply with legal requirements and regulations, valid legal requests from authorities, and tax and accounting obligations.
Contractual necessity
We process data necessary to provide services you’ve requested, respond to your inquiries, and deliver content and functionality.
What data we collect
Information you provide
Contact inquiries: Name, email address, message content. Submitted voluntarily through contact forms.
Newsletter subscriptions (if implemented): Email address, subscription preferences. Provided with explicit consent.
Information collected automatically
Analytics data: Pages visited, time spent, device type, browser version, geographic location (country/region level), referral sources.
Cookies and tracking: Essential cookies (site functionality), analytics cookies (with consent), advertising cookies (with consent). See our Cookie Policy for details.
What we don’t collect
- Government ID numbers
- Financial information
- Sensitive personal data (health, religion, political views)
- Data from children under 16
Your GDPR rights
Under GDPR, you have the following rights:
Right to access
What it means: You can request a copy of all personal data we hold about you.
How to exercise: Email [email protected] with subject “GDPR Access Request”
Response time: 30 days
Right to rectification
What it means: You can request correction of inaccurate or incomplete data.
How to exercise: Contact us with corrections at [email protected]
Response time: 30 days
Right to erasure
What it means: You can request deletion of your personal data.
How to exercise: Email [email protected] with subject “GDPR Deletion Request”
Response time: 30 days
Right to restriction
What it means: You can request we limit how we use your data.
How to exercise: Contact [email protected]
Right to data portability
What it means: You can receive your data in machine-readable format.
Format options: JSON, CSV, XML
How to exercise: Email [email protected] with subject “Data Portability Request”
Right to object
What it means: You can object to processing based on legitimate interests or direct marketing.
How to exercise: Contact [email protected]
Making a request: Email [email protected] with a clear description of your request, which right you’re exercising, your email address, and any relevant account information. We may request additional information to verify your identity. Exercising your GDPR rights is free. We respond within 30 days.
Data security
Technical measures
- HTTPS encryption for all data transmission
- Secure server infrastructure (AWS/Cloudflare)
- Regular security updates and patches
- Access controls and authentication
Administrative measures
- Privacy training for team members
- Data minimization (collect only what’s needed)
- Regular privacy reviews
- Vendor security assessments
Breach notification
If a data breach affects your rights and freedoms, we’ll notify you within 72 hours, inform relevant supervisory authorities, and explain the breach and remediation steps.
International data transfers
Your data may be processed in European Union (primary), United States (analytics, advertising), and other locations where service providers operate.
When transferring data outside the EEA, we ensure protection through Standard Contractual Clauses (SCCs) and adequacy decisions. We obtain explicit consent for transfers when required.
Data retention
| Data type | Retention period |
|---|---|
| Analytics data | 26 months, then automatically deleted |
| Contact inquiries | Stored until resolved, then deleted within 90 days |
| Newsletter subscriptions | Until you unsubscribe, deleted within 30 days |
| Server logs | Retained for 30 days for security, then automatically deleted |
Children’s privacy
PERFRIG is not intended for children under 16 (GDPR minimum age). We do not knowingly collect data from children under 16, target children with content or advertising, or process children’s data without parental consent. If we discover we’ve collected data from a child under 16, we delete it immediately.
Cookies and tracking
We obtain consent before placing non-essential cookies. Essential cookies (strictly necessary) require no consent. Non-essential cookies (analytics, advertising, marketing) require consent before placement, managed through our cookie consent banner. You can change preferences anytime or delete existing cookies through browser settings.
Supervisory authority
If you believe we’ve violated GDPR, you can lodge a complaint with your local Data Protection Authority. We encourage you to contact us first at [email protected] so we can address your concerns directly. We cooperate fully with supervisory authorities and comply with their decisions.
Contact our Data Protection Team
Response time: 30 days for rights requests, 5 business days for general questions
Our GDPR Promise
Transparency
User control
Data minimization
Security
Accountability
Your privacy rights matter. We take GDPR compliance seriously.