GDPR Compliance

Our commitment to protecting your data rights under the General Data Protection Regulation.

Last Updated: December 2024

GDPR Compliant

GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. Oculock is fully committed to complying with GDPR requirements and protecting the privacy rights of all our users, regardless of their location.

Our GDPR Compliance Framework

Lawfulness, Fairness & Transparency

We process personal data lawfully, fairly, and transparently, with clear information about how data is used.

Purpose Limitation

Personal data is collected for specified, explicit, and legitimate purposes and not processed beyond those purposes.

Data Minimization

We collect only the personal data that is adequate, relevant, and limited to what is necessary.

Accuracy

Personal data is kept accurate and up-to-date, with mechanisms for correction and updates.

Storage Limitation

Personal data is kept in a form that permits identification for no longer than necessary.

Integrity & Confidentiality

Personal data is processed securely using appropriate technical and organizational measures.

Legal Basis for Processing

We process personal data under the following legal bases as defined by GDPR:

Consent (Article 6(1)(a))

  • Analytics Data: Usage analytics and performance monitoring (with explicit consent)
  • Marketing Communications: Email newsletters and promotional content (with opt-in consent)
  • Optional Features: Advanced features that require additional data processing

Contract Performance (Article 6(1)(b))

  • Core Services: Password management and vault operations
  • Account Management: User account creation and maintenance
  • Payment Processing: Subscription billing and payment handling
  • Customer Support: Providing technical support and assistance

Legitimate Interest (Article 6(1)(f))

  • Security Monitoring: Detecting and preventing security threats
  • App Improvement: Analyzing usage patterns to enhance functionality
  • Fraud Prevention: Protecting against unauthorized access and misuse
  • Business Operations: Maintaining and improving our services

Legal Obligation (Article 6(1)(c))

  • Tax Compliance: Maintaining financial records for tax purposes
  • Regulatory Requirements: Compliance with applicable laws and regulations
  • Audit Requirements: Maintaining records for audit purposes

Your GDPR Rights

Individual Rights Under GDPR

Right of Access (Article 15)

You have the right to obtain confirmation of whether we process your personal data and access to that data, including information about the purposes, categories, recipients, and retention periods.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed, taking into account the purposes of processing.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary or you withdraw consent.

Right to Restrict Processing (Article 18)

You have the right to request restriction of processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significant effects.

Data Protection Measures

Technical Safeguards

  • Encryption: AES-256 encryption for all sensitive data
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Encrypted connections and secure protocols
  • Data Integrity: Checksums and validation mechanisms

Organizational Safeguards

  • Data Protection Officer: Dedicated DPO for GDPR compliance
  • Staff Training: Regular training on data protection principles
  • Privacy by Design: Privacy considerations integrated into all processes
  • Regular Audits: Ongoing compliance monitoring and assessment

Data Breach Procedures

In accordance with GDPR Article 33, we have established procedures for handling data breaches:

  • Detection: Automated monitoring and manual detection systems
  • Assessment: Immediate risk assessment and impact analysis
  • Notification: Supervisory authority notification within 72 hours
  • User Communication: Individual notification when high risk is identified
  • Documentation: Comprehensive breach documentation and records

Data Processing Records

We maintain detailed records of our data processing activities as required by GDPR Article 30, including:

  • Purposes of processing
  • Categories of personal data and data subjects
  • Categories of recipients
  • Data transfers to third countries
  • Retention periods
  • Security measures

International Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved contractual safeguards
  • Binding Corporate Rules: Internal data protection policies
  • Certification Schemes: Third-party privacy certifications

Exercising Your Rights

To exercise any of your GDPR rights, you can:

  • Email: corporate@oculock.com
  • Data Protection Officer: corporate@oculock.com
  • Contact Form: Use our contact form on the website
  • In-App Settings: Use privacy controls within the app

We will respond to your request within one month of receipt, with the possibility of extension for complex requests.

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not handled your personal data in accordance with GDPR. The relevant supervisory authority depends on your location and the nature of the complaint.

Contact Information

For GDPR-related inquiries:

  • Data Protection Officer: corporate@oculock.com
  • Privacy Team: corporate@oculock.com
  • Address: 123 Security Street, San Francisco, CA 94105