GDPR Compliance

Last updated: November 26, 2025

General Data Protection Regulation (GDPR) Compliance

Felicrea is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). This page outlines how we handle your data and your rights under GDPR.

1. Data Controller

Company Name: Felicrea
Email: contact@felicrea.com
DPO Contact: dpo@felicrea.com

2. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Consent: When you explicitly agree to our processing of your data (e.g., contact forms)
  • Contractual Necessity: When processing is necessary to fulfill our contractual obligations
  • Legitimate Interests: When we have a legitimate business interest that doesn't override your rights
  • Legal Obligation: When we must process data to comply with legal requirements

3. Data We Collect

When you interact with our website or services, we may collect:

  • Contact information (name, email, company name)
  • Communication preferences
  • Technical data (IP address, browser type, device information)
  • Usage data (pages visited, time spent on site)

4. How We Use Your Data

We use your personal data to:

  • Respond to your inquiries and provide requested information
  • Deliver our services and fulfill contractual obligations
  • Improve our website and services
  • Send relevant business communications (with your consent)
  • Comply with legal and regulatory requirements

5. Your GDPR Rights

Under GDPR, you have the following rights:

  • Right to Access: Request access to your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data (“right to be forgotten”)
  • Right to Restriction: Request limitation of processing your data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
  • Right to Lodge a Complaint: File a complaint with your local data protection authority

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, it is securely deleted or anonymized.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. This includes:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures

8. Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)

9. Third-Party Processors

We may engage third-party service providers to process data on our behalf. All processors are carefully selected and bound by data processing agreements that ensure GDPR compliance.

10. Cookies and Tracking

Our website uses minimal cookies necessary for functionality. We do not use tracking or advertising cookies. For more information, see our Privacy Policy.

11. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

12. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly.

13. Updates to This Policy

We may update this GDPR compliance page from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email.

14. Contact Us

To exercise your GDPR rights or for any questions about data protection:

  • Email: dpo@felicrea.com
  • General Contact: contact@felicrea.com

We will respond to all requests within one month, as required by GDPR.

15. Supervisory Authority

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority.