GDPR Compliance

Last updated: January 15, 2025

At SnapSpend, we are committed to protecting your personal data and complying with the EU General Data Protection Regulation (GDPR). This page explains how we adhere to GDPR principles and outlines your rights as a data subject.

1. Our Commitment to GDPR Compliance

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the EU that came into effect on May 25, 2018. It gives individuals greater control over their personal data and requires organizations to be transparent about data collection and use.

SnapSpend is fully committed to adhering to the requirements of the GDPR. We have implemented technical and organizational measures to protect your data and ensure that our data processing activities comply with GDPR principles.

2. Data Controller Information

For the purposes of the GDPR, SnapSpend is the data controller for personal data collected through our application and website. This means we determine the purposes and means of processing your personal data.

Our contact details are:

SnapSpend
123 Tech Street, Suite 456
San Francisco, CA 94107, USA
Email: dpo@snapspend.net
Phone: +40 768 002 803

3. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this GDPR compliance statement and our data protection practices. If you have any questions about this statement, including any requests to exercise your legal rights, please contact our DPO at dpo@snapspend.net.

4. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request a copy of your personal data that we hold, as well as information about how we process it.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (Right to be Forgotten)

You have the right to request the deletion or removal of your personal data where there is no compelling reason for its continued processing.

Right to Restrict Processing

You have the right to request that we restrict or block the processing of your personal data in certain circumstances.

Right to Data Portability

You have the right to request a copy of your personal data in a structured, commonly used, machine-readable format for your own purposes.

Right to Object

You have the right to object to our processing of your personal data in certain circumstances, including for direct marketing purposes or where processing is based on legitimate interests.

Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.

5. How to Exercise Your Rights

You can exercise your rights in the following ways:

5.1 Within the App

Many of your rights can be exercised directly within the SnapSpend app:

Access and Data Portability: In the app, go to Profile → User Account Settings → Export My Data
Rectification: You can update your personal details in the Profile section
Erasure: To delete your account and associated data, go to Profile → User Account Settings → Delete Account
Object/Restrict Processing: Modify your privacy preferences in Profile → Privacy Settings

5.2 By Contacting Us

You can also exercise your rights by contacting our Data Protection Officer at dpo@snapspend.net. Please include:

Your full name
Your email address associated with your SnapSpend account
A clear description of which right(s) you want to exercise
Any relevant details to help us process your request

6. Our Response Timeline

We will respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

There is no fee for most requests, but we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

7. International Data Transfers

As our services operate globally, your personal data may be transferred to, and processed in, countries outside of the European Economic Area (EEA). These countries may have data protection laws different from those in your country.

We ensure that such transfers are conducted in accordance with applicable data protection laws. We have implemented safeguards such as Standard Contractual Clauses approved by the European Commission to ensure your personal data receives an adequate level of protection.

8. Data Breach Procedures

We have put in place procedures to deal with any suspected personal data breach. We will notify you and any applicable supervisory authority of a breach when we are legally required to do so.

9. Complaints

If you are not satisfied with our response to your request or believe our processing of your personal data does not comply with data protection law, you have the right to lodge a complaint with the supervisory authority responsible for data protection in your country of residence.

In the EU, you can find your national data protection authority on the European Data Protection Board website.

We would, however, appreciate the chance to address your concerns before you approach the authority, so please contact us in the first instance.

10. Changes to This GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this page. We encourage you to review this statement periodically to stay informed about how we are protecting your personal data.

This GDPR Compliance Statement was last updated on January 15, 2025.