1. Respect for Privacy
ComplyEncrypt respects the privacy of its users and complies fully with applicable EU data protection laws, including the General Data Protection Regulation (GDPR).
ComplyEncrypt acts as the data controller for all personal data processed under this policy. Contact for privacy matters: info@complyencrypt.com
2. Data Collected
ComplyEncrypt may collect and process the following categories of data:
- Identification and contact details: name, email address, delivery address, country
- Technical information: IP address, browser type, operating system, domain type
- Usage data: pages visited, access times, search engine used, keywords entered
- Transactional data: communications, invoicing, and payment-related information
- Voluntary and verification data: information provided by users for account setup, verification, or support purposes
- Cookies and tracking data: browsing preferences and traffic statistics. Cookies do not store personal identifiers.
3. Purposes of Data Use
Collected data is used for the following purposes:
- Delivering services and managing contractual obligations
- Improving website functionality and personalizing user experience
- Sending notifications and marketing communications (only with prior consent)
- Complying with legal and regulatory obligations
- Preventing fraud, ensuring security, and responding to user inquiries
4. Legal Bases for Processing
ComplyEncrypt processes personal data under the following legal bases:
Legitimate interest: when processing supports operational needs, balanced carefully against user rights and freedoms
Consent: when users voluntarily agree to specific uses (e.g., marketing communications)
Contractual necessity: when data is required to fulfill service agreements or deliver requested services
Legal obligation: when processing is necessary to comply with applicable laws and regulations
5. User Rights
Under EU data protection laws, users have the following rights:
- Right to be informed about how their data is collected and processed
- Right of access to review and verify personal data held by ComplyEncrypt
- Right to rectification of inaccurate or incomplete data
- Right to object to certain types of processing
- Right to erasure (“right to be forgotten”), subject to legal and contractual exceptions
- Right to restrict processing under specific circumstances
- Right to data portability to receive personal data in a structured, machine-readable format
Requests may be submitted via email or postal address. ComplyEncrypt will respond within one month, extendable by two months for complex cases.
6. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes outlined in this policy. Certain data may be retained beyond the termination of services when required for legal, regulatory, or contractual obligations.
7. Data Security
- ComplyEncrypt implements technical and organizational safeguards to protect personal data.
- Employees are bound by confidentiality obligations.
- Despite these measures, ComplyEncrypt is not liable for breaches caused by third parties.
8. User Responsibilities
Users must not violate this policy or applicable laws. Violations may result in civil or criminal penalties, including fines or imprisonment.
9. Data Sharing
Personal data may be shared only under the following circumstances:
- When necessary to perform contractual obligations
- When explicit consent has been provided
- When required by law or justified by legitimate interest
Third parties may share data only with subcontractors or legal authorities, subject to equivalent safeguards.
10. International Transfers
Personal data may be transferred outside the EU only where adequate protection is ensured, such as through EU-approved standard contractual clauses or equivalent safeguards.
11. Direct Marketing
ComplyEncrypt may send direct marketing communications related to similar services. Users may opt out at any time.
12. Children and Legal Capacity
The website is not intended for individuals under the age of 13 or for those lacking legal capacity under applicable law.
13. Complaints
Users may lodge complaints directly with ComplyEncrypt at info@complyencrypt.com. They may also file complaints with the Data Protection Authority in Pakistan or with their local supervisory authority.