At CrossClassify, we are committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we process and protect the personal data of individuals in the European Economic Area (EEA).

1. 1.

   Data Controller and Data Processor

   CrossClassify operates both as a data controller and a data processor depending on the context of data handling. As a controller, we determine the purposes for which and the means by which personal data is processed. As a processor, we act on behalf of our clients, processing their data in accordance with their instructions.

   • •

     Data Controller: When collecting personal data directly from individuals who interact with our website and application.

   • •

     Data Processor: When processing data on behalf of clients using our fraud prevention solution.

   For inquiries about your data, you can contact our Data Protection Officer (DPO) at [contact details of DPO].

2. 2.

   Lawful Basis for Processing

   We only process personal data when we have a lawful basis to do so. This may include:

   • •

     Consent: When users voluntarily provide personal data through our platform.

   • •

     Contractual Necessity: When processing is required to fulfill contractual obligations with our clients.

   • •

     Legitimate Interest: When processing data is necessary for our legitimate business purposes, such as improving fraud detection and enhancing platform security.

   • •

     Legal Obligation: When processing is necessary to comply with legal obligations.

3. 3.

   Personal Data We Collect

   At CrossClassify, we are committed to protecting your personal data and ensuring transparency in how we collect and use it. Below is a list of the types of personal data we collect, in line with GDPR requirements:

   • •

     Personal Identification Information: This includes name, email address, phone number, and other contact details.

   • •

     Account Information: Information related to your account setup and usage, such as usernames, passwords, and account preferences.

   • •

     Financial Data: Payment information, transaction history, and details needed to process financial transactions (e.g., credit card numbers, billing information).

   • •

     Behavioral Data: Data collected through user interactions with our platform, including login history, session durations, and clickstream data.

   • •

     Device Information: Device identifiers, IP addresses, browser type, operating system, and geolocation data used to monitor access patterns and detect potential fraudulent behavior.

   • •

     Usage Data: Information about how users navigate and interact with our platform, such as the pages visited, features used, and actions taken (e.g., purchases, settings changes).

   • •

     Cookies and Tracking Technologies: Information collected through cookies and other tracking technologies to personalize your experience and improve platform functionality. You can learn more in our Cookie Policy.

   • •

     Third-Party Data: We may receive personal data from third-party services or partners, such as customer data shared by clients using our fraud detection solutions.

4. 4.

   Your Rights Under GDPR

   As an individual in the EEA, you have the following rights regarding your personal data:

   • •

     Right of Access: You can request a copy of the personal data we hold about you.

   • •

     Right to Rectification: You have the right to correct inaccurate or incomplete data.

   • •

     Right to Erasure ('Right to be Forgotten'): You can request the deletion of your personal data under certain conditions.

   • •

     Right to Restrict Processing: You can request a restriction on the processing of your data.

   • •

     Right to Data Portability: You can request that we transfer your data to another service provider.

   • •

     Right to Object: You have the right to object to data processing based on legitimate interest.

   • •

     Right to Withdraw Consent: If processing is based on your consent, you can withdraw your consent at any time.

   To exercise any of these rights, please contact us at [insert contact details].

5. 5.

   Data Retention

   We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with our Data Retention Policy. Once data is no longer needed, it is securely deleted or anonymized. Users may also request data deletion at any time, and we will respond promptly unless there are legal reasons to retain the information.

6. 6.

   Data Sharing

   We do not share your personal data with third parties except in the following cases:

   • •

     With our service providers to deliver our services (e.g., hosting, customer support).

   • •

     To comply with legal obligations or government requests.

   • •

     With partners when required for the delivery of specific services, such as fraud detection support.

   We ensure that any third-party partners are GDPR-compliant and that appropriate safeguards are in place.

7. 7.

   International Data Transfers

   If your personal data is transferred outside of the EEA, we ensure that the destination country has adequate data protection measures in place. We may rely on Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or other mechanisms recognized by the GDPR to ensure the safety of your data.

8. 8.

   Data Security

   We implement robust security measures, including encryption, access control, and regular audits, to protect your personal data from unauthorized access, alteration, or loss. More details can be found in our Security Policy.

9. 9.

   Complaints

   If you believe your data rights have been violated, you have the right to lodge a complaint with a supervisory authority, particularly in the EU country where you reside. Alternatively, you can reach out to our Data Protection Officer at [DPO contact information].