GDPR Compliance

Your data protection rights under the General Data Protection Regulation

Home > GDPR

Our Commitment to GDPR

Silken Roam is fully compliant with GDPR requirements since May 25, 2018. This applies to all EU residents using our services.

Legal Basis for Processing

  • Contract: Service delivery
  • Consent: Marketing communications
  • Legitimate interest: Product improvement
  • Legal obligation: Compliance requirements

Your GDPR Rights

  • Right to Access: Request copy of your data
  • Right to Rectification: Correct inaccurate data
  • Right to Erasure: Request deletion
  • Right to Restrict Processing: Limit how we use data
  • Right to Data Portability: Receive data in machine-readable format
  • Right to Object: Object to certain processing
  • Rights Related to Automated Decision-Making

Submit rights requests to [email protected]

Data Processing

We process identity, contact, usage, and technical data for service delivery, analytics, and communication. Detailed retention schedules and secure deletion procedures are in place.

International Data Transfers

We use Standard Contractual Clauses for transfers. Data is stored in Australia and EU member states with encryption and access controls as safeguards.

Security Measures

Technical measures include encryption, pseudonymization, and access controls. Organizational measures include staff training, data protection policies, and privacy by design. We maintain ISO 27001 and SOC 2 Type II certifications with regular third-party audits.

Data Breach Procedures

We operate 24/7 monitoring systems with notification to supervisory authority within 72 hours. Users are promptly notified if there's high risk.

Data Protection Officer

Contact: [email protected]
Supervisory Authority: Australian Information Commissioner (OAIC)

Sub-Processors

We use AWS (hosting), Google Analytics (analytics), and Stripe (payments) in Australia, EU, and USA. Data Processing Agreements are available upon request.

Filing a Complaint

Contact [email protected] for internal complaints. You have the right to lodge complaints with data protection authorities including the Australian Information Commissioner and EU member state authorities.