GDPR Compliance

Updated November 13, 2024

At Almanack, we are committed to protecting the privacy and rights of our users in accordance with the General Data Protection Regulation (GDPR). This policy outlines how we comply with GDPR requirements and protect the rights of individuals within the European Union (EU) regarding their personal data.

Data Protection Principles

Under GDPR, we adhere to the following principles:

  • Lawfulness, fairness and transparency: We process personal data lawfully, fairly and in a transparent manner.
  • Purpose limitation: We collect personal data only for specified, explicit and legitimate purposes.
  • Data minimization: We ensure that personal data is adequate, relevant and limited to what is necessary.
  • Accuracy: We keep personal data accurate and up to date.
  • Storage limitation: We retain personal data only for as long as necessary.
  • Integrity and confidentiality: We process personal data securely, protecting against unauthorized or unlawful processing and accidental loss.

Your Rights Under GDPR

Under GDPR, you have several rights regarding your personal data. These include:

  • Right to be informed: You have the right to know how your personal data is being used.
  • Right of access: You can request access to your personal data.
  • Right to rectification: You can have inaccurate personal data corrected.
  • Right to erasure: You can request the deletion of your personal data.
  • Right to restrict processing: You can limit how we use your personal data.
  • Right to data portability: You can request your data in a machine-readable format.
  • Right to object: You can object to the processing of your personal data.

International Data Transfers

As a Canadian company with data infrastructure in the U.S. and Canada, we ensure appropriate safeguards when transferring personal data outside the European Economic Area (EEA). We implement Standard Contractual Clauses approved by the European Commission and other appropriate security measures to protect your data.

Data Protection Officer

While not legally required to have a Data Protection Officer, we have appointed a privacy team to oversee our data protection strategy and ensure GDPR compliance. For any GDPR-related inquiries, you can contact us at privacy@almanack.ai.

Data Breach Notification

In the event of a personal data breach, we will notify affected users and relevant supervisory authorities within 72 hours of becoming aware of the breach, where feasible. This notification will include the nature of the breach and recommendations to mitigate potential adverse effects.

Questions and Concerns

If you have any questions about our GDPR compliance or wish to exercise your rights under GDPR, please contact us at privacy@almanack.ai. You also have the right to lodge a complaint with your local data protection authority.