GDPR Rights - Sustalium

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018, across the European Union (EU) and European Economic Area (EEA). It gives individuals greater control over their personal data and harmonizes data protection laws across Europe.

At Sustalium B.V. i.o., we are committed to protecting your personal data and respecting your privacy rights under GDPR. This page explains your rights and how you can exercise them.

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

1. Right to Be Informed

You have the right to be informed about how we collect, use, and process your personal data. We provide this information through our Privacy Policy and Terms and Conditions.

2. Right of Access

You have the right to request access to your personal data. This means you can ask us for:

Confirmation that we are processing your personal data
A copy of the personal data we hold about you
Information about how we use your personal data

We will provide this information in a commonly used electronic format (such as CSV or JSON) within 30 days of your request.

3. Right to Rectification

You have the right to have inaccurate or incomplete personal data corrected. If you notice any errors in your personal information, you can:

Update your account information directly in your account settings
Contact us to request corrections

We will make the corrections within 30 days and notify any third parties with whom we have shared your data (if applicable).

4. Right to Erasure ("Right to be Forgotten")

You have the right to request that we delete your personal data in certain circumstances, including when:

The data is no longer necessary for the purpose it was collected
You withdraw your consent (where consent was the legal basis)
You object to the processing and there are no overriding legitimate grounds
The data has been unlawfully processed
The data must be erased to comply with a legal obligation

Note: We may not be able to delete your data if we have a legal obligation to retain it (e.g., financial records for tax purposes, which we must keep for 7 years).

5. Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data in certain situations, such as when:

You contest the accuracy of the data (during the verification period)
The processing is unlawful but you don't want the data erased
We no longer need the data but you need it for legal claims
You have objected to processing (pending verification of whether our legitimate grounds override yours)

When processing is restricted, we can still store your data but cannot use it without your consent (except for legal claims or protection of others' rights).

6. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format (such as CSV or JSON). You can also request that we transfer your data directly to another service provider where technically feasible.

This right applies when:

The processing is based on your consent or a contract
The processing is carried out by automated means

7. Right to Object

You have the right to object to processing of your personal data when:

Processing is based on legitimate interests or the performance of a task in the public interest
Processing is for direct marketing purposes
Processing is for scientific, historical research, or statistical purposes

Direct Marketing: You have an absolute right to stop your data being used for direct marketing. You can unsubscribe from marketing emails at any time using the unsubscribe link in our emails.

8. Rights Related to Automated Decision Making and Profiling

You have the right not to be subject to decisions based solely on automated processing (including profiling) that produce legal effects or similarly significantly affect you.

Note: We do not currently use automated decision-making or profiling that produces legal effects or similarly significantly affects you. If this changes in the future, we will inform you and provide information about your rights.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer:

Data Protection Officer

Email: dpo@sustalium.com

Address:
Sustalium B.V. i.o.
Winkelstede 60
2543BR, Den Haag
The Netherlands

What to Include in Your Request

When contacting us to exercise your rights, please include:

Your full name and email address associated with your account
A clear description of which right(s) you wish to exercise
Any specific information or context that will help us process your request (e.g., specific data categories, time periods)
Proof of identity (we may need to verify your identity to protect your data from unauthorized access)

Response Time

We will respond to your request within 30 days of receiving it. In complex cases, we may extend this period by an additional two months, but we will inform you within the first 30 days if an extension is necessary and explain the reason.

No Fee

We will not charge a fee for processing your request unless it is clearly unfounded, excessive, or repetitive. In such cases, we may charge a reasonable administrative fee or refuse to act on the request.

Right to Lodge a Complaint

If you believe that we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

For the Netherlands:

Autoriteit Persoonsgegevens (Dutch DPA)

Website: autoriteitpersoonsgegevens.nl

Phone: +31 (0)88 1805 250

You can also contact the data protection authority in your own EU country. A list of EU data protection authorities is available at: edpb.europa.eu

Data Processing Details

For detailed information about how we process your personal data, including the legal basis for processing, data retention periods, and third-party sub-processors, please refer to:

Privacy Policy - For general website visitors and marketing contacts
Terms and Conditions (including DPA) - For platform users and customer data processing
Cookie Policy - For information about cookies and tracking technologies

Updates to This Page

We may update this GDPR rights information from time to time to reflect changes in the law or our practices. Any updates will be posted on this page with a revised "Last Updated" date.

Questions?

If you have any questions about your GDPR rights or how to exercise them, please don't hesitate to contact our Data Protection Officer at dpo@sustalium.com.

Your GDPR Rights