Back to Home

GDPR Compliance

Effective Date: January 1, 2025
Last Updated: January 1, 2025

Your Data Protection Rights

ANYPROMT is committed to full compliance with the General Data Protection Regulation (GDPR) and other international data protection laws. This page explains your rights and how we protect your personal data. For detailed privacy practices, see our Privacy Policy.

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that came into effect on May 25, 2018. It provides individuals with greater control over their personal data and establishes strict requirements for organizations that process personal data.

Key principles of GDPR:

  • Lawfulness, fairness, and transparency - Data processing must be legal, fair, and transparent
  • Purpose limitation - Data collected for specific purposes only
  • Data minimization - Only collect necessary data
  • Accuracy - Keep data accurate and up-to-date
  • Storage limitation - Keep data only as long as necessary
  • Integrity and confidentiality - Secure data with appropriate measures
  • Accountability - Demonstrate compliance with GDPR

2. How ANYPROMT Complies with GDPR

2.1. Legal Basis for Processing

We process your personal data based on:

  • Contract Performance - To provide AI services you've requested
  • Consent - For optional features like analytics and marketing
  • Legitimate Interest - For service improvement and security
  • Legal Obligation - To comply with laws (e.g., tax records)

2.2. Data Protection Measures

  • End-to-end encryption for data transmission
  • Encrypted data storage in EU-based servers
  • Regular security audits and penetration testing
  • Staff training on data protection
  • Data Protection Officer (DPO) appointed
  • Privacy by Design and by Default principles

2.3. Data Processing Records

We maintain comprehensive records of all data processing activities as required by GDPR Article 30, including:

  • Categories of data processed
  • Purposes of processing
  • Data recipients and transfers
  • Retention periods
  • Security measures implemented

3. Your Rights Under GDPR

3.1. Right to Access (Article 15)

You have the right to request a copy of all personal data we hold about you.

What you'll receive:

  • All personal data we process
  • Processing purposes
  • Categories of data
  • Recipients of data
  • Retention periods
  • Your other GDPR rights

How to request: Email [email protected] with subject "GDPR Access Request"

3.2. Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data.

How to request:

  • Update profile in bot settings (/settings command)
  • Contact support at [email protected] for complex changes

We will correct data within 30 days of your request.

3.3. Right to Erasure / Right to be Forgotten (Article 17)

You have the right to request deletion of your personal data.

How to request:

What happens:

  • Account and personal data deleted within 30 days
  • Some data may be retained for legal compliance (e.g., payment records for 7 years)
  • Anonymized analytics data may be retained

Exceptions: We may refuse deletion if required by law or for legal claims.

3.4. Right to Data Portability (Article 20)

You have the right to receive your data in a structured, commonly used format and transfer it to another service.

What you'll receive:

  • JSON export of all your personal data
  • Usage history and generated content
  • Account settings and preferences

How to request: Email [email protected] with subject "Data Portability Request"

3.5. Right to Restriction of Processing (Article 18)

You have the right to request limitation of data processing in certain circumstances.

When applicable:

  • You contest the accuracy of data
  • Processing is unlawful but you don't want deletion
  • Data is no longer needed but you need it for claims
  • You've objected to processing pending verification

How to request: Email [email protected]

3.6. Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing.

Marketing: Opt-out anytime via bot settings or unsubscribe links

Other processing: Email [email protected] with your objection

3.7. Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time.

How to withdraw:

Withdrawal doesn't affect the lawfulness of processing before withdrawal.

3.8. Right to Lodge a Complaint (Article 77)

You have the right to file a complaint with your local data protection authority if you believe we've violated GDPR.

Before filing a complaint: We encourage you to contact us first at [email protected] so we can address your concerns.

EU Data Protection Authorities: Find your authority

4. International Data Transfers

We transfer personal data outside the EU/EEA to third-party AI providers. We ensure adequate protection through:

4.1. Standard Contractual Clauses (SCCs)

We use EU-approved Standard Contractual Clauses with all non-EU/EEA data processors, including:

  • OpenAI (United States) - ChatGPT, DALL-E
  • Anthropic (United States) - Claude
  • Other AI providers as applicable

4.2. Adequacy Decisions

We may transfer data to countries with EU adequacy decisions (e.g., UK, Switzerland, Japan).

4.3. Additional Safeguards

  • Encryption in transit and at rest
  • Regular data protection impact assessments
  • Contractual obligations for data processors
  • Monitoring of third-party compliance

5. Data Protection Impact Assessments (DPIA)

We conduct Data Protection Impact Assessments for processing activities that pose high risks to your rights and freedoms, including:

  • AI-powered content generation
  • Large-scale data processing
  • Automated decision-making
  • New technologies or services

DPIAs help us identify and minimize privacy risks before processing begins.

6. Data Breach Procedures

In case of a personal data breach, we will:

  • Within 72 hours: Notify the relevant supervisory authority
  • Without undue delay: Notify affected individuals if high risk to rights
  • Document: All breaches, effects, and remedial actions
  • Investigate: Root causes and prevent recurrence

Notifications will include nature of breach, likely consequences, and measures taken.

7. How to Exercise Your Rights

To exercise any of your GDPR rights, you can contact us through:

Data Protection Officer

[email protected]
Subject line: "GDPR Request - [Type of Request]"

Response Time

We will respond to your request within 30 days. In complex cases, we may extend this by 60 days and will inform you of the extension.

Verification

To protect your privacy, we may ask for proof of identity before processing requests.

Free of Charge

Exercising your GDPR rights is free. We may charge a reasonable fee for excessive or repetitive requests.

8. Updates to This Page

We may update this GDPR compliance page to reflect changes in:

  • GDPR interpretations and guidance
  • Our data processing practices
  • New rights or obligations

Significant changes will be communicated via Telegram bot notification or email.

Your Privacy Rights Matter

We are committed to protecting your data and respecting your rights under GDPR. If you have questions about your rights or our GDPR compliance, please contact our Data Protection Officer at [email protected]