GDPR Compliance
Last updated: August 5, 2025
Our Commitment to GDPR
As an EU-based company (BEJEWEAR OÜ, Estonia), EdenRank is fully committed to complying with the General Data Protection Regulation (GDPR). We believe in transparent data practices and protecting our users' privacy rights.
Your Rights Under GDPR
As a data subject, you have the following rights:
Right to Information
You have the right to be informed about how your personal data is being used. This information is provided in our Privacy Policy.
Right of Access
You have the right to access your personal data and supplementary information. You can request a copy of your data at any time.
Right to Rectification
You have the right to have inaccurate personal data corrected, or incomplete personal data completed.
Right to Erasure
You have the right to have your personal data erased (the "right to be forgotten") in certain circumstances.
Right to Restrict Processing
You have the right to restrict the processing of your personal data in certain circumstances.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to Object
You have the right to object to processing of your personal data in certain circumstances.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact us using the following methods:
Contact Information
Email: info@edenrank.com
Subject Line: GDPR Request - [Type of Request]
Company: BEJEWEAR OÜ
Location: Estonia
Required Information
When making a request, please include:
- Your full name and email address associated with your account
- Description of the specific right you wish to exercise
- Any additional information to help us locate your data
- Proof of identity (for security purposes)
Response Time
We will respond to your request within one month of receipt. In complex cases, we may extend this period by up to two additional months, and we will inform you of any such extension.
Legal Basis for Processing
We process your personal data based on the following legal grounds:
| Data Type | Legal Basis | Purpose |
|---|---|---|
| Account Information | Contract Performance | Provide our services |
| Usage Analytics | Legitimate Interest | Improve our platform |
| Marketing Communications | Consent | Send promotional emails |
| Security Logs | Legitimate Interest | Platform security |
Data Protection Officer
While we are not required to appoint a Data Protection Officer (DPO) due to our size and nature of processing, our designated privacy contact is responsible for ensuring GDPR compliance.
Privacy Contact: info@edenrank.com
Subject Line: Privacy/GDPR Inquiry
Data Transfers
As an EU-based company, we primarily process data within the European Union. Any data transfers outside the EU are conducted with appropriate safeguards:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
- Appropriate technical and organizational measures
Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Estonia, this is:
Estonian Data Protection Inspectorate
Website: aki.ee
Email: info@aki.ee
Data Breach Notification
In the event of a data breach that poses a high risk to your rights and freedoms, we will notify you without undue delay. We have procedures in place to:
- Detect and assess data breaches within 72 hours
- Notify the relevant supervisory authority
- Inform affected individuals when required
- Document all breaches and our response
Privacy by Design
We implement privacy by design principles in all our systems and processes:
- Data minimization - we only collect what we need
- Purpose limitation - data is used only for stated purposes
- Storage limitation - data is retained only as long as necessary
- Security measures - technical and organizational safeguards
- Transparency - clear communication about data practices