Ratelivo is committed to protecting your personal data and privacy rights. As a company based in the Netherlands, we adhere to the European Union’s General Data Protection Regulation (GDPR) and all applicable data protection laws. This GDPR Policy explains the rights you have as a “data subject” (an identifiable individual) and how you can exercise those rights. It also outlines Ratelivo’s practices to ensure compliance with GDPR and maintain the security and fairness of our platform.

Our commitment to GDPR compliance: We only collect and use personal information for legitimate purposes and with a valid legal basis. We implement appropriate technical and organizational measures to safeguard personal data (such as encryption, access controls, and regular security audits) and follow principles of data minimization and transparency. We do not sell personal data to third parties. All processing of user information is documented and performed in accordance with GDPR requirements and with respect for your rights and freedoms. For a full overview of how we handle personal data (including what data we collect and why), please refer to our Privacy Policy.

Below, we detail your key GDPR rights and how Ratelivo honors them. If you have an account on Ratelivo or have used our services, these are the rights you can invoke regarding your personal data.

Under the GDPR, you have the following rights with regard to your personal data held or processed by Ratelivo:

You have the right to obtain confirmation of whether we are processing your personal data, and if so, the right to access that data and to receive information about how we use it. In practice, this means you can request a copy of the personal information we have about you, as well as relevant details such as the purposes of processing and the categories of data involved.

You have the right to have inaccurate personal data corrected and to have incomplete data completed. If any of your information on Ratelivo (for example, your account details) is incorrect or outdated, you can contact us to update it. We strive to keep all personal data accurate and up-to-date.

You have the right to request the deletion of your personal data in certain circumstances. This right applies, for example, if the data we hold is no longer necessary for the purposes it was collected, if you withdraw consent (where applicable) and we have no other legal basis to continue processing, or if you object to processing and we have no overriding legitimate grounds. Please note that this right is not absolute – sometimes we may need to retain certain information if required by law or for legal claims, but we will inform you if that is the case.

You have the right to restrict the processing of your personal data under specific conditions. This means that you can ask us to temporarily limit how we use your data, for example, while we are verifying the accuracy of your data or assessing an objection you have raised to our processing. When processing is restricted, we will still store your data but not use it for the time being (except as allowed by law, such as to protect rights or comply with legal obligations).

You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller. In plain terms, you can ask us for a copy of the data you gave us (for example, information you provided in your profile or through using our services) in a format like CSV or JSON, so that you can easily transfer it to another service. Where technically feasible, you can also request that we send this data directly to another company, if you want to use it elsewhere.

You have the right to object to the processing of your personal data in certain situations. Notably, you can object at any time to processing of your data for direct marketing purposes, and we will honor that – meaning we will stop using your data for marketing. You can also object when we are processing your data based on legitimate interests (or performing a task in the public interest), and your situation leads you to object – in such cases we will review your objection and stop or adjust processing unless we have compelling legitimate grounds to continue. If you object to marketing, we will cease marketing use immediately; if you object on other grounds, we will evaluate your request in line with GDPR.

If we are processing any of your personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted based on consent before its withdrawal. For example, if you consented to receive our newsletter or to have your data used in a certain optional feature, you can change your mind and opt out later. Once you withdraw consent, we will stop the processing that was based on consent. (Note: Ratelivo mainly relies on contractual necessity and legitimate interest for most processing, but consent may apply for certain communications or optional services.)

No Automated Decision-Making Without Human Review: Although not specifically listed in the user’s question, we also note that under GDPR you have rights related to automated decision-making and profiling. Ratelivo does not make any legally significant decisions about individuals solely by automated means without human involvement. We do not profile users in a way that produces legal effects or similarly significant effects without giving an opportunity for human review.

We take your privacy rights seriously. Exercising any of the above rights is free of charge and can be done by contacting us through the channels listed below. To help protect your security, we may need to verify your identity before fulfilling certain requests (for example, by asking you to confirm information associated with your account or to provide identification). This ensures that we do not disclose personal data to the wrong person or make incorrect changes at someone else’s request.

To submit a request or inquiry regarding your GDPR rights, please reach out to us via any of these methods:

Once we receive your request, our data protection team will promptly evaluate it. We will respond to your request within one month of receiving it, in accordance with GDPR mandates. If your request is complex or if you have made multiple requests, we may extend the response deadline by up to an additional two months; if so, we will inform you of the extension and the reasons behind it. Our response will include information on the actions taken or any information you asked for, or in rare cases why we cannot fulfill the request (with legal justification for any refusal).

If you request correction or deletion of your data and we have shared that data with third-party service providers (processors), we will communicate the necessary changes to them as required by law. Likewise, if you ask, we will inform you about which third parties may have received your data (for example, payment processors, etc., as applicable).

Data Protection Contact: For any questions about this GDPR Policy or any privacy concerns, you can contact our Data Protection Officer (DPO) at privacy@ratelivo.com. Our DPO (or privacy team) is responsible for overseeing Ratelivo’s compliance with data protection laws and will be happy to address your inquiries or issues. You may also write to us at our Netherlands office address provided above (attn: Data Protection Officer).

Supervisory Authority: In the event you believe Ratelivo is processing your personal data in violation of GDPR and we have not adequately addressed your concerns, you have the right to lodge a complaint with a data protection supervisory authority. You may do so in the EU country where you reside, where you work, or where the alleged infringement occurred. As Ratelivo is established in the Netherlands, our lead supervisory authority is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens). You can contact the Autoriteit Persoonsgegevens directly via their website or written address to report a concern. We encourage you to contact us first with any complaints, and we will do our best to resolve them amicably and swiftly. However, this does not affect your right to approach the authorities.

Our GDPR Compliance Practices: Ratelivo maintains up-to-date policies and procedures to ensure ongoing compliance with GDPR. We train our staff on data protection obligations and build privacy-by-design into our platform enhancements. We have implemented measures such as data encryption, access controls, and contractual data protection agreements with our service providers to safeguard user data. In the event of a personal data breach that poses risks to you, we have a legal duty to inform authorities and, in certain cases, to notify affected individuals. Rest assured, we actively monitor and improve our privacy practices. For more details on how we handle personal data (e.g., categories of data, purposes, retention periods, etc.), please refer to our comprehensive Privacy Policy on our website.