GDPR COMPLIANCE STATEMENT

Last revised: 10 July 2025

1 · Data Controllers

2 · Lawful Bases for Processing (Art. 6)

We rely on the following lawful bases when processing personal data:

• Contract – to provide and manage the services you purchase (Art. 6 1(b)).
• Legal Obligation – to meet tax, accounting, and anti-fraud obligations (Art. 6 1(c)).
• Legitimate Interests – to improve our platform, ensure security, and prevent abuse (Art. 6 1(f)). We perform legitimate-interest assessments to ensure your rights are not overridden.
• Consent – for e-marketing, analytics, and non-essential cookies (Art. 6 1(a)). Consent can be withdrawn at any time.

3 · Your GDPR Rights (Art. 12-23)

You may exercise the following rights, free of charge:

1. Right of Access — obtain a copy of your data (Art. 15).
2. Right to Rectification — correct inaccurate data (Art. 16).
3. Right to Erasure — request deletion (“right to be forgotten”) (Art. 17).
4. Right to Restrict Processing — limit how we use your data (Art. 18).
5. Right to Data Portability — receive data in a structured, machine-readable format (Art. 20).
6. Right to Object — to processing based on legitimate interests or direct marketing (Art. 21).
7. Rights related to Automated Decision-Making (Art. 22).

Submit requests to privacy@views4you.com. We will respond within one month (Art. 12 3).

4 · International Data Transfers (Chap. V)

If data are transferred outside the EEA or UK, we ensure adequate protection via:

• Standard Contractual Clauses (SCCs) approved by the European Commission;
• UK International Data Transfer Addendum (IDTA);
• Supplementary technical safeguards (encryption at rest, zero-trust ACL).

5 · Data Retention (Art. 5 1(e))

Personal data are retained only as long as necessary for the purposes collected or as required by law. Key retention periods:

• Orders & invoices: 6 years (tax).
• Account identity & contact: active account + 2 years.
• Back-ups after deletion: 30-90 days.

6 · Security Measures (Art. 32)

We employ industry-standard controls:

• TLS 1.3 encryption in transit
• AES-256 encryption at rest
• Intrusion Detection/Prevention (IDS/IPS) & Web Application Firewall (WAF)
• Role-based access control (least privilege)
• Annual penetration testing & vulnerability management

7 · Lodging a Complaint

If you believe we have infringed your data-protection rights, you may lodge a complaint with your local supervisory authority:

• EU residents: Any EU/EEA Data Protection Authority (DPA) – see EDPB list.
• UK residents: Information Commissioner’s Office (ICO).

8 · Contact Us

For GDPR queries, reach out to our Data Protection Officer:

E-mail: dpo-eu@views4you.com
Postal: DPO, Extlikes UK Marketing Limited, Technique Building, 140 Goswell Road, London EC1V 7DY, United Kingdom

We are committed to continually reviewing and improving our privacy practices to maintain compliance with GDPR and other applicable laws.