Your privacy rights under the General Data Protection Regulation
WinFactor is committed to protecting your personal data and complying with the General Data Protection Regulation (GDPR). As a company based in the Netherlands, we adhere to the highest standards of data protection.
This page explains your rights under GDPR and how we ensure compliance in our processing of personal data.
You can request a copy of all personal data we hold about you. We will provide this within 30 days.
You can request that we correct any inaccurate personal data we hold about you.
You can request that we delete your personal data, subject to legal retention requirements.
You can request your data in a machine-readable format to transfer to another service.
We process personal data under the following lawful bases:
We have Data Processing Agreements (DPAs) in place with all our sub-processors. These ensure that any third parties who process data on our behalf also comply with GDPR requirements.
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected. When data is no longer needed, it is securely deleted or anonymized.
Our primary data processing occurs within the European Union. When we transfer data outside the EU, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).
We use the following third-party services that may process personal data:
| Service | Purpose | Location |
|---|---|---|
| Convex | Database & Backend | USA (EU SCCs) |
| Vercel | Hosting | EU |
| Stripe | Payment Processing | EU |
| Google Analytics | Analytics | EU |
If you have questions about your rights or wish to exercise them, please contact our Data Protection Officer.
Email: [email protected]
Contact DPO