GDPR Compliance
Last Updated: October 20, 2024
Introduction to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union (EU) that came into effect on May 25, 2018. It enhances individuals' privacy rights and puts obligations on organizations that collect or process personal data.
At Daily Tools, we are committed to protecting your personal data and ensuring compliance with the GDPR. This page explains how we align with GDPR principles and outlines your rights as a data subject under the GDPR.
Our Role Under GDPR
Under the GDPR, Daily Tools acts as a:
- Data Controller when we determine the purposes and means of processing personal data that we collect directly from you (such as account information, usage data, and contact details).
- Data Processor in certain instances where we process personal data on behalf of our users who use our tools to process their own data.
GDPR Principles We Follow
We adhere to the following GDPR principles when processing personal data:
Lawfulness, Fairness, and Transparency
We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about how we collect and use your data in our Privacy Policy.
Purpose Limitation
We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.
Data Minimization
We limit our collection of personal data to what is necessary in relation to the purposes for which it is processed.
Accuracy
We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.
Storage Limitation
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected.
Integrity and Confidentiality
We implement appropriate technical and organizational measures to ensure the security of personal data, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.
Accountability
We take responsibility for complying with GDPR principles and can demonstrate this compliance through appropriate documentation and processes.
Lawful Basis for Processing
Under the GDPR, we process personal data based on one or more of the following lawful bases:
Consent
Where you have given clear consent for us to process your personal data for a specific purpose. For example, when you sign up for our newsletter or opt-in to certain cookies.
Contract
Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract. For example, when you create an account to use our services.
Legal Obligation
Where processing is necessary for compliance with a legal obligation. For example, to fulfill tax or reporting requirements.
Legitimate Interests
Where processing is necessary for our legitimate interests or the legitimate interests of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. For example, to prevent fraud or ensure network security.
Advertising and Google AdSense
We use Google AdSense to display advertisements on our website. Under GDPR, the use of cookies for personalized advertising requires explicit consent from EU users. When you visit our website from the European Economic Area, you will be asked to provide consent before personalized ads are shown.
If you choose not to provide consent for personalized advertising, you will still see ads, but they will not be personalized based on your browsing history or interests.
You can change your advertising preferences at any time by:
- Using our Cookie Consent tool available on our website
- Visiting Google Ads Settings
- Using the European Interactive Digital Advertising Alliance's opt-out tool at Your Online Choices
Your Rights Under GDPR
The GDPR provides you with several rights regarding your personal data. These include:
Right to Be Informed
You have the right to be informed about the collection and use of your personal data in a clear, transparent, and easily accessible way.
Right of Access
You have the right to request a copy of your personal data that we hold and information about how we process it.
Right to Rectification
You have the right to have inaccurate personal data rectified or incomplete data completed.
Right to Erasure (Right to be Forgotten)
You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to Restrict Processing
You have the right to request the restriction of processing of your personal data in certain circumstances, such as if you contest the accuracy of the data.
Right to Data Portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
Right to Object
You have the right to object to the processing of your personal data in certain circumstances, such as for direct marketing or processing based on legitimate interests.
Rights Related to Automated Decision Making and Profiling
You have rights related to automated decision making and profiling, including the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.
How to Exercise Your Rights
To exercise any of your rights under the GDPR, please contact us at privacy@dailytools.com. We will respond to your request within one month, and in certain circumstances, we may extend this period by up to two additional months.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or when processing is likely to result in a high risk to your rights and freedoms. These assessments help us identify and minimize data protection risks.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after becoming aware of the breach.
If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly, unless one of the exceptions under the GDPR applies.
Changes to This GDPR Compliance Statement
We may update this GDPR Compliance Statement from time to time to reflect changes in our practices or legal requirements. When we make changes, we will update the "Last Updated" date at the top of this statement and notify you if significant changes are made.