GDPR Compliance

Last updated: May 8, 2026

1. Our Commitment to GDPR

Feo Digital is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines our approach to GDPR compliance and explains your rights under this regulation.

The GDPR is a comprehensive data protection law that applies to organizations processing personal data of individuals in the European Union (EU) and European Economic Area (EEA). We take our obligations under GDPR seriously and have implemented appropriate measures to ensure compliance.

2. What is Personal Data?

Under GDPR, personal data is any information relating to an identified or identifiable natural person. This includes:

  • Basic Identity Information: Name, email address, phone number
  • Professional Information: Company name, job title, business contact details
  • Online Identifiers: IP addresses, cookie identifiers, device IDs
  • Behavioral Data: Website usage patterns, preferences, interaction history
  • Financial Information: Payment details, billing information

3. Legal Basis for Processing

We process personal data only when we have a valid legal basis. Under GDPR, we rely on the following legal bases:

Consent

You have given clear consent for us to process your personal data for specific purposes (e.g., marketing communications, cookie usage).

Contract Performance

Processing is necessary to fulfill our contractual obligations to you (e.g., delivering digital marketing services).

Legitimate Interests

Processing is necessary for our legitimate business interests (e.g., fraud prevention, network security, business analytics).

Legal Obligation

Processing is necessary to comply with legal or regulatory requirements (e.g., tax laws, financial reporting).

4. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right to Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used electronic format.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure (“Right to be Forgotten”)

You can request that we delete your personal data in certain circumstances, such as when it's no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another controller.

Right to Object

You can object to our processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where we rely on consent as the legal basis for processing, you can withdraw your consent at any time.

Right to Lodge a Complaint

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

5. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at hello@feodigital.comwith the subject line “GDPR Request.”

When submitting a request, please provide:

  • Your full name and contact information
  • A clear description of your request
  • Proof of identity (to prevent unauthorized access)
  • Any relevant account or reference numbers

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension.

6. Data Protection Measures

We implement appropriate technical and organizational measures to protect personal data, including:

Technical Measures

  • Encryption of data in transit and at rest
  • Secure authentication and access controls
  • Regular security updates and patches
  • Firewall and intrusion detection systems
  • Regular security audits and vulnerability assessments

Organizational Measures

  • Staff training on data protection and privacy
  • Confidentiality agreements with employees and contractors
  • Data protection impact assessments for high-risk processing
  • Incident response and breach notification procedures
  • Regular review and update of privacy policies

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

  • Client Data: Duration of the business relationship plus 7 years for legal and tax purposes
  • Marketing Data: Until consent is withdrawn or 2 years of inactivity
  • Website Analytics: 26 months (in line with Google Analytics default)
  • Communication Records: 3 years from last contact

After the retention period expires, we securely delete or anonymize personal data.

8. International Data Transfers

We may transfer personal data to countries outside the EU/EEA. When we do so, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes demonstrating compliance with data protection standards

9. Third-Party Processors

We work with third-party service providers who process personal data on our behalf. These processors include:

  • Cloud hosting providers
  • Email marketing platforms
  • Analytics and advertising platforms (Google, Facebook, etc.)
  • Payment processors
  • Customer relationship management (CRM) systems

We ensure all processors comply with GDPR through data processing agreements that specify their obligations regarding data protection and security.

10. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and recommended actions
  • Document all breaches and our response measures

11. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect or process personal data from children. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

12. Automated Decision-Making and Profiling

We may use automated decision-making and profiling for:

  • Personalizing marketing content and recommendations
  • Analyzing campaign performance and user behavior
  • Fraud detection and prevention

You have the right to object to automated decision-making and request human intervention in decisions that significantly affect you.

13. Updates to GDPR Compliance

We regularly review and update our GDPR compliance measures to ensure we meet evolving legal requirements and best practices. Any significant changes will be communicated through our website and, where appropriate, directly to affected individuals.

14. Contact Information

For questions about our GDPR compliance or to exercise your data protection rights, please contact us:

Feo Digital - Data Protection

Email: hello@feodigital.com

Subject Line: GDPR Request

We aim to respond to all GDPR-related inquiries within one month.

Supervisory Authority

If you are not satisfied with our response to your GDPR request or believe we are not processing your data in accordance with the law, you have the right to lodge a complaint with your local data protection authority.