Back to home

GDPR Compliance

Last updated: August 2, 2025

PromoLedger is fully compliant with the General Data Protection Regulation (GDPR). We are committed to protecting your personal data and respecting your privacy rights under European law.

Your GDPR Rights

Right to Access

Request a copy of all personal data we hold about you. We'll provide this within 30 days in a commonly used electronic format.

Right to Rectification

Correct any inaccurate or incomplete personal data. You can update most information directly in your dashboard.

Right to Erasure

Request deletion of your personal data. We'll comply unless we have legal obligations to retain certain information.

Right to Data Portability

Receive your data in a structured, machine-readable format or have it transferred directly to another service.

Data Protection Measures

  • End-to-end encryption for sensitive data
  • Regular security audits and penetration testing
  • Data minimization - we only collect what's necessary
  • Privacy by design in all our features
  • Secure data centers located in the European Union
  • Employee training on data protection
  • Data Protection Officer oversight

Lawful Basis for Processing

We process your personal data based on:

  • Contract: To provide our promo pool services
  • Consent: For marketing communications and analytics
  • Legitimate Interest: For service improvements and security
  • Legal Obligation: To comply with applicable laws

International Transfers

Your data is primarily stored in EU data centers. If we transfer data outside the EU, we ensure appropriate safeguards through Standard Contractual Clauses or adequacy decisions.

Data Retention

Active accounts: Data retained while account is active

Closed accounts: Personal data deleted after 30 days

Legal requirements: Some data retained as required by law

Analytics: Anonymized data may be retained longer

Cookie Policy

We use cookies in compliance with GDPR:

  • Essential cookies: Required for platform functionality
  • Analytics cookies: Only with your consent
  • Marketing cookies: Opt-in only
  • You can manage cookie preferences in your account settings

Data Breach Protocol

In the unlikely event of a data breach, we will notify affected users within 72 hours and provide guidance on protective measures. We also notify the relevant supervisory authorities as required.

Contact Our Data Protection Officer

For any GDPR-related inquiries or to exercise your rights:

Email: dpo@promoledger.com
Response time: Within 30 days
Address: Data Protection Officer, PromoLedger, Paris, France

Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL).