GDPR Compliance

Liflio is committed to protecting your personal data and ensuring full compliance with the General Data Protection Regulation (GDPR).

Last updated: January 22, 2025 • Effective Date: January 22, 2025

1. GDPR Overview

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to all organizations processing personal data of EU/EEA residents. At Liflio, we've implemented robust measures to ensure full compliance.

Data Subjects

All individuals whose personal data we process

Data Protection

Strict security measures and privacy by design

Transparency

Clear information about how we use your data

2. Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you, including how it's used and who it's shared with.

Right to Rectification

Correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data ("right to be forgotten") under certain circumstances.

Right to Portability

Export your personal data in a machine-readable format to transfer to another service.

Right to Restrict Processing

Limit how we process your personal data under certain circumstances.

Right to Object

Object to processing of your personal data for marketing or other legitimate interests.

Right to Withdraw Consent

Withdraw your consent at any time where processing is based on consent.

Right to Complain

File a complaint with your local data protection authority if you believe we've violated GDPR.

3. How to Exercise Your Rights

You can exercise your GDPR rights through multiple channels. We aim to respond to all requests within 30 days.

Self-Service Options

  • Account Settings: Update your profile information
  • Privacy Dashboard: Download your data
  • Consent Management: Update marketing preferences
  • Data Export: Request data portability

Contact Our Team

Identity Verification: To protect your privacy, we may need to verify your identity before processing certain requests. This helps prevent unauthorized access to your personal data.

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

Contract Performance (Art. 6(1)(b))

Processing necessary to provide our services, manage your account, and fulfill our contractual obligations.

Examples: Account creation, service delivery, billing, customer support

Legitimate Interest (Art. 6(1)(f))

Processing for legitimate business purposes where our interests don't override your privacy rights.

Examples: Service improvement, fraud prevention, security, analytics

Consent (Art. 6(1)(a))

Processing based on your explicit consent, which you can withdraw at any time.

Examples: Marketing communications, optional features, cookies

Legal Obligation (Art. 6(1)(c))

Processing required to comply with legal obligations and regulatory requirements.

Examples: Tax records, financial reporting, law enforcement cooperation

5. Data Security Measures

We implement appropriate technical and organizational measures to ensure data security:

Technical Measures

  • End-to-end encryption in transit and at rest
  • Multi-factor authentication
  • Regular security audits and penetration testing
  • Automated vulnerability scanning
  • Secure development practices
  • Regular security updates and patches

Organizational Measures

  • Staff training on data protection
  • Access controls and least privilege principle
  • Data breach response procedures
  • Privacy impact assessments
  • Vendor due diligence and contracts
  • Regular compliance monitoring

6. International Data Transfers

When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place:

Adequacy Decisions

Transfers to countries with adequate data protection levels as recognized by the European Commission.

Standard Contractual Clauses

EU-approved contract terms that ensure appropriate data protection standards.

Binding Corporate Rules

Internal policies approved by data protection authorities for intra-group transfers.

Certification Schemes

Industry-recognized certifications that demonstrate compliance with GDPR requirements.

7. Contact Information

Data Controller

liflio SAS

18 rue Eugene Leroy

33800 Bordeaux

France

Email: [email protected]

Privacy Contact

Privacy Team

Email: [email protected]

Phone: 05 54 49 81 45

Available: Monday–Friday, 9 AM – 6 PM CET

Supervisory Authority: If you're not satisfied with our response to your privacy request, you can contact your local data protection authority. For EU residents, find your authority at EDPB member list.