GDPR Compliance

Our Commitment to Data Protection

Hvrocket Ltd is committed to protecting the personal data of our users in compliance with the General Data Protection Regulation (GDPR). As a company registered in England and Wales, we adhere to the highest standards of data protection and privacy.

Legal Basis for Processing

We process personal data under the following legal bases:

• Contract: Processing necessary for the performance of our services
• Consent: Where you have given explicit consent for specific purposes
• Legitimate Interest: For our business operations where not overridden by your rights
• Legal Obligation: Where required by law

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information within 30 days of your request.

Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure

Also known as the "right to be forgotten", you can request deletion of your personal data in certain circumstances.

Right to Restrict Processing

You can request that we limit the processing of your personal data in specific situations.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, and machine-readable format.

Right to Object

You have the right to object to the processing of your personal data for direct marketing or where processing is based on legitimate interests.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure the security of your personal data:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Staff training on data protection
• Incident response procedures
• Regular backups and disaster recovery plans

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, or transfers to countries with an adequacy decision.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. When data is no longer needed, it is securely deleted or anonymized.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. Where the breach is likely to result in a high risk, we will also notify affected individuals without undue delay.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and compliance. You can contact our DPO at dpo@hvrocket.com for any questions or concerns about how we handle your data.

Exercising Your Rights

To exercise any of your rights under GDPR, please contact us using one of the methods below. We may ask you to verify your identity before processing your request. We will respond to your request within 30 days.

If you are unsatisfied with our response, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.