GDPR Compliance

Last Updated: March 2026

1. Our Commitment

BITAS is committed to compliance with the General Data Protection Regulation (GDPR) for all users, including those in the European Economic Area (EEA). We take data protection seriously and have implemented comprehensive measures to ensure your personal data is handled lawfully, fairly, and transparently.

2. Legal Basis for Processing

We process personal data under the following lawful bases:

Contractual Necessity: Processing required to fulfill our service agreement with you — including account management, workflow operations, and notifications.

Legitimate Interest: Processing for platform improvement, security, fraud prevention, and analytics, balanced against your rights and freedoms.

Consent: Where we rely on consent (e.g., marketing communications), you may withdraw consent at any time.

Legal Obligation: Processing required to comply with applicable laws and regulations.

3. Data Subject Rights

Under the GDPR, you have the following rights:

Right of Access (Art. 15): Request a copy of the personal data we hold about you.

Right to Rectification (Art. 16): Request correction of inaccurate or incomplete personal data.

Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.

Right to Data Portability (Art. 20): Receive your personal data in a structured, commonly used, machine-readable format.

Right to Restrict Processing (Art. 18): Request that we limit the processing of your personal data under certain circumstances.

Right to Object (Art. 21): Object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, contact us at contact.bitas@gmail.com. We will respond within 30 days.

4. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection representative:

Email: contact.bitas@gmail.com
Subject Line: GDPR Inquiry

We will acknowledge your request within 72 hours and provide a substantive response within 30 days.

5. Data Processing Agreements

Where BITAS acts as a data processor on behalf of your organization (the data controller), we enter into Data Processing Agreements (DPAs) that comply with Article 28 of the GDPR. Our DPAs cover:
• Nature and purpose of processing
• Types of personal data processed
• Data subject categories
• Obligations and rights of the controller
• Sub-processor management
• Data breach notification procedures

6. Cross-Border Data Transfers

Your data is primarily stored and processed in secure data centers. When data transfers occur across borders, we ensure adequate protection through:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Appropriate technical and organizational safeguards

7. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
• Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
• Notify affected data subjects without undue delay where the breach is likely to result in high risk
• Document all breaches, including facts, effects, and remedial actions taken

8. Data Minimization & Retention

We collect only the minimum personal data necessary to provide our services. We retain data only for as long as required for the purposes for which it was collected or as required by law. When data is no longer needed, it is securely deleted or anonymized.

9. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.