GDPR Compliance

1. Introduction

OrcaMonitor is committed to protecting the privacy and rights of individuals in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements.

2. Data Controller

OrcaMonitor acts as a Data Controller for personal data collected through our platform. For network device data, we act as a Data Processor on behalf of our customers.

3. Legal Basis for Processing

We process personal data based on:

• Contract: To fulfill our service agreement with you
• Consent: When you explicitly opt-in to communications
• Legitimate Interest: For security and fraud prevention
• Legal Obligation: When required by law

4. Your Rights Under GDPR

• Right of Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interest

5. Data Processing Agreements

We offer Data Processing Agreements (DPAs) to customers who require them. Contact us at gdpr@orcamonitor.com to request a DPA.

6. International Data Transfers

When transferring data outside the EEA, we use:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions where applicable
• Appropriate safeguards as required by GDPR

7. Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify supervisory authorities within 72 hours
• Inform affected individuals without undue delay
• Document the breach and remediation steps

8. Data Protection Officer

For GDPR-related inquiries, contact our Data Protection Officer at dpo@orcamonitor.com