GDPR Compliance
Last Updated: April 1, 2026
1. Your Data Subject Rights
Under the GDPR, you have specific rights regarding your personal data. We provide the tools and processes necessary for you to exercise these rights seamlessly.
Right of access
You can request a copy of the personal data we hold about you at any time.
Right to rectification
You can update or correct any inaccurate or incomplete personal data.
Right to erasure
You can request the deletion of your personal data ('right to be forgotten').
Right to restrict processing
You can ask us to suspend the processing of your personal data under certain scenarios.
Right to data portability
You can request the transfer of your data to you or a third party in a structured format.
Right to object
You can object to our processing of your personal data for direct marketing or legitimate interests.
2. Data Processing Agreement (DPA)
When you use PrimesRank to process personal data of your own customers, you act as the Data Controller, and PrimesRank acts as the Data Processor. To support your compliance, we offer a comprehensive Data Processing Agreement that meets GDPR requirements.
- Standard Contractual Clauses (SCCs) included
- Clear sub-processor list and notification process
- Commitment to assist with data subject requests
3. Security by Design
We implement robust technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data.
Data encryption
All data is encrypted at rest using AES-256 and in transit using TLS 1.3.
Secure servers and infrastructure
Hosted on enterprise-grade cloud providers with strict physical and network security.
Access control and authentication
Strict role-based access control (RBAC) and mandatory MFA for all staff.
Regular security updates
Automated patching, dependency scanning, and regular third-party penetration testing.
Monitoring and threat detection
24/7 automated monitoring for suspicious activities and potential breaches.
4. International Data Transfers
PrimesRank primarily processes data within the European Economic Area (EEA). When data must be transferred outside the EEA, we ensure appropriate safeguards are in place, such as the European Commission's Standard Contractual Clauses (SCCs), to guarantee that your data receives the same level of protection as it does within Europe.
5. Our Core GDPR Principles
We process all personal data in accordance with the six core principles defined in Article 5 of the GDPR.
Lawfulness, fairness & transparency
We process data legally and clearly explain what we do with it.
Purpose limitation
Data is collected only for specified, explicit, and legitimate purposes.
Data minimization
We only collect the data that is absolutely necessary for our services.
Accuracy
We take reasonable steps to ensure data is accurate and kept up to date.
Storage limitation
Data is kept only for as long as necessary to fulfill its intended purpose.
Integrity & confidentiality
Data is processed securely to protect against unauthorized access or loss.
6. Contact Our Data Protection Team
If you have any questions about our GDPR compliance, wish to exercise your data subject rights, or need to request our Data Processing Agreement, please reach out to our dedicated privacy team.