GDPR COMPLIANCE – FELICLOUD

Your Data Protection Rights Under GDPR

At Felicloud, we are committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR). This page provides comprehensive information about how we comply with GDPR requirements and how you can exercise your data protection rights.

🛡️ OUR GDPR COMMITMENT

Data Controller: BTJT LDA, Portugal
Registration: Portuguese company fully compliant with EU data protection laws
Server Location: All data stored exclusively within the European Union
Contact: privacy@felicloud.com

📋 YOUR RIGHTS UNDER GDPR

1. RIGHT TO BE INFORMED

What it means: You have the right to know how your personal data is being processed.

How we comply:

• Clear and transparent Privacy Policy in plain language
• Detailed information about data collection at point of signup
• Regular updates about any changes to our data processing

Action required: None – we provide this information automatically

2. RIGHT OF ACCESS

What it means: You can request a copy of all personal data we hold about you.

How to exercise this right:

• Email us at privacy@felicloud.com
• Include your full name and email address used for your account
• We will respond within 30 days with a complete data export

What you’ll receive:

• Account information and settings
• File names and metadata (but not file contents)
• Access logs and usage statistics
• Communication history with our support team

3. RIGHT TO RECTIFICATION

What it means: You can correct inaccurate or incomplete personal data.

How to exercise this right:

• Update information directly in your account settings
• Contact privacy@felicloud.com for data you cannot change yourself
• We will update your information within 72 hours

Data you can update:

• Email address
• Password
• Account preferences
• Communication preferences

4. RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN)

What it means: You can request deletion of your personal data under certain circumstances.

How to exercise this right:

• Delete your account through account settings, OR
• Email privacy@felicloud.com with deletion request
• Include reason for deletion (optional but helpful)

What happens:

• Account marked for deletion immediately
• All personal data deleted within 30 days
• File contents permanently removed from our servers
• Confirmation email sent once deletion is complete

Limitations:

• We may retain some data if required by law
• Anonymized usage statistics may be retained for service improvement

5. RIGHT TO RESTRICT PROCESSING

What it means: You can limit how we process your data in certain situations.

When you can restrict processing:

• You contest the accuracy of your data
• Processing is unlawful but you don’t want deletion
• We no longer need the data but you need it for legal claims
• You’ve objected to processing pending verification

How to request:

• Email privacy@felicloud.com with your restriction request
• Specify which data and why you want processing restricted
• We will confirm restriction within 72 hours

6. RIGHT TO DATA PORTABILITY

What it means: You can receive your personal data in a structured, machine-readable format.

How we comply:

• Data export available in JSON format
• Includes all your personal data and account information
• Files can be downloaded separately via your account

How to request:

• Email privacy@felicloud.com
• We will prepare your data package within 7 days
• Download link sent via secure email

7. RIGHT TO OBJECT

What it means: You can object to processing based on legitimate interests or for direct marketing.

Marketing objection:

• Unsubscribe from all marketing emails instantly
• Opt-out links provided in every marketing email
• Email privacy@felicloud.com to object to all marketing

Processing objection:

• Object to data processing for legitimate interests
• We will stop processing unless we have compelling legitimate grounds
• Email privacy@felicloud.com with your objection

8. RIGHTS RELATED TO AUTOMATED DECISION MAKING

What it means: You have rights regarding automated decision-making and profiling.

Our practices:

• We do not make automated decisions that significantly affect you
• No profiling for credit, employment, or similar decisions
• Any automated processing is for service optimization only

If we ever implement automated decision-making:

• You will be informed explicitly
• You can request human intervention
• You can challenge the decision

🔒 HOW WE PROTECT YOUR DATA

Security Measures

• Encryption: AES-256 for data at rest, TLS/SSL for data in transit
• Access Control: Strict employee access controls with multi-factor authentication
• Infrastructure: EU-only servers with 24/7 monitoring
• Backups: Encrypted backups with same security standards

Data Minimization

• We only collect data necessary for service provision
• Regular data audits to remove unnecessary information
• Automatic deletion of temporary files and logs after 30 days

Privacy by Design

• Privacy considerations built into all new features
• Regular privacy impact assessments
• Staff training on data protection principles

📊 LAWFUL BASIS FOR PROCESSING

🚨 DATA BREACH PROCEDURES

Our Response Process

1. Detection: Continuous monitoring for security incidents
2. Assessment: Risk evaluation within 24 hours
3. Containment: Immediate action to limit breach impact
4. Investigation: Full forensic investigation of the incident
5. Notification: Authorities notified within 72 hours if required

User Notification

• High-risk breaches: Direct notification to affected users within 72 hours
• Low-risk breaches: General notification via website and email
• Detailed information about the breach and protective measures

Prevention Measures

• Regular security audits and penetration testing
• Employee security training programs
• Incident response plan regularly updated and tested

🌍 INTERNATIONAL DATA TRANSFERS

Our Policy

• Primary storage: All data stored in Portugal (EU)
• No US transfers: We do not transfer data to the United States
• EU-only processing: All data processing occurs within EU boundaries
• Backup locations: Secondary backups within EU only

If We Ever Transfer Data Outside EU

• Adequate level of protection ensured (adequacy decision or appropriate safeguards)
• Prior notification to users about any changes
• Right to object to international transfers

👶 CHILDREN’S DATA PROTECTION

Age Restrictions

• Service restricted to users 18 years and older
• No knowingly collection of children’s data
• Immediate deletion if child data discovered

Verification Process

• Age confirmation required during registration
• Regular audits to identify potential underage users
• Parent/guardian notification if child data identified

📞 EXERCISING YOUR RIGHTS

Contact Information

Primary contact: privacy@felicloud.com
Response time: Within 30 days (most requests within 72 hours)
Languages: English, French, Portuguese

Postal address: BTJT LDA
Rua Francisco Miguel 98A
2835-123 Baixa da Banheira
Portugal

What to Include in Your Request

• Full name and email address associated with your account
• Specific right you wish to exercise
• Reason for the request (helpful but not required)
• Preferred response format (email or postal mail)

Verification Process

• We may request additional information to verify your identity
• This protects your data from unauthorized access
• Verification typically completed within 48 hours

No Fee Policy

• Most requests processed free of charge
• Fee may apply for manifestly unfounded or excessive requests
• Maximum fee: €10 for complex requests
• You will be notified of any fees before processing

🏛️ SUPERVISORY AUTHORITY

Your Right to Complain

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with a supervisory authority.

Relevant Authorities

Portugal (our primary authority): Comissão Nacional de Proteção de Dados (CNPD)
Website: www.cnpd.pt
Email: geral@cnpd.pt

Your local authority: You can also complain to the supervisory authority in your EU country of residence.

Before Complaining

We encourage you to contact us first at privacy@felicloud.com. We are committed to resolving any concerns promptly and transparently.

📈 GDPR COMPLIANCE UPDATES

Regular Reviews

• Privacy Policy reviewed quarterly
• GDPR compliance audit conducted annually
• Staff training updated bi-annually
• Technical and organizational measures reviewed continuously

Staying Informed

• Updates posted on this page
• Email notifications for significant changes
• Newsletter updates for subscribers

Documentation

• Records of processing activities maintained
• Data protection impact assessments available upon request
• Compliance documentation updated regularly

🤝 THIRD-PARTY PROCESSORS

We work with the following third-party processors under GDPR-compliant agreements:

📋 GDPR COMPLIANCE CHECKLIST

✅ Lawful basis identified for all processing activities
✅ Privacy Policy clear and accessible
✅ User rights fully implemented and accessible
✅ Consent mechanisms implemented where required
✅ Data breach procedures established and tested
✅ Data Protection Officer contactable
✅ Records of processing maintained
✅ Staff training completed and regular
✅ Technical safeguards implemented
✅ Vendor agreements include GDPR provisions

📞 NEED HELP?

If you have any questions about your rights under GDPR or how to exercise them, please don’t hesitate to contact us:

Email: privacy@felicloud.com
Subject line: “GDPR Rights Request”
Response time: Within 30 days (usually much faster)

We are here to help you understand and exercise your data protection rights.

Last updated: [Date to be completed]

This page is regularly updated to reflect any changes in GDPR requirements or our data processing practices.