GDPR Compliance

Introduction

This GDPR Compliance statement explains how aftergrid. ("we", "our", or "us") processes personal data in accordance with the General Data Protection Regulation (GDPR) and outlines the rights you have regarding your personal data when using our property management software ("Service").

Data Controller

aftergrid. acts as a data controller for personal data collected through our website and as a data processor for personal data processed through our Service on behalf of our customers. Our contact details are:

• Email: [email protected]
• Postal Address: [Company Address]

Legal Basis for Processing

We process personal data on the following legal grounds:

• Contractual Necessity: Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract
• Legitimate Interests: Processing necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms
• Legal Obligation: Processing necessary for compliance with a legal obligation
• Consent: Processing based on your specific, informed, unambiguous consent

For each processing activity, we identify and document the appropriate legal basis.

Personal Data We Process

Depending on your relationship with us, we may process the following categories of personal data:

For Service Users

• Contact information (name, email, phone number)
• Account information (login credentials, user preferences)
• Payment information (processed securely through payment processors)
• Usage data (how you interact with our Service)
• IP address and device information

For Community Residents (Data entered by our customers)

• Contact information (name, email, phone number)
• Apartment/unit information
• Payment records and financial information

We do not process special categories of personal data (revealing racial or ethnic origin, political opinions, religious beliefs, etc.) unless specifically required and with appropriate safeguards.

Data Subject Rights

Under the GDPR, you have the following rights:

• Right to Access: You can request copies of your personal data
• Right to Rectification: You can request that we correct inaccurate or complete incomplete data
• Right to Erasure: You can request that we delete your personal data in certain circumstances
• Right to Restrict Processing: You can request that we limit the processing of your data
• Right to Data Portability: You can request that we transfer your data to another controller
• Right to Object: You can object to our processing of your personal data
• Rights Related to Automated Decision Making and Profiling: Safeguards against automated decision-making

To exercise these rights, please contact us at [email protected]. We will respond to all requests within one month.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data during transmission and at rest
• Regular testing and evaluation of security measures
• Ability to ensure ongoing confidentiality, integrity, and availability of processing systems
• Process for regularly testing, assessing, and evaluating security measures
• Procedures to restore access to personal data in the event of an incident
• Staff training on data protection and security

International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place through:

• Adequacy decisions by the European Commission
• Standard contractual clauses approved by the European Commission
• Binding corporate rules (where applicable)

You can obtain more information about these safeguards by contacting us.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. Our retention periods are determined based on:

• The amount, nature, and sensitivity of the personal data
• The potential risk of harm from unauthorized use or disclosure
• The purposes for which we process the data
• Whether we can achieve those purposes through other means
• Legal and regulatory requirements

Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.

If the breach is likely to result in a high risk to the rights and freedoms of individuals, we will also notify the affected individuals without undue delay.

Data Protection Impact Assessments

Where processing operations are likely to result in a high risk to the rights and freedoms of individuals, we conduct Data Protection Impact Assessments (DPIAs) prior to the processing.

Data Protection Officer

We have appointed a Data Protection Officer who can be contacted at [email protected] for any queries about our data protection practices or to exercise your rights.

Complaints

If you have concerns about our processing of your personal data, you have the right to lodge a complaint with your local data protection supervisory authority. However, we encourage you to contact us first so that we can address your concerns.

Changes to this GDPR Statement

We may update this GDPR Compliance statement from time to time. We will notify you of any significant changes by posting the new statement on our website and updating the "Last updated" date.

We recommend that you review this statement periodically to stay informed about our data protection practices.

Contact Us

For any questions regarding this GDPR Compliance statement or our data protection practices, please contact us:

• Data Protection Officer: [email protected]
• By visiting the contact page on our website