DATA PROTECTION & GDPR

HOME | LEGAL | DATA PROTECTION & GDPR

Comprehensive Data Protection & GDPR Compliance

At GulshanSync, protecting the privacy and security of your personal data is a top priority. This policy explains how we collect, process, store, and safeguard your information in full compliance with the European Union’s General Data Protection Regulation (GDPR) and applicable data protection laws.

1. Types of Data We Collect

We collect only the data necessary to provide our platform and services effectively, including:

  • Account Data: Name, email address, phone number, role, and login credentials.
  • Campaign Data: Volunteer lists, voter profiles, issue tracking, constituency records, and event participation.
  • Usage Data: IP addresses, device information, login timestamps, activity logs, and platform interactions.
  • Payment Information: Billing and payment details for subscription and setup fees (processed securely via third-party payment gateways).
  • Communication Data: Emails, support requests, feedback, and survey responses.

2. Purpose of Data Processing

We process your data for legitimate purposes, including:

  • Provision and improvement of our platform and services.
  • Tracking campaign operations, voter engagement, and volunteer activity.
  • Analyzing trends to optimize platform functionality and user experience.
  • Ensuring compliance, fraud prevention, and security monitoring.
  • Responding to inquiries, support requests, and notifications.

3. Legal Basis for Processing

Under GDPR, we rely on one or more of the following lawful bases to process personal data:

  • Consent: Explicit consent provided by users for specific processing purposes.
  • Contractual Necessity: Processing required to fulfill our services to you.
  • Legal Obligation: Compliance with laws, regulations, or official requests.
  • Legitimate Interests: For platform operation, improvement, security, and fraud prevention, provided it does not override your rights.

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information only with:

  • Authorized service providers: Hosting, analytics, payment processing, and customer support providers under strict confidentiality agreements.
  • Legal and regulatory authorities: When required by law, regulation, or legal process.
  • Business Transfers: In case of merger, acquisition, or sale of assets, with safeguards to protect personal data.

5. Data Retention Policy

We retain personal data only for as long as necessary to provide services or meet legal obligations. Typical retention periods:

  • Account & user data: Retained for the duration of the subscription + 2 years after account closure.
  • Campaign & volunteer data: Retained for 5 years post-election cycle for historical analysis and reporting.
  • Financial records: Retained for 7 years for compliance with accounting and tax regulations.

6. Your GDPR Rights

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of personal data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of personal data where legally permissible.
  • Right to Restrict Processing: Limit the use of your data under certain conditions.
  • Right to Data Portability: Receive personal data in a structured, machine-readable format.
  • Right to Object: Object to data processing for direct marketing or legitimate interests.
  • Right to Withdraw Consent: Revoke previously given consent without affecting legality of prior processing.

7. Data Security Measures

We implement industry-standard technical and organizational measures, including:

  • End-to-end encryption for sensitive data in transit.
  • Secure servers and firewall protection.
  • Access controls and authentication for authorized personnel.
  • Regular audits, vulnerability assessments, and monitoring.
  • Data anonymization where feasible.

8. International Data Transfers

Your data may be processed or stored outside your country. We ensure adequate safeguards, including:

  • Contractual clauses with third-party processors.
  • Compliance with GDPR standards for international transfers.
  • Strict agreements to prevent unauthorized access.

9. Data Breach Notification

In case of a data breach, we will notify affected users and regulators within 72 hours, as required by GDPR, and take immediate remedial actions to secure data.

10. Policy Updates

We may update this policy periodically to reflect changes in law, regulations, or platform operations. The latest version will always be available on our website.

11. Contact Information

For inquiries about GDPR, data protection, or exercising your rights:

Email: privacy@gulshansync.com

Phone: +880-1329-183093

Address: GulshanSync HQ, Sylhet, Bangladesh