1 Introduction to GDPR
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations processing personal data of EU/UK residents.
Valutoria Ltd is fully committed to GDPR compliance and protecting your privacy rights with military-grade security and transparency.
What is GDPR?
- Comprehensive data protection regulation
- Applies to EU and UK residents
- Grants extensive privacy rights to individuals
- Requires organizations to protect personal data
2 Our GDPR Commitment
Valutoria Ltd adheres to all GDPR principles with unwavering dedication:
2.1 Lawfulness, Fairness, and Transparency
We process data lawfully, fairly, and in a transparent manner. We clearly explain what data we collect and how we use it.
2.2 Purpose Limitation
We collect data for specific, explicit, and legitimate purposes only. We do not use data for incompatible purposes.
2.3 Data Minimization
We only collect data that is adequate, relevant, and limited to what is necessary for processing purposes.
2.4 Accuracy
We take reasonable steps to ensure personal data is accurate and up-to-date. You can request corrections at any time.
2.5 Storage Limitation
We retain personal data only as long as necessary for the purposes collected. See our Privacy Policy for retention periods.
2.6 Integrity and Confidentiality
We implement appropriate technical and organizational measures to ensure data security, including encryption, access controls, and regular security audits.
2.7 Accountability
We maintain records of processing activities and can demonstrate compliance with GDPR principles.
3 Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
3.1 Right to Access (Article 15)
What You Can Request
- Confirmation that we process your data
- Copy of your personal data
- Information about processing purposes
- Categories of data we hold
- Recipients of your data
- Data retention periods
Response Time: Within 30 days, free of charge
3.2 Right to Rectification (Article 16)
You can request correction of inaccurate or incomplete personal data. We will notify third parties of corrections where appropriate.
3.3 Right to Erasure "Right to be Forgotten" (Article 17)
You can request deletion of your data when:
- Data is no longer necessary for the purposes collected
- You withdraw consent (where consent is the legal basis)
- You object to processing and there are no overriding legitimate grounds
- Data has been unlawfully processed
- Erasure is required for legal compliance
Note: This right is not absolute. We may retain data if required by law or for legitimate legal purposes.
3.4 Right to Restriction of Processing (Article 18)
You can request that we limit processing of your data when:
- You contest the accuracy of the data
- Processing is unlawful but you don't want erasure
- We no longer need the data but you need it for legal claims
- You have objected to processing pending verification
3.5 Right to Data Portability (Article 20)
You can receive your data in a structured, commonly used, machine-readable format (e.g., JSON, CSV, XML) and transmit it to another controller.
Data Portability
We provide data exports in standard formats within 30 days. This includes all data you provided to us.
3.6 Right to Object (Article 21)
You can object to processing based on:
- Legitimate interests
- Performance of a public interest task
- Direct marketing (absolute right)
- Profiling for direct marketing
3.7 Right to Withdraw Consent (Article 7)
Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
3.8 Right to Lodge a Complaint (Article 77)
You have the right to file a complaint with a supervisory authority if you believe we have violated your data protection rights.
4 Data Controller Information
UK Data Controller
Valutoria Ltd
71-75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
Company House Registration: [Registration Number]
China Entity (WFOE)
北京浩尔特曼科技有限公司
Beijing Haoerteman Technology Co., Ltd.
未来科学城南区, 北京, 中国
5 Legal Basis for Processing
We process personal data based on the following legal bases (GDPR Article 6):
5.1 Contract Performance (Article 6(1)(b))
Processing necessary to fulfill our contractual obligations, including:
- Providing software services
- Processing payments
- Delivering technical support
- Managing your account
5.2 Legitimate Interests (Article 6(1)(f))
Processing necessary for our legitimate interests, such as:
- Fraud prevention and security
- Network and information security
- Business analytics and improvements
- Internal administrative purposes
5.3 Consent (Article 6(1)(a))
With your explicit consent for:
- Marketing communications
- Optional cookies and tracking
- Newsletter subscriptions
- Certain data sharing with third parties
5.4 Legal Obligation (Article 6(1)(c))
Processing required by law, including:
- Tax and accounting obligations
- Anti-money laundering checks
- Regulatory compliance
- Court orders and legal processes
6 International Data Transfers
Valutoria operates globally with entities in the UK and China. We ensure GDPR-compliant international data transfers through:
6.1 Standard Contractual Clauses (SCCs)
We use EU-approved Standard Contractual Clauses for transfers between our UK and China entities and with third-party processors outside the UK/EEA.
6.2 Adequacy Decisions
Where available, we transfer data to countries with adequacy decisions from the European Commission or UK government.
6.3 UK-China Data Transfers
Cross-Border Transfers
Data transferred to our Beijing entity (北京浩尔特曼科技有限公司) is protected by:
- Standard Contractual Clauses (SCCs)
- Additional security measures (encryption, access controls)
- Data processing agreements
- Regular compliance audits
You have the right to request information about these safeguards and obtain a copy of the SCCs.
6.4 Third-Party Service Providers
Some service providers are located outside the UK/EEA:
- US Providers: Google (Cloud, Analytics), AWS, Stripe - covered by SCCs
- Other Regions: All transfers protected by appropriate safeguards
7 How to Exercise Your Rights
7.1 Submit a Request
To exercise any GDPR right, contact us at:
Valutoria Ltd, 71-75 Shelton Street, London WC2H 9JQ, UK
7.2 Identity Verification
To protect your privacy, we may request additional information to verify your identity before processing requests. This may include:
- Government-issued ID
- Account verification questions
- Email confirmation from registered address
7.3 Response Timeframe
We will respond to your request within 30 days. If we need more time (complex requests), we will notify you and may extend by an additional 60 days.
7.4 Free of Charge
Exercising your GDPR rights is free. We may charge a reasonable fee for:
- Manifestly unfounded or excessive requests
- Repeated requests for copies of the same information
7.5 Right to Refuse
In certain circumstances, we may refuse a request (e.g., legal obligations, legal claims). We will explain the reasons and inform you of your right to complain to a supervisory authority.
8 Filing a Complaint
If you believe we have violated your data protection rights, you can:
8.1 Contact Us First
We encourage you to contact us first so we can address your concerns: privacy@valutoria.com
8.2 File with Supervisory Authority
UK Residents
Information Commissioner's Office (ICO)
Website: https://ico.org.uk
Phone: 0303 123 1113
Report online: https://ico.org.uk/make-a-complaint/
EU Residents
Contact your local data protection authority: EDPB Member List
9 Contact Our DPO
Data Protection Officer
Valutoria Ltd
71-75 Shelton Street, Covent Garden
London WC2H 9JQ, United Kingdom
Exercise Your GDPR Rights
We make it easy to access, correct, or delete your data. Contact our privacy team today and experience elite-level data protection.
Contact Privacy Team