Pyron Technology

GDPR Compliance & Data Protection

Last updated: January 23, 2026

1. Our Commitment to GDPR Compliance

Pyron Technology is committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Union and European Economic Area. This page outlines our GDPR compliance measures and your rights under GDPR.

2. Legal Basis for Processing

We process your personal data based on the following legal grounds:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving our Service, preventing fraud)
  • Consent: Processing based on your explicit consent (e.g., marketing communications)
  • Legal Obligation: Processing required to comply with legal requirements

3. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

3.1 Right to Access (Article 15)

You have the right to obtain confirmation that we are processing your personal data and to access that data. You can request a copy of your personal data in a commonly used electronic format.

3.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update most of your information directly through your account settings.

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw consent and there is no other legal basis for processing
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed

3.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing in certain circumstances, such as when you contest the accuracy of your data or object to processing.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

3.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

3.7 Right Not to be Subject to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

3.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

4. How to Exercise Your Rights

To exercise any of your GDPR rights, please contact our Data Protection Officer at:

Email: [email protected]
Subject Line: "GDPR Rights Request"

Please include the following information in your request:

  • Your full name and email address associated with your account
  • The specific right you wish to exercise
  • Any relevant details to help us process your request

We will respond to your request within one month. In complex cases, we may extend this period by two additional months, and we will inform you of any such extension.

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk:

  • Encryption: Data is encrypted in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Role-based access control and multi-factor authentication
  • Pseudonymization: Where appropriate, we pseudonymize personal data
  • Regular Testing: Security assessments, vulnerability scans, and penetration testing
  • Data Minimization: We collect only the data necessary for specified purposes
  • Staff Training: Regular training on data protection and GDPR compliance

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach. The notification will include:

  • The nature of the breach
  • The categories and approximate number of data subjects affected
  • The likely consequences of the breach
  • The measures taken or proposed to address the breach

7. International Data Transfers

When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules for intra-group transfers

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Account Data: Retained for the duration of your account plus 90 days
  • Assessment Data: Retained for 5 years for analytical purposes
  • Communication Records: Retained for 3 years
  • Legal Compliance Data: Retained as required by applicable law

9. Data Processing Records

In accordance with Article 30 GDPR, we maintain records of our processing activities, including:

  • Purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • International data transfers
  • Retention periods
  • Security measures

10. Third-Party Processors

We work with carefully selected third-party processors who assist in providing our Service. All processors:

  • Are bound by data processing agreements compliant with Article 28 GDPR
  • Provide sufficient guarantees of appropriate technical and organizational measures
  • Process personal data only on our documented instructions
  • Maintain confidentiality and security of personal data

11. Right to Lodge a Complaint

If you believe we have not complied with GDPR, you have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

You can find your local supervisory authority at: European Data Protection Board

12. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance. You can contact our DPO at:

Data Protection Officer
Pyron Technology
Email: [email protected]
Address: [Company Address]

13. Updates to This Page

We may update this GDPR compliance page to reflect changes in our practices or legal requirements. We will notify you of any material changes and update the "Last updated" date at the top of this page.