GDPR Compliance

General Data Protection Regulation (GDPR) Compliance

Elmurat.com is committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This page outlines our GDPR compliance measures and your rights as a data subject.

1. Legal Basis for Processing

We process your personal data based on the following legal bases:

• Consent: When you use our AI Assistant, you consent to the processing of your messages for the purpose of providing the service.
• Legitimate Interest: We process device fingerprints and technical data to ensure website security, prevent fraud, and enforce rate limits.
• Legal Obligation: We may process data to comply with applicable laws and regulations.

2. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

2.1 Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and access to that personal data.

2.2 Right to Rectification (Article 16)

You have the right to have inaccurate personal data corrected and incomplete data completed.

2.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or when you withdraw consent.

2.4 Right to Restrict Processing (Article 18)

You have the right to request the restriction of processing of your personal data in certain circumstances.

2.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

2.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

2.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you.

3. Data Processing and Storage

3.1 Data Minimization

We only collect and process personal data that is necessary for the purposes stated in our Privacy Policy. We do not store conversation history permanently.

3.2 Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected:

• Conversation data: Stored only during active session, cleared when browser is closed
• Device fingerprints: Retained temporarily for rate limiting and security purposes
• Analytics data: Retained in accordance with our analytics provider's policies

3.3 Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of data in transit (HTTPS/WSS)
• Input sanitization and validation
• Rate limiting to prevent abuse
• Regular security assessments

4. Third-Party Data Processors

We use the following third-party services that may process your personal data:

• Google Gemini API: Processes AI Assistant messages. Google is GDPR compliant. Privacy Policy
• Vercel: Hosting and analytics services. Vercel is GDPR compliant. Privacy Policy

All third-party processors are required to comply with GDPR and have appropriate data processing agreements in place.

5. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that such transfers comply with GDPR requirements through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other appropriate safeguards as required by GDPR

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority without undue delay, and in any event within 72 hours of becoming aware of the breach, where feasible.

7. Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

• Email: elmurat.work@gmail.com
• Subject Line: "GDPR Request - [Your Request Type]"

We will respond to your request within one month. If your request is complex or we receive multiple requests, we may extend this period by an additional two months, and we will inform you of this extension.

8. Right to Lodge a Complaint

If you believe that our processing of your personal data violates GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

For more information, visit: European Data Protection Board

9. Contact Information

For any questions or concerns regarding GDPR compliance, please contact:

• Data Controller: Elmurat
• Email: elmurat.work@gmail.com
• Website: https://elmurat.com

10. Updates to This Policy

We may update this GDPR Compliance page from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on this page.