GDPR Compliance
Last updated: January 2025
1. GDPR Commitment
Adflowly is fully committed to compliance with the General Data Protection Regulation (GDPR) for all users in the European Economic Area (EEA), United Kingdom, and Switzerland.
2. Lawful Basis for Processing
We process personal data under the following lawful bases:
- Consent: You explicitly authorize access to your Facebook ad data
- Contract: Processing necessary to provide our services
- Legitimate Interest: Platform improvement and security
3. Your GDPR Rights
Under GDPR, you have the following rights:
3.1 Right to Access
Request a copy of all personal data we hold about you.
3.2 Right to Rectification
Correct any inaccurate or incomplete personal data.
3.3 Right to Erasure ("Right to be Forgotten")
Request deletion of your personal data when no longer necessary.
3.4 Right to Restrict Processing
Limit how we use your data in certain circumstances.
3.5 Right to Data Portability
Receive your data in a structured, machine-readable format.
3.6 Right to Object
Object to processing based on legitimate interests.
3.7 Right to Withdraw Consent
Withdraw consent at any time without affecting prior processing.
4. Data Protection Officer
For GDPR-related inquiries, contact our Data Protection Officer:
- Email: privacy@adflowly.com
- Subject line: "GDPR Request"
5. Data Transfers
If we transfer data outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or other approved mechanisms.
6. Data Breach Notification
In the event of a data breach affecting your rights, we will notify you and relevant supervisory authorities within 72 hours as required by GDPR.
7. Automated Decision-Making
Our AI provides recommendations but does not make automated decisions with legal or significant effects without human oversight.
8. Children's Privacy
Our service is not intended for individuals under 16. We do not knowingly collect data from children.
9. Supervisory Authority
You have the right to lodge a complaint with your local data protection authority.
10. Response Time
We will respond to GDPR requests within 30 days. Complex requests may take up to 60 days.