GDPR Policy

GDPR Compliance

Effective Date: June 01 2025

At Data Driven CRO LLC, we take your privacy and data protection seriously. We are committed to complying with the General Data Protection Regulation (GDPR), which affects the way we collect, store, and process the personal data of individuals located in the European Union (EU) and European Economic Area (EEA).

This page outlines how we comply with GDPR and how EU/EEA users can exercise their rights.

What Is GDPR?

The General Data Protection Regulation (Regulation (EU) 2016/679) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the EU/EEA. It came into effect on May 25, 2018.

How We Comply

We have taken the following steps to ensure GDPR compliance:

1. Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. This may include:

  • Your explicit consent

  • Performance of a contract (e.g., responding to service inquiries)

  • Compliance with legal obligations

  • Legitimate interests that do not override your fundamental rights

2. Consent

We request your explicit consent before collecting any personal data through forms, email signups, or other interactions. You have the right to withdraw this consent at any time.

3. Data Minimization

We only collect data that is necessary for the specific purpose it was collected. We do not collect sensitive personal data unless explicitly required and consented to.

4. Transparency

We explain what data we collect and why through our Privacy Policy. If you have any questions, please contact us at privacy@ddcro.com.

5. Right to Access and Control Your Data

If you are an EU/EEA resident, you have the right to:

  • Request access to your data

  • Correct or delete your personal data

  • Restrict or object to certain types of processing

  • Request data portability

  • Lodge a complaint with your local data protection authority

To exercise your rights, please contact: privacy@ddcro.com

6. Data Retention

We retain personal data only for as long as necessary to fulfill its original purpose or to comply with legal or contractual obligations. After that, we securely delete or anonymize it.

7. Third-Party Vendors

We use trusted third-party processors (e.g., analytics, CRM, marketing automation) who also adhere to GDPR requirements. We maintain data processing agreements (DPAs) with all vendors who process EU data on our behalf.

8. International Transfers

If we transfer personal data outside the EU/EEA (e.g., to the United States), we do so in accordance with GDPR regulations, using safeguards such as:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions by the European Commission

Your Rights Under GDPR

If you reside in the EU or EEA, you have the following rights under GDPR:

  • Access – You can request a copy of the personal data we hold about you.

  • Rectification – You can ask us to correct inaccurate or incomplete data.

  • Erasure – You can request that we delete your personal data ("right to be forgotten").

  • Restriction – You can request a temporary halt to processing your data.

  • Objection – You can object to our processing of your personal data.

  • Portability – You can ask us to provide your data in a machine-readable format.

To exercise these rights, contact us at: privacy@ddcro.com

We may request identity verification before fulfilling your request for security purposes.

Questions or Concerns?

If you have any questions or concerns about how we process your data or your rights under GDPR, please contact us:

Data Protection Contact:

  • Data Driven CRO LLC

  • Email: privacy@ddcro.com

  • Website: https://ddcro.com

If you believe your data has been mishandled, you have the right to file a complaint with your national data protection authority.