GDPR & CCPA Compliance
1. Overview
RegulaCore Inc. ("RegulaCore Inc," "we," "us") is committed to compliance with the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). This page describes how we meet our obligations under these regulations and explains your rights as a data subject or consumer.
2. GDPR Compliance
2.1 Our Role
When you use RegulaCore Inc as an enterprise customer, we act as a Data Processor on your behalf. Your organization is the Data Controller and determines the purposes and means of processing. For marketing website visitors and trial users, we act as a Data Controller.
2.2 Legal Basis for Processing
| Purpose | Legal Basis |
|---|---|
| Providing the Service | Performance of contract (Art. 6(1)(b)) |
| Account security and fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Product analytics and improvement | Legitimate interest (Art. 6(1)(f)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) |
| Processing EHS/safety data with health info | Processing necessary for employment obligations (Art. 9(2)(b)) |
2.3 Your Rights Under GDPR
If you are located in the EEA or UK, you have the following rights:
- Right of Access (Art. 15): Request a copy of the personal data we hold about you.
- Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to Erasure (Art. 17): Request deletion of your personal data ("right to be forgotten").
- Right to Restriction (Art. 18): Request that we limit processing of your data.
- Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to Object (Art. 21): Object to processing based on legitimate interests or direct marketing.
- Right to Withdraw Consent (Art. 7(3)): Withdraw consent at any time where processing is based on consent.
- Right to Lodge a Complaint: File a complaint with your local data protection supervisory authority.
2.4 International Transfers
We transfer data outside the EEA/UK using Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by Transfer Impact Assessments. Our Data Processing Addendum details these safeguards.
2.5 Data Protection Officer
For GDPR-related inquiries, contact our Data Protection team at dpo@regulacore.com.
3. CCPA / CPRA Compliance
3.1 Scope
The CCPA and CPRA apply to California residents. Under these laws, "personal information" includes any information that identifies, relates to, describes, or is reasonably capable of being associated with a particular consumer or household.
3.2 Categories of Personal Information We Collect
| Category | Examples | Collected |
|---|---|---|
| Identifiers | Name, email, phone number, IP address | Yes |
| Commercial Information | Subscription plan, payment history | Yes |
| Internet Activity | Pages visited, features used, session data | Yes |
| Professional Information | Job title, company name, department | Yes |
| Geolocation | Approximate location from IP address | Yes |
| Biometric Information | N/A | No |
| Sensitive Personal Information | N/A (except as entered by users in EHS incident reports) | Limited |
3.3 Your Rights Under CCPA / CPRA
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected.
- Right to Delete: Request deletion of your personal information, subject to legal exceptions.
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising.
- Right to Limit Use of Sensitive Information: Request that we limit the use of sensitive personal information to necessary service purposes.
- Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights.
3.4 We Do Not Sell Personal Information
RegulaCore Inc does not sell, rent, or trade personal information to third parties for monetary or other valuable consideration. We do not share personal information for cross-context behavioral advertising purposes.
4. How to Exercise Your Rights
To submit a data subject access request (DSAR) or exercise any of your rights under GDPR, CCPA, or CPRA:
- Email: privacy@regulacore.com
- Subject line: "Data Subject Request" or "CCPA Request"
We will verify your identity before processing your request and respond within 30 days (GDPR) or 45 days (CCPA/CPRA). If we need additional time, we will notify you.
5. Data Retention
We retain personal information only as long as necessary for the purposes outlined in our Privacy Policy. EHS and compliance records may be retained for longer periods as required by applicable occupational safety and health regulations.
6. Security
We implement technical and organizational measures appropriate to the risk, including encryption, access controls, audit logging, and regular security assessments. For details, see our Security & Trust page.
7. Updates
We may update this page to reflect changes in regulations or our practices. Material changes will be communicated via email or a notice on the Service.
8. Contact Us
RegulaCore Inc.
500 Navarro St, 2nd Floor, PMB 7096
San Antonio, TX 78205
United States
Privacy inquiries: privacy@regulacore.com
GDPR / DPO inquiries: dpo@regulacore.com