Login Sign Up

GDPR Privacy Statement

GDPR Privacy Statement

Effective Date: January 01, 2025

Last Updated: August 26, 2025

Introduction

This GDPR Privacy Statement supplements our main Privacy Policy and specifically addresses the rights and protections afforded to individuals in the European Union (EU) and European Economic Area (EEA) under the General Data Protection Regulation (GDPR).

If you are located in the EU/EEA, this statement outlines your specific rights regarding your personal data and how PostGhost (“we,” “us,” or “our”) processes your information in compliance with GDPR requirements.

Legal Basis for Processing Personal Data

Under the GDPR, we process your personal data only when we have a valid legal basis. Our processing activities are based on:

Article 6(1)(a) – Consent
When you have given explicit consent for specific processing activities, such as:
  • Marketing communications
  • Optional data collection through forms
  • Non-essential cookies and tracking
Article 6(1)(b) – Contract Performance
When processing is necessary for:
  • Fulfilling our consulting services agreement
  • Pre-contractual steps taken at your request
  • Client onboarding and service delivery
Article 6(1)(c) – Legal Obligation
When we must process data to comply with:
  • Financial record-keeping requirements
  • Anti-money laundering regulations
  • Tax and audit obligations
  • Legal discovery requests
Article 6(1)(f) – Legitimate Interests
When we have legitimate business interests that are not overridden by your rights, including:
  • Website security and fraud prevention
  • Business development and marketing to existing clients
  • Internal analytics and service improvement
  • Internal analytics and service improvement
We conduct balancing tests to ensure our legitimate interests do not override your fundamental rights and freedoms.

Your Rights Under GDPR

As an EU/EEA data subject, you have the following rights:

Right of Access (Article 15)
You can request:
  • Confirmation that we process your personal data
  • Access to your personal data
  • Access to your personal data
  • A copy of your personal data in a commonly used format
Right of Rectification (Article 16)
You can request correction of:
  • Inaccurate personal data
  • Incomplete personal data
Right of Erasure/”Right to be Forgotten” (Article 17)
You can request deletion of your personal data when:
  • The data is no longer necessary for the original purpose
  • You withdraw consent and no other legal basis exists
  • You object to processing and no overriding legitimate grounds exist
  • The data has been unlawfully processed
  • Deletion is required for legal compliance

Note: This right may be limited by legal retention requirements or other lawful grounds for continued processing.
Right to Restrict Processing (Article 18)
You can request restriction of processing when:
  • You contest the accuracy of the data
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need the data but you require it for legal claims
  • You object to processing pending verification of legitimate grounds
Right to Data Portability (Article 20)
When processing is based on consent or contract and carried out by automated means, you can request:
  • Your personal data in a structured, commonly used, machine-readable format
  • Direct transmission of your data to another controller (where technically feasible)
Right to Object (Article 21)
You can object to processing based on:
  • Legitimate interests: You can object at any time, and we must stop unless we demonstrate compelling legitimate grounds
  • Direct marketing: You can object at any time, and we will stop immediately
  • Profiling: Related to direct marketing activities
Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.

Exercising Your Rights

How to Submit Requests

To exercise your GDPR rights, contact us using:

  • Email: [email protected]
  • Subject Line: “GDPR Data Subject Request”
  • Include: Your full name, email address, and specific request details
Verification Process

To protect your privacy, we may request additional information to verify your identity before processing your request.

Response Timeframes
We will respond to your request:
  • Within 1 month of receiving a valid request
  • Extended to 3 months for complex requests (with notification of delay and reasons)
  • Free of charge unless requests are manifestly unfounded or excessive
Right to Lodge a Complaint
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/board/members_en

Data Transfers Outside the EU/EEA

Under the GDPR, we process your personal data only when we have a valid legal basis. Our processing activities are based on:

Adequacy Decisions
We may transfer data to countries that have received an adequacy decision from the European Commission, including:
  • Countries deemed to provide adequate protection
  • [List specific countries if applicable to your operations]
Standard Contractual Clauses (SCCs)
For transfers to countries without adequacy decisions, we use:
  • European Commission-approved Standard Contractual Clauses
  • Additional safeguards as required by regulatory guidance
  • Regular monitoring of data protection levels in destination countries
Other Safeguards
Where applicable, we may also rely on:
  • Binding Corporate Rules (BCRs)
  • Certification schemes
  • Codes of conduct
  • Other lawful transfer mechanisms
Special Categories of Personal Data
We do not intentionally collect special categories of personal data (sensitive data) such as:
  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic or biometric data
  • Health data
  • Data concerning sex life or sexual orientation
If we inadvertently receive such data, we will delete it unless you provide explicit consent for processing or another GDPR exemption applies.

Data Protection by Design and by Default

We implement data protection principles throughout our operations:

Technical Measures
You can object to processing based on:
  • Encryption of personal data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and penetration testing
  • Automated data retention and deletion systems
Organizational Measures
  • Privacy impact assessments for new processing activities
  • Staff training on GDPR compliance
  • Data protection policies and procedures
  • Regular compliance audits and reviews
Data Minimization
We collect and process only the personal data that is:
  • Necessary for the specified purpose
  • Relevant and limited to what is needed
  • Accurate and kept up to date
  • Retained only as long as necessary
Data Protection Officer (DPO)

Our Data Protection Officer oversees GDPR compliance and can be contacted at:

  • Email: [email protected]
  • Role: Privacy oversight, data subject rights, regulatory liaison
  • Availability: Monday-Friday, 9 AM – 5 PM CET
Cookies and Consent Management
For EU/EEA visitors, we implement:
  • Cookie consent banners with clear options
  • Granular consent for different cookie categories
  • Easy withdrawal of consent mechanisms
  • Cookie preference centers for ongoing management
Record of Processing Activities
In compliance with Article 30 GDPR, we maintain detailed records of our processing activities, including:
  • Purposes of processing
  • Categories of data subjects and personal data
  • Recipients of personal data
  • International transfers
  • Retention periods
  • Security measures
These records are available to supervisory authorities upon request.

Data Breach Notification

In the event of a personal data breach:

  • Supervisory Authority: Notified within 72 hours when feasible
  • Data Subjects: Notified without undue delay if high risk to rights and freedoms
  • Documentation: Comprehensive breach records maintained
  • Mitigation: Immediate steps taken to contain and remedy breaches
Updates to This Statement
  • Supervisory Authority: Notified within 72 hours when feasible
  • Data Subjects: Notified without undue delay if high risk to rights and freedoms
  • Documentation: Comprehensive breach records maintained
  • Mitigation: Immediate steps taken to contain and remedy breaches
Updates to This Statement
We will update this GDPR statement as needed to reflect:
  • Changes in data processing activities
  • Regulatory guidance and requirements
  • Technological developments
  • Organizational changes

Material changes will be communicated through:

  • Email notification to registered users
  • Prominent website notices
  • Updated effective dates

Contact Information

GDPR-Specific Inquiries

Primary Contact: [email protected]
Data Protection Officer: [email protected]
Phone: [Insert EU Contact Number]

EU Representative (if applicable)

If required under GDPR Article 27: [Insert EU Representative Details]

Postal Address

PostGhost
Attn: GDPR Compliance
[Insert Address]

Document Control
  • Document ID: NUV-GDPR-001
  • Version: 1.0
  • Owner: Data Protection Officer
  • Next Review Date: [Insert Date]
  • Approved by: [Legal Counsel/DPO]

All-in-one platform for scheduling, analytics, and engagement that helps you grow your social media presence faster.

Features

Company

Contact Us

@ 2025 Elenchus Associates. All rights reserved.

X-twitter Linkedin Facebook-f Instagram