GDPR Compliance
Last updated: March 2026
01Introduction
usePromptly, operated by Opentecc Ltd, is committed to protecting your privacy and ensuring full compliance with the General Data Protection Regulation (GDPR). This page outlines how we handle your personal data under GDPR requirements.
02What is GDPR?
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018. It applies to all organisations operating within the EU and those offering goods or services to individuals in the EU, regardless of where the organisation is based.
03Our Commitment to GDPR
Opentecc Ltd is fully committed to GDPR compliance and has implemented:
- ›Data protection by design and by default
- ›Regular privacy impact assessments
- ›Comprehensive data processing agreements with sub-processors
- ›Employee training on data protection
- ›Regular audits of our data processing activities
04Legal Basis for Processing
We process your personal data based on the following legal grounds:
Consent
When you explicitly agree to the processing of your personal data for specific purposes, such as marketing communications.
Contract Performance
To provide you with our services and fulfil our contractual obligations.
Legitimate Interest
To improve our services, ensure security, and provide customer support, where our interests do not override your fundamental rights.
Legal Obligation
To comply with applicable laws, regulations, and legal processes.
05Your GDPR Rights
Under GDPR, you have the following rights regarding your personal data:
Right to Access
Request a copy of your personal data and information about how we process it.
Right to Rectification
Request correction of inaccurate or incomplete personal data.
Right to Erasure
Request deletion of your personal data in certain circumstances.
Right to Restrict Processing
Request that we limit how we process your personal data.
Right to Data Portability
Request a copy of your data in a structured, machine-readable format.
Right to Object
Object to the processing of your personal data in certain circumstances.
Automated Decision Making
Rights regarding automated processing and profiling of your data.
06How to Exercise Your Rights
To exercise your GDPR rights, you can:
- ›Contact us directly at privacy.usepromptly@opentecc.com
- ›Use the privacy settings in your account dashboard
- ›Contact our Data Protection Officer (DPO)
We will respond to your request within 30 days. If we need more time, we will notify you and explain the reason for the delay.
07Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we do this, we ensure appropriate safeguards are in place, such as:
- ›Adequacy decisions by the European Commission
- ›Standard contractual clauses approved by the European Commission
- ›Binding corporate rules
- ›Other appropriate safeguards as required by GDPR
08Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, regulatory, tax, or reporting requirements.
09Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours. If the breach is likely to result in a high risk, we will also notify you directly.
10Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance:
11Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes GDPR. In the UK, the relevant authority is the Information Commissioner's Office (ICO).
12Contact Us
For questions about our GDPR compliance or to exercise your rights, please contact us: