GDPR Compliance

Last updated: January 13, 2025

Santra is committed to full compliance with the General Data Protection Regulation (GDPR). This page outlines how we protect EU residents' data.

1. Our Commitment

As both a data controller and data processor, we are committed to:

  • Processing personal data lawfully, fairly, and transparently
  • Collecting data only for specified, explicit purposes
  • Minimizing data collection to what is necessary
  • Keeping data accurate and up to date
  • Retaining data only as long as necessary
  • Ensuring appropriate security of personal data

2. Your Rights Under GDPR

EU residents have the following rights:

Right to Access (Article 15)

You can request a copy of all personal data we hold about you.

Right to Rectification (Article 16)

You can request correction of inaccurate personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing (Article 18)

You can request limitation of how we process your data.

Right to Data Portability (Article 20)

You can request your data in a machine-readable format.

Right to Object (Article 21)

You can object to processing based on legitimate interests.

To exercise any of these rights, contact gdpr@santra.cc. We will respond within 30 days.

3. Data Processing

Legal Basis

We process personal data based on:

  • Contract: To provide our services to you
  • Legitimate Interest: To improve our services and prevent fraud
  • Consent: For marketing communications (opt-in)
  • Legal Obligation: To comply with applicable laws

Data Location

All EU customer data is stored in EU-based data centers. We do not transfer personal data outside the EU without appropriate safeguards.

Sub-processors

We use carefully selected sub-processors who are also GDPR compliant. A list is available upon request.

4. Data Processing Agreement

For customers who require a Data Processing Agreement (DPA), we provide a standard DPA that covers:

  • Subject matter and duration of processing
  • Nature and purpose of processing
  • Types of personal data processed
  • Categories of data subjects
  • Technical and organizational security measures
  • Sub-processor requirements

Contact legal@santra.cc to request a DPA.

5. Data Protection Contact

For any GDPR-related inquiries:

Email: gdpr@santra.cc

Response Time: Within 30 days as required by GDPR