GDPR Compliance

Introduction

The GDPR provides a framework for the protection of personal data and gives individuals in the EEA and UK certain rights in relation to their data. We process personal data in connection with our AvenPing service (the "Service") and are committed to doing so in a lawful, fair, and transparent way.

This page supplements our Privacy Policy and focuses on GDPR-specific information for data subjects in the EEA and UK.

Our Commitment to GDPR

We are committed to complying with the GDPR when we process personal data that is in scope. We apply the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability.

Where we act as a data processor (for example, when processing data on behalf of our business customers who use the Service to communicate with their own customers), we do so in accordance with our customers' instructions and our data processing agreements.

Lawful Basis for Processing

We process personal data only where we have a valid lawful basis under the GDPR, such as:

• Contract: Processing necessary to perform our contract with you (e.g. to provide the Service).
• Legitimate interests: Processing necessary for our legitimate interests (e.g. security, analytics, improving the Service), where not overridden by your rights.
• Consent: Where we have obtained your consent for specific processing (e.g. marketing). You may withdraw consent at any time.
• Legal obligation: Processing necessary to comply with applicable law.

Your Rights Under GDPR

If you are in the EEA or the UK, you have the following rights in relation to your personal data, subject to applicable conditions and limitations:

• Right of access: You can request a copy of the personal data we hold about you.
• Right to rectification: You can ask us to correct inaccurate or incomplete personal data.
• Right to erasure: You can ask us to delete your personal data in certain circumstances.
• Right to restrict processing: You can ask us to restrict processing in certain circumstances.
• Right to data portability: You can ask to receive your data in a structured, commonly used format where the processing is based on contract or consent.
• Right to object: You can object to processing based on legitimate interests or to processing for direct marketing.
• Right to withdraw consent: Where we rely on consent, you can withdraw it at any time.
• Right to lodge a complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence.

To exercise any of these rights, please contact us using the details in the "Contact and Data Protection" section below. We will respond within the timeframes required by the GDPR.

Data We Process

We process personal data as described in our Privacy Policy. In a GDPR context, this may include account and profile data, usage data, and (where we act as processor) message and contact data that our business customers process through the Service. We do not use your personal data for purposes incompatible with those described in our Privacy Policy, and we retain data only as long as necessary for those purposes or as required by law.

If you are an end-user (e.g. a recipient of messages from a business that uses AvenPing), that business is typically the data controller in respect of your data. You should direct any requests regarding that data to the business concerned; we will support them in fulfilling their obligations where we act as their processor.

WhatsApp Data, Meta Partnership and EU Storage

AvenPing is a Meta Tech Partner and uses the WhatsApp Business Platform to provide the Service. In that capacity, we request Meta to store WhatsApp-related data of our clients (and their end-users where applicable) in the European Union (EU) region where possible and as permitted by the WhatsApp Business Platform. This supports our commitment to keeping data within the EEA and to GDPR-compliant handling of personal data.

We abide by GDPR-compliant regulations in our use of the WhatsApp Business API and in our role as a Meta Tech Partner. Our processing of WhatsApp-related data is carried out in accordance with applicable data processing terms, Meta's policies, and applicable law, including the GDPR where it applies.

We enforce age restrictions in line with the Service's terms (e.g. users must be at least 18 years of age to use the Service). We explicitly notify Meta of our adherence to applicable age restrictions and related policies when configuring and operating our integration with the WhatsApp Business Platform, so that our use of the platform remains compliant with Meta's requirements and with regulations that protect minors.

For more detail on how WhatsApp and Meta process data, please refer to Meta's and WhatsApp's respective privacy and data terms. We do not control Meta's or WhatsApp's storage or processing decisions beyond what we request as described above.

Security and Retention

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, in line with the GDPR's security requirements. We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law or contractual obligations.

Details on our security practices and retention periods are set out in our Privacy Policy.

International Transfers

We may transfer personal data to countries outside the EEA and UK. Where we do so, we ensure that appropriate safeguards are in place, such as adequacy decisions, standard contractual clauses approved by the European Commission or UK authorities, or other recognised mechanisms, so that your data receives an adequate level of protection.

You may request more information about the safeguards we use for international transfers by contacting us.

Contact and Data Protection

For any questions about this GDPR notice, to exercise your rights, or to contact our data protection function, you can reach us at:

Aven Technologies Inc.
840 6 Ave SW #300, Calgary, AB T2P 3E5, Canada

Email: [email protected]

If you are in the EEA or UK and believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection supervisory authority.

Changes to This Notice

We may update this GDPR Compliance notice from time to time to reflect changes in our practices, the Service, or legal requirements. We will indicate the date of the last update at the top of this page. We encourage you to review this notice periodically.