GDPR & Data Protection

1. Our Approach to Data Protection

REGREP is committed to protecting personal data and supporting its customers in meeting their data protection obligations. Data protection principles are integrated into the design and operation of our platform, services, and internal processes.

REGREP applies a risk-based and proportionate approach to data protection, taking into account the nature of the Services, the types of data processed, and the regulatory environment in which our customers operate.

2. Roles Under GDPR

Depending on the context:

• REGREP acts as a data controller for personal data processed in connection with its website, marketing activities, and direct business relationships.
• REGREP acts as a data processor where it processes personal data on behalf of customers within the REGREP platform, in accordance with customer instructions.

Processing carried out by REGREP as a processor is governed by the applicable Data Processing Agreement (DPA).

3. Lawful Bases for Processing

Where GDPR applies, REGREP processes personal data based on one or more lawful bases, including:

• Performance of a contract or steps taken prior to entering into a contract
• Legitimate interests, such as operating and securing the Services
• Consent, where required by law
• Compliance with legal obligations

4. Data Subject Rights

Individuals whose personal data is processed by REGREP may have rights under GDPR, including the right to:

• Access personal data
• Request rectification of inaccurate data
• Request erasure in certain circumstances
• Restrict or object to processing in certain circumstances
• Request data portability where applicable
• Lodge a complaint with a supervisory authority

Requests can be made using the contact details below. Where REGREP acts as a processor, requests should generally be directed to the relevant data controller.

5. Security Measures

REGREP implements appropriate technical and organisational measures designed to protect personal data against unauthorised access, loss, or misuse. These measures are proportionate to the risks associated with the processing activities and are reviewed periodically.

Further information on security practices is available on our Security page.

6. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), REGREP ensures that appropriate safeguards are in place, such as Standard Contractual Clauses or other lawful transfer mechanisms recognised under GDPR.

7. Data Protection Impact Assessments

REGREP supports customers, where applicable, in conducting Data Protection Impact Assessments (DPIAs) relating to the use of the Services, in accordance with GDPR requirements.

8. Supervisory Authorities

Individuals have the right to lodge a complaint with a competent supervisory authority if they believe that their personal data has been processed in violation of applicable data protection laws.

9. Contact Details

For data protection or GDPR-related enquiries, contact:

Email: privacy@regrep.eu
Address: Frankfurt am Main, Germany Bockenheimer Landstraße 17–19, 60325

10. Updates to This Page

This page may be updated from time to time to reflect changes in law, regulatory guidance, or REGREP’s practices. The effective date at the top indicates when this version applies.