Skip to main contentOverview
The General Data Protection Regulation (GDPR) is a European Union regulation that governs how organizations collect, process, and protect personal data of EU residents. Paradigm is committed to full GDPR compliance and transparency in our data handling practices.
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights regarding your personal data:
Right of Access
- You can request information about what personal data we process about you
- You can obtain a copy of your personal data in a structured format
Right to Rectification
- You can request correction of inaccurate personal data
- You can request completion of incomplete personal data
Right to Erasure (Right to be Forgotten)
- You can request deletion of your personal data under certain circumstances
- This applies when data is no longer necessary for the original purpose
Right to Restrict Processing
- You can request limitation of processing under specific conditions
- Data can be stored but not actively processed during restriction periods
Right to Data Portability
- You can receive your personal data in a machine-readable format
- You can request direct transfer to another data controller where technically feasible
Right to Object
- You can object to processing based on legitimate interests
- You can object to direct marketing at any time
Data Processing Lawful Basis
We process your personal data based on:
- Contractual necessity: To fulfill our service obligations
- Legitimate interests: For system security and service improvement
- Legal compliance: To meet regulatory requirements
- Consent: Where explicitly provided for specific processing activities
Data Protection Measures
Technical Safeguards
- End-to-end encryption for data in transit
- Encryption at rest for stored personal data
- Access controls and authentication systems
- Regular security assessments and updates
Organizational Measures
- Privacy by design principles in system development
- Regular staff training on data protection
- Data processing impact assessments
- Incident response procedures
Data Retention
- Personal data is retained only as long as necessary for the stated purposes
- Retention periods are clearly defined and regularly reviewed
- Automated deletion processes ensure timely data removal
- Special categories of data have enhanced protection measures
International Data Transfers
When transferring personal data outside the EU:
- We ensure adequate protection through appropriate safeguards
- Standard contractual clauses or adequacy decisions are used
- Recipients are contractually bound to maintain data protection standards
Exercising Your Rights
To exercise your GDPR rights:
-
Contact our Data Protection Officer:
-
Response Timeline:
- We respond within 30 days of receiving your request
- Complex requests may require up to 60 additional days with notification
-
Verification Process:
- Identity verification may be required for security
- Additional information may be requested to locate your data
Complaints and Remedies
If you believe your data protection rights have been violated:
- Internal Resolution: Contact our Data Protection Officer first
- Supervisory Authority: File a complaint with your local data protection authority
- Judicial Remedy: Pursue legal remedies through competent courts
Data Protection Officer
Our appointed Data Protection Officer oversees GDPR compliance and serves as your point of contact for data protection matters.
Contact Information:
- Email: privacy@lighton.ai
- Role: Independent oversight of data processing activities
- Responsibilities: Monitoring compliance, conducting impact assessments, serving as point of contact
Regular Updates
This GDPR compliance documentation is regularly reviewed and updated to reflect:
- Changes in data processing activities
- Updates to legal requirements
- Improvements in data protection measures
- Feedback from data subjects and authorities
