GDPR / LGPD Compliance
Quick reference: Sign our DPA for full Article 28 compliance. Use the request flow in Settings to export, delete, or rectify any data. We notify breaches within 72 hours.
Your rights as a Data Subject
Under GDPR (EU/UK), LGPD (Brazil), LFPDPPP (Mexico), and similar laws:
| Right | GDPR Article | How to use it |
| Access (your data) | Art. 15 | Settings → Export my data |
| Rectification | Art. 16 | Edit in-app or email privacy@auttiv.com |
| Erasure ("right to be forgotten") | Art. 17 | Settings → Delete my account |
| Restrict processing | Art. 18 | Email privacy@auttiv.com |
| Portability | Art. 20 | Settings → Export (JSON or CSV) |
| Object | Art. 21 | Email privacy@auttiv.com |
| Automated decision-making | Art. 22 | Our AI suggests, never decides automatically — but you can opt out |
Legal bases for processing
- Contract performance (Art. 6.1.b): for delivering the Auttiv service
- Legitimate interest (Art. 6.1.f): for fraud prevention, security, product improvement
- Consent (Art. 6.1.a): for marketing communications (opt-in only)
- Legal obligation (Art. 6.1.c): tax records, lawful requests
International transfers
For EU/UK data leaving the EEA: Standard Contractual Clauses (SCCs), Commission Decision 2021/914, incorporated by reference into our DPA.
For UK data: UK International Data Transfer Agreement (IDTA) or UK Addendum to SCCs.
For Brazil: ANPD-approved standard contractual clauses.
Data Protection Officer
EU/UK and Brazil require a DPO when processing meets certain thresholds. Our DPO:
Email: dpo@auttiv.com
Postal: [TO BE FILLED]
Supervisory authority complaints
You have the right to lodge a complaint with the supervisory authority in your country:
- 🇩🇪 Germany — your state's Landesdatenschutzbeauftragter
- 🇫🇷 France — CNIL
- 🇮🇹 Italy — Garante per la protezione dei dati personali
- 🇪🇸 Spain — AEPD
- 🇬🇧 UK — ICO
- 🇮🇪 Ireland — DPC
- 🇧🇷 Brazil — ANPD
- 🇨🇦 Canada — OPC
Breach notification
If we discover a personal data breach, we will:
- Notify our customers within 72 hours (GDPR Art. 33)
- Provide nature of breach, data categories affected, likely consequences, remediation
- Notify supervisory authority if required
- Maintain breach register internally