GDPR Compliance

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Last Updated: January 20, 2025

GDPR Overview

Understanding your rights under the General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union, regardless of where the organization is located.

At Capital Harvesters, we are committed to full GDPR compliance and have implemented comprehensive measures to protect your personal data and respect your privacy rights. This page explains your rights under GDPR and how we handle your personal information.

Your GDPR Rights

You have several important rights regarding your personal data

Right of Access

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed.

Request copies of your personal data
Information about processing purposes
Categories of personal data processed
Retention periods and recipients

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete data completed.

Correct inaccurate information
Complete incomplete data
Update personal details
Modify preferences and settings

Right to Erasure

You have the right to request the deletion of your personal data under certain circumstances.

Delete personal data
Remove from all systems
Stop processing activities
Withdraw consent

Right to Restrict Processing

You have the right to restrict the processing of your personal data in certain situations.

Limit data processing
Suspend certain activities
Maintain data for legal claims
Preserve data integrity

Right to Data Portability

You have the right to receive your personal data in a structured, machine-readable format.

Export personal data
Transfer to another service
Structured data format
Machine-readable format

Right to Object

You have the right to object to the processing of your personal data for certain purposes.

Object to direct marketing
Object to profiling
Object to automated decisions
Withdraw consent

Legal Basis for Processing

We process your personal data based on specific legal grounds

Consent

You have given clear consent for us to process your personal data for specific purposes.

Marketing communications
Newsletter subscriptions
Cookie preferences
Optional data collection

Contract

Processing is necessary for the performance of a contract with you.

Service delivery
Account management
Payment processing
Customer support

Legal Obligation

Processing is necessary for compliance with a legal obligation.

Tax reporting
Regulatory compliance
Audit requirements
Legal documentation

Legitimate Interest

Processing is necessary for our legitimate interests or those of a third party.

Service improvement
Security monitoring
Fraud prevention
Business analytics

Categories of Personal Data

Types of personal data we collect and how long we retain it

Identity Data

Information that identifies you as an individual

7 years after account closure

NameEmail addressPhone numberDate of birthGovernment ID

Contact Data

Information used to contact you

5 years after last contact

Email addressPhone numberMailing addressSocial media profiles

Financial Data

Information related to financial transactions

10 years for legal compliance

Bank account detailsPayment historyCredit informationTransaction records

Technical Data

Information about your use of our services

2 years from collection

IP addressBrowser typeDevice informationUsage patterns

Marketing Data

Information about your preferences and interests

3 years from last interaction

Communication preferencesMarketing responsesSurvey responsesFeedback

International Data Transfers

How we protect your data when transferring it internationally

European Union

Data transfers to EU countries are protected by adequacy decisions.

Adequacy:Adequacy Decision

Safeguards:Standard Contractual Clauses

United States

Data transfers to US companies with Privacy Shield certification.

Adequacy:Privacy Shield Framework

Safeguards:Standard Contractual Clauses

Other Countries

Data transfers to other countries require additional safeguards.

Adequacy:Individual Assessment

Safeguards:Standard Contractual Clauses + Additional Safeguards

Data Protection Officer

Contact our Data Protection Officer for GDPR-related inquiries

Sarah Johnson

Data Protection Officer

dpo@capitalharvesters.com

Response within 72 hours

Note: For urgent data protection matters, please mark your email as "URGENT - GDPR" and we will respond within 24 hours.

Exercise Your Rights

How to exercise your GDPR rights

Submit Your Request

Identity Verification

We may ask you to verify your identity to ensure we're responding to the right person.

Response Timeline

We will respond to your request within 30 days (or 60 days for complex requests).

Important Note

Some requests may be subject to legal limitations or exceptions. We will explain any restrictions and provide alternative solutions when possible.

Questions About GDPR?

Our privacy team is here to help with any questions about your data protection rights and our GDPR compliance.

Contact Privacy Team General Contact