Privacy & Compliance

GDPR Compliance

Operational and governance controls we apply to protect personal data throughout collection, use, transfer, retention, and deletion lifecycles.

Lawfulness, Fairness, Transparency

Processing activities are documented and mapped to lawful bases under Article 6 GDPR. Privacy notices are published in clear language and updated when processing purposes materially change.

Purpose Limitation and Data Minimization

Only data necessary for order fulfillment, account management, support, fraud prevention, and legal obligations is collected. Optional fields are clearly separated from mandatory operational fields.

Accuracy and Data Quality Controls

We provide account-level correction capabilities, support-assisted amendments, and internal data quality checks to reduce stale, duplicate, or contradictory records that may impact data subjects.

Storage Limitation Program

Retention schedules are defined by data category (orders, logs, support, analytics, consent records). End-of-life controls include deletion, anonymization, or restricted archival according to legal requirements.

Integrity and Confidentiality

Controls include TLS encryption in transit, password hashing, principle-of-least-privilege access, segmented environments, monitoring, and secure secrets handling practices.

Access Governance

Administrative access is role-based, time-limited where feasible, and logged for auditability. Privileged actions may require elevated verification and are subject to periodic entitlement reviews.

Processor and Subprocessor Management

Third-party providers are selected through risk assessment and contractual controls (DPA/SCC as applicable). Data transfers are reviewed for legal transfer mechanisms and supplementary safeguards.

International Data Transfers

Where data leaves the UK/EU/EEA, transfers rely on recognized mechanisms such as adequacy decisions, standard contractual clauses, and technical safeguards like encryption and minimization.

Records of Processing Activities

Processing inventories track categories of data, purposes, recipients, legal bases, retention, and transfer context to support compliance accountability and operational readiness.

Data Protection by Design and by Default

Privacy and security requirements are incorporated into product changes, API behavior, and feature planning with conservative defaults, scoped collection, and reduced data exposure patterns.

Data Subject Rights Operations

Structured workflows handle access, rectification, erasure, restriction, objection, portability, and consent withdrawal. Identity verification and legal exception handling are built into request handling.

Breach Detection and Incident Response

Incidents are triaged with severity criteria, forensic logging, and containment procedures. Where legally required, supervisory authorities and affected individuals are notified within statutory timelines.

Children and Sensitive Data Safeguards

Services are not designed for children under applicable age thresholds. Special category data is not intentionally requested for routine commerce operations and is restricted when encountered unexpectedly.

Cookie and Consent Governance

Non-essential cookies/trackers are controlled via consent interfaces. Consent state is logged and revocable. Essential cookies remain available only for core site functionality and security.

Accountability and Documentation

Policies, procedures, risk assessments, processor contracts, and incident records are maintained to demonstrate compliance posture and support internal/external inquiries.

Training and Awareness

Personnel handling customer data receive periodic security/privacy training including phishing defense, secure handling obligations, escalation procedures, and confidentiality responsibilities.

Continuous Improvement

Compliance controls are reviewed in light of legal updates, operational incidents, and vendor changes. Corrective actions are tracked and prioritized according to risk and impact.

For formal data protection requests, processor inquiries, or compliance documentation requests, contact: support@eomini.com

eomini

Quick Links

Categories

GDPR Compliance

Lawfulness, Fairness, Transparency

Purpose Limitation and Data Minimization

Accuracy and Data Quality Controls

Storage Limitation Program

Integrity and Confidentiality

Access Governance

Processor and Subprocessor Management

International Data Transfers

Records of Processing Activities

Data Protection by Design and by Default

Data Subject Rights Operations

Breach Detection and Incident Response

Children and Sensitive Data Safeguards

Cookie and Consent Governance

Accountability and Documentation

Training and Awareness

Continuous Improvement

eomini

GDPR Compliance

Lawfulness, Fairness, Transparency

Purpose Limitation and Data Minimization

Accuracy and Data Quality Controls

Storage Limitation Program

Integrity and Confidentiality

Access Governance

Processor and Subprocessor Management

International Data Transfers

Records of Processing Activities

Data Protection by Design and by Default

Data Subject Rights Operations

Breach Detection and Incident Response

Children and Sensitive Data Safeguards

Cookie and Consent Governance

Accountability and Documentation

Training and Awareness

Continuous Improvement