GDPR Compliance - Family Tree Global

            We are committed to protecting your personal data in compliance with the GDPR. This page explains your rights and how we honor them.
        

1. What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and personal data of EU citizens. Even if you're not in the EU, we extend these protections to all our users.

2. Your GDPR Rights

Right to Access

You have the right to know what personal data we hold about you and receive a copy of it.

How to exercise: Email [email protected] with subject "Data Access Request"

Right to Rectification

You can update or correct inaccurate personal information at any time.

How to exercise: Update your information in Account Settings or contact support

Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when it's no longer necessary for the purposes it was collected.

How to exercise: Delete your account in Settings or email [email protected]

Right to Data Portability

You can export your family tree data in a structured, machine-readable format (GEDCOM).

How to exercise: Use the Export feature in your tree settings

Right to Restriction of Processing

You can request that we limit how we process your data in certain circumstances.

How to exercise: Email [email protected]

Right to Object

You can object to processing of your data for direct marketing or other purposes.

How to exercise: Unsubscribe from emails or contact [email protected]

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

How to exercise: Adjust your preferences in Account Settings

3. How We Protect Your Data

3.1 Technical Measures

Encryption of data in transit (HTTPS/TLS)
Encryption of data at rest
Regular security audits and penetration testing
Secure authentication and access controls
Automated backup systems

3.2 Organizational Measures

Privacy by design and by default
Staff training on data protection
Data processing agreements with third parties
Regular privacy impact assessments
Incident response procedures

4. Legal Basis for Processing

We process your personal data based on:

Contract: To provide our services to you
Consent: When you give explicit permission
Legitimate Interest: To improve our services and prevent fraud
Legal Obligation: To comply with applicable laws

5. Data Retention

We retain your data for as long as necessary to provide services. When you delete your account:

Personal data is deleted within 30 days
Backups are purged within 90 days
Some data may be retained longer for legal compliance

6. International Data Transfers

Your data may be transferred outside the EU. We ensure adequate protections through:

Standard Contractual Clauses (SCCs)
Adequacy decisions by the European Commission
Appropriate safeguards for data protection

7. Data Processing Activities

We maintain records of our data processing activities, including:

Categories of data collected
Purposes of processing
Third parties who receive data
Data retention periods
Security measures in place

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights:

We will notify supervisory authorities within 72 hours
We will notify affected users without undue delay
We will provide information about the breach and mitigation steps

9. Children's Data

We do not knowingly collect data from children under 16 without parental consent. If you believe we have collected such data, please contact us immediately.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you.

11. How to Exercise Your Rights

Submit a Request

To exercise any of your GDPR rights:

Email us at [email protected]
Include "GDPR Request" in the subject line
Specify which right you're exercising
Provide necessary identification (to prevent unauthorized access)

Response Time: We will respond within 30 days (extended to 60 days for complex requests).

12. Right to Complain

If you believe we are not complying with GDPR, you have the right to lodge a complaint with your local data protection authority.

EU Citizens: Find your local authority at edpb.europa.eu

13. Data Protection Officer

For GDPR-related inquiries, contact our Data Protection team:

Email: [email protected]
Privacy Email: [email protected]

14. Updates to This Policy

We will notify you of material changes to our GDPR compliance practices via email or platform notification.

Family Tree Global is a service provided by G & D Enterprises Inc

← Return to Home | Privacy Policy | Terms of Service | Cookie Policy