Your Data Rights
OrankUp is committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) for all users in the European Economic Area (EEA).
Last Updated: October 25, 2025
You have comprehensive rights over your personal data under GDPR
Exercise your rights through your account settings or by contacting us
Our Data Protection Officer is here to help with any concerns
You can file a complaint with your local supervisory authority
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Economic Area (EEA), regardless of where the organization is located.
Who Does GDPR Apply To?
GDPR applies to you if you are a resident of the EEA (European Union member states plus Iceland, Liechtenstein, and Norway). If you are an EEA resident, you have specific rights regarding your personal data, and we are committed to honoring those rights.
GDPR Principles
We process your personal data in accordance with the following GDPR principles:
- Lawfulness, fairness, and transparency
- Purpose limitation - data collected for specific purposes
- Data minimization - only collect what's necessary
- Accuracy - keep data up to date
- Storage limitation - don't keep data longer than needed
- Integrity and confidentiality - keep data secure
- Accountability - we're responsible for compliance
As an EEA resident, you have the following rights regarding your personal data:
- Right to be informed about data collection and use
- Right to access your personal data
- Right to rectification (correction) of inaccurate data
- Right to erasure ('right to be forgotten')
- Right to restrict processing
- Right to data portability
- Right to object to processing
- Rights related to automated decision making and profiling
These rights are not absolute and may be subject to certain conditions and exceptions as provided by law.
You have the right to request access to your personal data. This means you can ask us:
Right to be informed about data collection and useYou have the right to have inaccurate personal data corrected and incomplete data completed.
Right to access your personal dataYou have the right to request deletion of your personal data in certain circumstances:
Right to rectification (correction) of inaccurate dataYou have the right to request that we restrict the processing of your personal data in certain circumstances:
Right to erasure ('right to be forgotten')You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.
Right to restrict processingYou have the right to object to processing of your personal data in certain circumstances.
Right to data portabilityYou have the right to request access to your personal data. This means you can ask us:
- Whether we are processing your personal data
- What personal data we hold about you
- Why we are processing your data
- Who we share your data with
- How long we will keep your data
- Information about your other GDPR rights
How to Exercise This Right
You can request access to your data by:
- • Logging into your account and visiting the Data Export section in Settings
- • Sending an email to privacy@orankup.com with the subject 'GDPR Access Request'
- • Contacting our Data Protection Officer (see Section 11)
Our Response
We will respond to your access request within one month. In complex cases, we may extend this by two additional months. We will provide the information free of charge, unless your request is manifestly unfounded or excessive.
You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.
Our Use of Automated Processing
We use automated processing and profiling for:
- Personalized content recommendations
- Trending content algorithms
- Spam and fraud detection
- User experience optimization
These automated processes do not produce legal effects or significantly affect you in a way that requires explicit consent.
Your Rights
If we were to use automated decision making that significantly affects you, you would have the right to:
- Obtain human intervention
- Express your point of view
- Contest the decision
- Obtain an explanation of the decision
We process your personal data only when we have a legal basis to do so. Under GDPR, the legal bases are:
Consent
You have given clear consent for us to process your personal data for a specific purpose.
Examples: Marketing communications, optional features
Contract
Processing is necessary to fulfill a contract with you or to take steps at your request before entering into a contract.
Examples: Account creation, service delivery
Legal Obligation
Processing is necessary to comply with the law.
Examples: Tax records, legal compliance
Legitimate Interests
Processing is necessary for our legitimate interests or those of a third party, unless your interests or rights override those interests.
Examples: Fraud prevention, security, analytics
Vital Interests
Processing is necessary to protect someone's life.
Examples: Emergency situations
Public Task
Processing is necessary to perform a task in the public interest.
Examples: Not typically applicable to OrankUp
We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and handle data protection matters.
Contact Our DPO
You can contact our Data Protection Officer:
- • Email: dpo@orankup.com
- • Mail: Data Protection Officer, OrankUp, 123 Innovation Street, San Francisco, CA 94102, United States
- • Response time: We aim to respond within 48 hours
Role of the DPO
Our DPO is responsible for:
- Monitoring GDPR compliance
- Advising on data protection impact assessments
- Cooperating with supervisory authorities
- Acting as a contact point for data subjects and authorities
- Providing guidance on data protection matters
If you believe we have not handled your personal data properly, you have the right to file a complaint with a supervisory authority.
Contact Us First
We encourage you to contact us first so we can try to resolve your concerns:
- • Email: privacy@orankup.com
- • Contact our Data Protection Officer: dpo@orankup.com
- • We will investigate and respond within 30 days
Supervisory Authority
If you are not satisfied with our response, you can file a complaint with your local data protection authority. Some examples:
- • UK: Information Commissioner's Office (ICO) - ico.org.uk
- • Ireland: Data Protection Commission - dataprotection.ie
- • Germany: Federal Commissioner for Data Protection - bfdi.bund.de
- • France: CNIL - cnil.fr
- • Spain: AEPD - aepd.es
You can file a complaint in the EU country where you live, work, or where the alleged infringement occurred.
OrankUp is based in the United States. When you use our services, your data may be transferred to and processed in the United States and other countries outside the EEA.
Transfer Safeguards
We ensure appropriate safeguards are in place for international transfers:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Additional technical and organizational measures
- Regular review of transfer mechanisms
Your Rights
You have the right to:
- Request information about the safeguards we use
- Obtain a copy of the safeguards (where possible)
- Object to transfers in certain circumstances
If you have questions about GDPR or want to exercise your rights, please contact us:
OrankUp GDPR Compliance Team 123 Innovation Street San Francisco, CA 94102 United States
Response Time
We aim to respond to all GDPR-related requests within one month. In complex cases, we may extend this by two additional months and will inform you of the extension.