GGraftPal

Data Protection

GDPR Compliance

GraftPal is fully committed to protecting user privacy and complying with the General Data Protection Regulation. Here's how we safeguard your data.

GDPR compliant

How We Comply

Our GDPR Principles

Privacy is built into GraftPal from the ground up — not bolted on as an afterthought

Lawful Basis

We process personal data only when we have a valid legal basis — typically contract performance, legitimate interest, or your consent.

Data Minimisation

We collect only the data necessary to provide the Service. We don't harvest data for advertising or sell it to third parties.

Security by Design

We implement appropriate technical and organisational measures to protect personal data, in line with industry best practices.

International Transfers

When data is processed outside the EEA, we rely on Standard Contractual Clauses (SCCs) and adequacy decisions to ensure equivalent protection.

Data Processing Agreements

We sign DPAs with all sub-processors and ensure they meet the same data protection standards we apply internally.

Breach Notification

In the unlikely event of a data breach, we will notify affected users and the relevant supervisory authority as required by the GDPR.

Your Rights

Your Data Rights Under the GDPR

As an EU/EEA user, you are entitled to the following rights regarding your personal data

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (right to be forgotten)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority

To exercise any of these rights, contact our Data Protection Officer at privacy@graftpal.com. We will respond within 30 days.

Data Processing Agreement

If your organisation requires a Data Processing Agreement (DPA), please contact us at legal@graftpal.com.

Data Controller vs. Processor

When you use GraftPal, you are the Data Controller for the personal data you input (e.g., your client records). GraftPal acts as a Data Processor, processing data on your behalf in accordance with your instructions and our DPA.

Contact Our DPO

For any GDPR-related enquiries, you can reach our Data Protection Officer at privacy@graftpal.com.