AiTurnOut

GDPR Compliance

Learn about AiTurnOut's compliance with the General Data Protection Regulation (GDPR) and your data protection rights under EU law.

Last updated: November 10, 2025

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals in the European Union (EU), regardless of where the organization is located.

GDPR strengthens and unifies data protection for individuals within the EU and addresses the export of personal data outside the EU. It gives individuals greater control over their personal data and requires organizations to be more transparent about how they collect, use, and protect personal information.

Our Commitment to GDPR Compliance

AiTurnOut is committed to protecting your privacy and ensuring full compliance with GDPR. We have implemented comprehensive data protection measures and processes to safeguard your personal information and respect your rights under EU law.

Key Principles We Follow

  • Lawfulness, fairness, and transparency: We process your data lawfully and transparently
  • Purpose limitation: We only collect data for specific, legitimate purposes
  • Data minimization: We only collect the data we actually need
  • Accuracy: We keep your data accurate and up-to-date
  • Storage limitation: We don't keep your data longer than necessary
  • Integrity and confidentiality: We protect your data with appropriate security measures
  • Accountability: We can demonstrate our compliance with GDPR principles

Legal Basis for Processing Your Data

Consent

We process certain types of data based on your explicit consent, including:

  • Marketing communications and newsletters
  • Analytics and performance tracking
  • Preference cookies and personalization
  • Optional profile information

You can withdraw your consent at any time by contacting us or using the unsubscribe links in our communications.

Legitimate Interest

We process some data based on our legitimate business interests, including:

  • Providing and improving our AI humanization service
  • Ensuring website security and preventing fraud
  • Customer support and service delivery
  • Business analytics and service optimization

We balance our legitimate interests against your privacy rights and ensure they don't override your fundamental freedoms.

Contract Performance

We process data necessary to perform our contract with you, including account management, service delivery, and billing. This includes processing your content to provide humanization services as requested.

Your Rights Under GDPR

Right of Access

You have the right to obtain confirmation as to whether or not we process your personal data, and if so, to access that data and receive information about how we use it.

Right to Rectification

You have the right to have inaccurate personal data corrected and incomplete personal data completed. You can update your account information at any time through your account settings.

Right to Erasure ("Right to be Forgotten")

You have the right to request the deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the original purpose or when you withdraw consent.

Right to Restrict Processing

You have the right to request that we limit how we use your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

Right to Object

You have the right to object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.

Rights Related to Automated Decision-Making

You have the right not to be subject to a decision based solely on automated processing that produces legal effects or similarly significantly affects you. Our AI humanization service is not used for automated decision-making about individuals.

How to Exercise Your Rights

To exercise any of your GDPR rights, you can contact us using the information provided at the bottom of this page. We will respond to your request within one month of receiving it.

What We Need from You

To process your request, we may need to verify your identity. Please provide:

  • Your full name and email address
  • Description of the specific right you want to exercise
  • Any relevant account information or identifiers
  • Proof of identity (if required for security purposes)

Response Timeline

We will acknowledge your request within 72 hours and provide a complete response within 30 days. In complex cases, we may extend this period by up to 60 days, but we will inform you of any delay and the reasons for it.

Data Transfers Outside the EU

As a global service, we may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your data.

Safeguards We Use

  • Adequacy Decisions: We transfer data to countries with adequate protection as recognized by the European Commission
  • Standard Contractual Clauses: We use EU-approved standard contractual clauses for transfers to third countries
  • Binding Corporate Rules: We implement internal data protection policies across our organization
  • Certification Schemes: We work with certified service providers who meet EU data protection standards

Third-Party Service Providers

We use trusted third-party service providers for cloud hosting, analytics, and other services. All our service providers are required to maintain the same level of data protection as required under GDPR.

Data Breach Notification

In the unlikely event of a data breach that affects your personal data, we have procedures in place to:

  • Assess the risk to your rights and freedoms
  • Notify the relevant supervisory authority within 72 hours
  • Inform affected individuals without undue delay if the breach poses a high risk
  • Provide clear information about the nature of the breach and steps taken
  • Offer guidance on protective measures you can take

We maintain comprehensive incident response procedures and regularly test our security measures to prevent data breaches.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our GDPR compliance and serve as your point of contact for data protection matters.

Contact Our Data Protection Officer

Email: [email protected]

Address: Data Protection Officer, AiTurnOut, 123 Innovation Drive, Tech City, TC 12345

Response Time: We typically respond to DPO inquiries within 48 hours.

Right to Lodge a Complaint

If you believe that we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local supervisory authority.

How to Find Your Supervisory Authority

You can find your local data protection authority through the European Data Protection Board's website or by searching for "data protection authority" in your country.

We encourage you to contact us first so we can try to resolve any concerns directly. However, you are always free to contact your supervisory authority at any time.

Questions About GDPR Compliance?

If you have any questions about our GDPR compliance or want to exercise your data protection rights, please contact us:

Email: [email protected]

Data Protection Officer: [email protected]

Address: AiTurnOut Privacy Team, 123 Innovation Drive, Tech City, TC 12345

Response Time: We typically respond to GDPR-related inquiries within 48 hours.