GDPR & Data Processing Notice

Effective Date: March 8, 2026 | Last Updated: March 8, 2026

This notice explains how 21Digital complies with the General Data Protection Regulation (GDPR) and processes personal data when providing SEO audit services.

1. Data Controller

21Digital is the data controller for personal information collected through our services. For GDPR-related inquiries, contact:

Email: [email protected]
Website: seo.21digital.ai

2. What Data We Process

We process the following categories of personal data:

Contact Information: Email addresses, company names, domains
Website Data: Publicly accessible information from scanned websites
Usage Data: Report views, email engagement, payment records

      Important Distinction: When we analyze a website, we collect publicly available data about the website itself (technical metrics, content, structure), not personal data of website visitors or users. This is similar to how search engines index and analyze websites.
    

3. Legal Basis for Processing

We process your data under the following legal bases:

Contractual Necessity: To deliver reports and services you requested
Legitimate Interest: To improve our services and communicate relevant updates
Consent: For marketing communications (you can withdraw consent at any time)
Legal Obligation: To comply with tax, accounting, and anti-fraud laws

4. Your GDPR Rights

Under GDPR, you have the following rights:

4.1 Right to Access

You can request a copy of all personal data we hold about you. We will provide this within 30 days of your request.

4.2 Right to Rectification

If your personal data is inaccurate or incomplete, you can request corrections.

4.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data. We will comply unless we have a legal obligation to retain it (e.g., accounting records).

4.4 Right to Restrict Processing

You can limit how we use your data while we verify accuracy or resolve disputes.

4.5 Right to Data Portability

You can receive your data in a structured, machine-readable format (e.g., JSON, CSV).

4.6 Right to Object

You can object to processing based on legitimate interest or for direct marketing purposes.

4.7 Right to Withdraw Consent

If we process data based on your consent, you can withdraw it at any time without affecting prior lawful processing.

5. How to Exercise Your Rights

To exercise any GDPR rights, contact us at [email protected] with:

Your full name and email address
Which right you wish to exercise
Any relevant details (e.g., specific data you want deleted)

We will respond within 30 days (or explain if we need more time due to complexity).

6. Data Retention

We retain personal data for:

Active users: As long as you use our services
Inactive users: Up to 2 years after last interaction (for re-engagement)
Payment records: 7 years (legal requirement for accounting)
Unsubscribed contacts: Indefinitely (to honor opt-out requests)

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encrypted connections (HTTPS/TLS)
Secure database access controls
Regular security audits
Minimal data collection (we only collect what is necessary)

8. Data Transfers Outside the EEA

Some of our service providers (e.g., Stripe, Resend) may process data outside the European Economic Area (EEA). We ensure these transfers comply with GDPR through:

Standard Contractual Clauses (SCCs)
Adequacy decisions by the EU Commission
Certified frameworks (e.g., EU-U.S. Data Privacy Framework where applicable)

9. Automated Decision-Making

Our SEO analysis uses automated tools and algorithms, but we do not use automated decision-making that significantly affects you legally or similarly. Reports are purely informational.

10. Children's Data

We do not knowingly process data of individuals under 16 years of age. If we discover such data, we will delete it promptly.

11. Cookies and Tracking

We use only essential cookies for:

Session management
Payment processing
Basic analytics (anonymized)

We do not use invasive tracking or third-party advertising cookies. See our full Privacy Policy for details.

12. Complaints

If you believe we are not complying with GDPR, you have the right to lodge a complaint with your local data protection authority:

Bulgaria: Commission for Personal Data Protection (www.cpdp.bg)
Other EU countries: Find your authority at edpb.europa.eu

13. Updates to This Notice

We may update this GDPR notice from time to time. Changes will be posted on this page with an updated date.

14. Contact Us

For GDPR-related questions or to exercise your rights, contact:

Email: [email protected]
Subject Line: "GDPR Request"
Website: seo.21digital.ai