GDPR Compliance🇪🇺

We at GDH SAS recognize our responsibilities under the General Data Protection Regulation (GDPR) and French data protection laws. This Statement explains how we handle personal data in a B2B context when providing our LogCentral service.

• GDH SAS (Processor): When we store your logs, we act primarily as a data processor, processing data on your behalf.
• You (Controller): As our customer, you are the data controller determining the purposes and means of the data you provide or process through the Service.

Our platform is designed for technical log storage. We encourage you to avoid sending any unnecessary personal data in these logs, as they are primarily meant for debugging or operational data. If personal data is included, you must ensure you have a lawful basis for doing so under GDPR.

We implement appropriate technical and organizational measures to secure data, including:

• Secure hosting infrastructure
• Role based access control & 2 Factor Authentication
• Automated monitoring
• Regular testing of security measures
• Staff training on data protection
• Data minimization and pseudonymization where possible
• Regular backups and disaster recovery procedures
• Encryption in transit (TLS)

We process personal data on the following legal bases:

• Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
• Contract fulfillment: Where processing is necessary for the performance of a contract to which you are a party.
• Legal obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
• Legitimate interests: Where processing is necessary for the purposes of the legitimate interests pursued by us or by a third party.

Under GDPR, you have the following rights:

• Right to access: You can request a copy of your personal data.
• Right to rectification: You can request that we correct any inaccurate or incomplete data.
• Right to erasure: You can request that we delete your personal data in certain circumstances.
• Right to restrict processing: You can request that we limit the processing of your data in certain circumstances.
• Right to data portability: You can request a copy of your data in a machine-readable format.
• Right to object: You can object to our processing of your personal data in certain circumstances.
• Rights related to automated decision-making: You have rights related to automated decision-making and profiling.

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

• Encryption of personal data
• Regular testing of security measures
• Access controls and authentication
• Staff training on data protection
• Data minimization and pseudonymization where possible
• Regular backups and disaster recovery procedures

Should personal data be transferred outside the EEA, we rely on appropriate safeguards, such as Standard Contractual Clauses or equivalent mechanisms, especially when working with our sub-processors (e.g., Cloudflare, Stripe, Vercel, Supabase, Intercom, Mapbox).

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. We will also notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

As controller, you remain primarily responsible for responding to data subject requests (DSARs) for access, correction, deletion, etc. We will assist you in fulfilling these requests as needed, to the extent we are able.

Our sub-processors each have their own Data Processing Agreements and GDPR compliance programs. See our Privacy Policy or Data Processing Agreement for an up-to-date list.

Data is retained according to your plan's retention settings or as legally required. We provide functionalities for data deletion upon request, subject to our Terms of Service.

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. We will also notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our GDPR compliance.

You can contact our DPO at [email protected] for any queries related to our data protection practices or to exercise your rights under GDPR.

We may update this GDPR compliance statement from time to time. We will notify you of any significant changes by posting the new statement on this page and updating the "Last updated" date.

If you have any questions about our GDPR compliance or wish to exercise your rights, please contact us at:

Email: [email protected]

This GDPR statement should be read alongside our Privacy Policy, Data Processing Agreement, and Shared Responsibility Model.