GDPR Compliance
Last Updated: May 12, 2026
1. Our Commitment to GDPR
Web2AI is fully committed to complying with the General Data Protection Regulation (GDPR). We understand the importance of protecting personal data and have implemented comprehensive measures to ensure we handle your information in accordance with EU data protection laws.
2. Data Controller
Web2AI acts as the data controller for all personal data processed in connection with our services. We are responsible for ensuring that our data processing activities comply with GDPR requirements.
3. Legal Basis for Processing
We process personal data only when we have a valid legal basis to do so. Our legal bases for processing include:
- Consent: Where you have given explicit consent for specific processing activities
- Contract: Where processing is necessary to fulfill our contractual obligations to you
- Legitimate Interest: Where processing serves our legitimate business interests without overriding your rights
- Legal Obligation: Where processing is required by applicable law
4. Data Subject Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access: Request a copy of the personal data we hold about you
- Right to Rectification: Request correction of inaccurate personal data
- Right to Erasure: Request deletion of your personal data ("right to be forgotten")
- Right to Restrict Processing: Request limitation of processing activities
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
- Rights Related to Automated Decision Making: Not be subject to decisions based solely on automated processing that significantly affect you
5. Data Protection Officer
For GDPR compliance inquiries or to exercise your data subject rights, contact our dedicated privacy team at contact@web2ai.eu. We have appointed a Data Protection Officer who oversees our compliance with GDPR requirements.
6. Data Processing Agreements
We maintain Data Processing Agreements (DPAs) with all third-party service providers who process personal data on our behalf. These agreements ensure that our processors handle your data in accordance with GDPR requirements and under our documented instructions.
7. International Transfers
Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place. This may include standard contractual clauses approved by the European Commission, binding corporate rules, or other legally approved transfer mechanisms.
8. Data Breach Notification
In the unlikely event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. Where the risk is high, we will also directly notify affected individuals without undue delay.
9. Records of Processing Activities
We maintain detailed records of all data processing activities as required by GDPR. These records include information about the purpose of processing, categories of data subjects and personal data, recipients to whom data is disclosed, and retention periods.
10. Privacy by Design
We incorporate data protection principles into the design of our services and systems. Privacy by Design is a core principle of our data governance framework, ensuring that privacy safeguards are built into our operations rather than added as afterthoughts.
11. Supervisory Authority
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates GDPR requirements. The supervisory authority for our primary establishment is located within the European Union.
12. Contact
For GDPR compliance questions, data subject rights requests, or privacy concerns, please contact us:
Email: contact@web2ai.eu
Website: https://web2ai.eu/contact.php