Privacy Policy

Privacy Policy

User Data

The terms “user” and “users” represent any individual that visits for any purpose.

StartupDevKit may retain certain personal data that’s voluntarily provided by users, however, that data will never be sold to any outside party.

Consent must be provided by a user and given to StartupDevKit in order for StartupDevKit to get their personal data.

This data may contain the account holder’s name, the account holder’s activity using StartupDevKit, a user’s company name, their phone number, address, and an email address depending on what information the user provides to StartupDevKit.

StartupDevKit uses cookies which track usage data of users but does not include personal identifiers such as a user’s name or email address. However, only users from the European Union need to provide consent.

Processing of Personal Data

Processing of personal data will only be undertaken if StartupDevKit has a lawful reason to do so.

This includes:

(1) processing necessary for the performance of or entry into a contract with a particular data subject;

(2) processing necessary for compliance with a legal obligation to which the controller is subject under EU or Member State law;

(3) processing necessary to protect the “vital interests” of the data subject or of another natural person;

(4) processing necessary for the performance of a task in the public interest or in the exercise of official authority vested in the controller; or

(5) processing necessary for the purposes of legitimate interests pursued by the controller or third party, “except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.”

When StartupDevKit cannot rely on any of the five legal bases set forth above, StartupDevKit will need to obtain the individual’s express consent.

To be valid, consent must be freely given, specific, informed and unambiguous.  Controllers intending to rely on consent will, therefore, need to make sure that they implement a mechanism that actually enables them to collect and monitor where consent is actually obtained (e.g., a clear banner or a box to be ticked specifically consenting to the purposes for processing).

When personal data are to be processed for a purpose other than the one for which the data have been collected initially, the controller must consider whether the new purpose is compatible with the original purpose of processing, and if not, the controller will need to ensure that it relies on one of the five legal bases described above.

Data Breach Notification: In the event of a data breach, StartupDevKit will notify the supervisory authority “without undue delay” and within 72 hours of discovering the breach, where feasible.  Any delay must be explained.  In practice, this 72-hour deadline may be difficult to meet given the nature of detecting data breaches and determining their extent.  Additionally, if the data breach is likely to result in a “high risk to the rights and freedoms of natural persons,” StartupDevKit will notify the affected data subjects without undue delay unless one of a number of exceptions is triggered.

User Rights

A user has the right to correct inaccurate personal data, add to incomplete personal data, and have their personal data erased without undue delay if certain grounds apply, including if the personal data is no longer necessary for the purposes it was originally collected or processed.

Users may request their data be ported to another controller in a machine-readable format such as .csv.