Debmedia Technologies LLP ("Company", "we", "us", or "our") is committed to protecting the privacy and personal data of individuals in the European Economic Area (EEA), United Kingdom, and Switzerland. This GDPR Compliance Policy outlines how we collect, process, store, and protect personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").
We take our obligations under GDPR seriously. This document serves as a comprehensive statement of our data protection practices and your rights as a data subject under GDPR.
Purpose of This Policy
This policy is designed to inform EU/EEA data subjects about how their personal data is processed, explain the legal bases on which we rely for processing, describe the rights available to data subjects and how to exercise them, detail our security and accountability measures, and demonstrate our ongoing commitment to data protection by design and default.
Relationship with Other Policies
This GDPR Policy should be read alongside our Privacy Policy, Cookie Policy, and Terms & Conditions. Together, these documents provide a complete picture of our data handling practices and your rights.
2. Who We Are — Data Controller Information
Identity of the Data Controller
For the purposes of GDPR, Debmedia Technologies LLP acts as the Data Controller for personal data collected through our website, services, and digital platforms. As Data Controller, we determine the purposes and means of processing personal data.
⏰ Business Hours: Monday – Friday, 10:00 AM – 6:00 PM IST
Data Processor Relationships
We engage third-party Data Processors — entities that process personal data on our behalf and under our documented instructions. All Data Processors are bound by written Data Processing Agreements (DPAs) that comply with GDPR Article 28 requirements. We remain fully responsible as Data Controller for ensuring that our processors handle data in accordance with GDPR.
Joint Controllers
In certain circumstances, we may act as a joint controller with partners or clients. Where joint controllership arrangements exist, we maintain a written arrangement specifying each party's respective responsibilities under GDPR Article 26.
3. Scope & Applicability
Who This Policy Applies To
This GDPR Policy applies to all individuals in the European Economic Area (EEA), the United Kingdom, and Switzerland whose personal data we process, including:
Visitors to our website based in the EEA/UK/Switzerland
Customers and clients who are EEA/UK/Swiss residents
Prospects and leads located in EEA/UK/Switzerland
Business contacts, partners, and vendors in the EEA/UK/Switzerland
Employees, contractors, or consultants who are EEA/UK/Swiss residents
Anyone who contacts us from the EEA/UK/Switzerland
GDPR Territorial Scope
Although Debmedia Technologies LLP is based in India, we are subject to GDPR under its extraterritorial provisions (Article 3) because we offer goods and services to individuals in the EU/EEA, monitor the behavior of individuals in the EU/EEA, and process personal data of EU/EEA residents in connection with our business activities.
What Constitutes Personal Data
Under GDPR, "personal data" means any information relating to an identified or identifiable natural person. This includes obvious identifiers such as names, email addresses, and ID numbers, as well as less obvious identifiers such as IP addresses, device identifiers, location data, and any combination of data that could identify an individual. We treat all such data with the highest level of care.
Special Categories of Data
GDPR affords heightened protection to certain "special categories" of personal data, including health and medical information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, and data concerning sex life or sexual orientation. We do not intentionally collect special category data unless strictly necessary, and only with your explicit consent or on another valid legal basis under GDPR Article 9.
4. Personal Data We Collect
Data You Provide Directly
We collect personal data that you voluntarily provide when interacting with us:
Contact information: Name, email address, phone number, postal address
Log data: Server logs, error reports, access timestamps
Data from Third Parties
We may receive personal data about you from third-party sources, including analytics providers (such as Google Analytics), advertising partners (such as Meta and LinkedIn), publicly available business directories and professional networks, referral partners who introduce you to our services, and payment processors who confirm transaction details.
Data Minimisation Commitment
In line with GDPR's data minimisation principle, we only collect personal data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We regularly review the data we collect to ensure it remains proportionate to our stated purposes.
5. Legal Basis for Processing Personal Data
Under GDPR Article 6, every processing activity must have a valid legal basis. We rely on the following legal bases for processing personal data:
5.1 Consent (Article 6(1)(a))
When we rely on it: Marketing emails and newsletters, non-essential cookies and tracking technologies, promotional communications, and any processing where we have explicitly asked for your agreement.
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal. Withdrawing consent is as easy as giving it.
5.2 Contractual Necessity (Article 6(1)(b))
When we rely on it: Providing our services to you, processing payments, managing your account, fulfilling service-level agreements, and delivering SaaS tools and dashboards you have subscribed to. Processing is necessary to perform the contract we have entered into with you or to take pre-contractual steps at your request.
5.3 Legal Obligation (Article 6(1)(c))
When we rely on it: Tax and financial record-keeping, fraud prevention and AML compliance, responding to lawful requests from courts or regulators, complying with employment law obligations, and retaining records as required by applicable law.
5.4 Legitimate Interests (Article 6(1)(f))
When we rely on it: Improving and optimizing our website and services based on usage analytics, protecting our systems and users from security threats, fraud detection and prevention, business development and prospecting for B2B services, and sending service-related communications to existing customers.
We have conducted Legitimate Interests Assessments (LIAs) for all processing activities relying on this basis to ensure that our interests do not override your fundamental rights and freedoms.
We never process personal data without a valid legal basis. You may request information about the specific legal basis for any processing activity by contacting us at contact@debmediaenterprise.com.
6. How We Use Your Personal Data
Service Delivery and Account Management
We use personal data to create and manage your account, provide access to our SaaS tools and dashboards, process transactions and payments, send service-related notifications and updates, respond to support requests and enquiries, and personalize your experience on our platform.
Communication and Marketing
We use contact information to respond to your enquiries and messages, send transactional emails (invoices, receipts, confirmations), send marketing communications where you have opted in or where we have a legitimate interest (B2B context), provide product updates and feature announcements, and invite feedback through surveys and reviews.
Analytics and Product Improvement
We analyze usage data to understand how our website and services are used, identify areas for improvement and optimization, detect and resolve technical issues and bugs, measure the effectiveness of our marketing campaigns, and make informed product development decisions.
Security and Fraud Prevention
We use personal data to monitor for suspicious activity and unauthorized access, verify user identities and prevent account takeover, detect, investigate, and prevent fraudulent transactions, protect the integrity and security of our systems, and comply with our legal obligations relating to fraud prevention.
Legal and Compliance Purposes
We may process personal data to comply with applicable laws and regulatory requirements, respond to lawful requests from courts, regulators, and law enforcement, establish, exercise, or defend legal claims, and fulfil our tax, accounting, and financial reporting obligations.
Purpose Limitation
We process personal data only for the specific purposes for which it was collected. If we intend to use your data for a new purpose that is incompatible with the original purpose, we will obtain fresh consent or identify a new applicable legal basis before proceeding.
7. Data Retention
Retention Principles
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements. When determining the appropriate retention period, we consider the nature and sensitivity of the data, the potential risk of harm from unauthorized use, the purposes for processing, whether those purposes can be achieved through anonymization, and applicable legal requirements.
Retention Periods by Data Category
Data Category
Retention Period
Legal Basis for Retention
Account & profile data
Duration of account + 2 years after closure
Contract
Financial & billing records
7 years
Legal Obligation
Marketing consent records
Until consent withdrawn + 3 years
Consent
Support & communication logs
3 years from last interaction
Legitimate Interest
Website analytics data
26 months (aggregated)
Legitimate Interest
Contract documents
7 years after contract end
Legal Obligation
Security & access logs
12 months
Legitimate Interest
Data Deletion and Anonymisation
At the end of the applicable retention period, personal data is securely deleted or anonymised so that it can no longer be associated with you. We use industry-standard deletion methods, including cryptographic erasure for encrypted data stores, secure overwriting for file-based storage, and certified destruction for any physical media.
Your Right to Request Early Deletion
You may request early deletion of your personal data under GDPR Article 17 (the "right to erasure"). We will fulfil erasure requests unless we are required to retain the data to comply with a legal obligation, establish, exercise, or defend legal claims, or protect the vital interests of others. See Section 12 for full details.
8. Data Sharing and Third-Party Processors
Who We Share Data With
We may share your personal data with the following categories of third parties, always ensuring that appropriate safeguards are in place:
IT and infrastructure providers: Cloud hosting services (AWS, Google Cloud), content delivery networks (Cloudflare), and database management systems
Analytics providers: Google Analytics, Hotjar, and similar tools used to understand website usage and improve services
Marketing and communication platforms: Email marketing services, CRM platforms, and marketing automation tools
Payment processors: Razorpay, Stripe, and PayPal — these providers process payment information under their own strict security standards and are PCI-DSS compliant
Customer support tools: Helpdesk and ticketing platforms used to manage support enquiries
Professional advisers: Lawyers, accountants, auditors, and insurers who provide professional services to us
Regulatory and governmental authorities: Where required by law, court order, or to protect our legal rights
Data Processing Agreements
All third-party processors are required to enter into a Data Processing Agreement (DPA) with us that meets the requirements of GDPR Article 28. These agreements ensure that processors only act on our written instructions, maintain confidentiality, implement appropriate technical and organisational security measures, assist us in responding to data subject rights requests, and delete or return all personal data upon termination of the agreement.
No Sale of Personal Data
We do not sell, rent, trade, or otherwise transfer your personal data to third parties for their own independent marketing purposes. Any sharing of data with third parties is strictly for the purposes described in this policy and subject to appropriate safeguards.
We never sell your personal data. Your information is shared with third parties only where necessary to provide our services or comply with legal obligations, and always under contractual safeguards.
9. International Data Transfers
Transfers Outside the EEA
As an India-based company, processing data on behalf of EEA users, we transfer personal data outside the EEA. Some of our third-party service providers also operate in countries outside the EEA, including the United States, India, and Singapore. GDPR requires that we implement appropriate safeguards for such transfers.
Transfer Mechanisms We Use
Standard Contractual Clauses (SCCs): We use the EU Commission's approved Standard Contractual Clauses (SCCs) as the primary mechanism for transferring personal data from the EEA to third countries, including India. Our SCCs incorporate the 2021 updated module appropriate to our role as controller or processor.
Adequacy Decisions: Where the European Commission has issued an adequacy decision for a destination country, we may rely on this as the basis for transfer without additional safeguards.
Binding Corporate Rules (BCRs): Where applicable, we may rely on BCRs approved by a competent supervisory authority.
Supplementary Measures: Where required by our Transfer Impact Assessments (TIAs), we implement additional technical and contractual measures to ensure the level of protection is essentially equivalent to that guaranteed in the EEA.
Transfer Impact Assessments
We conduct Transfer Impact Assessments (TIAs) for all transfers to third countries to assess the legal framework of the destination country, evaluate the risk of government access to personal data, determine whether our safeguards provide effective protection in practice, and document our findings and any supplementary measures implemented.
Your Rights Regarding Transfers
You have the right to request a copy of the SCCs or other transfer mechanisms governing the transfer of your personal data to a third country, and to obtain information about the countries to which your data may be transferred. You may also lodge a complaint with your local supervisory authority if you believe your data is being transferred without adequate safeguards.
10. Right of Access (Article 15)
What This Right Means
Under GDPR Article 15, you have the right to obtain confirmation as to whether or not we process personal data about you, and, where we do, access to that personal data along with supplementary information.
What a Subject Access Request Includes
If you submit a Subject Access Request (SAR), we will provide:
A copy of all personal data we hold about you
The purposes for which we process your data
The categories of data processed
The recipients or categories of recipients of your data
The retention period or criteria used to determine it
Your rights under GDPR (rectification, erasure, restriction, objection)
Your right to lodge a complaint with a supervisory authority
The source of the data where not collected directly from you
Information about any automated decision-making, including profiling
How to Submit a Request
To submit a Subject Access Request, email us at contact@debmediaenterprise.com with the subject line "Subject Access Request — GDPR." Please include sufficient information to verify your identity (for security purposes) and specify the data you are requesting access to, if relevant.
Response Timeframe
We will respond to your SAR within one month of receipt. In complex cases or where we receive multiple requests from you simultaneously, we may extend this by a further two months, in which case we will notify you within the first month explaining the reason for the extension. We provide responses free of charge, unless requests are manifestly unfounded or excessive.
11. Right to Rectification (Article 16)
What This Right Means
Under GDPR Article 16, you have the right to obtain from us the correction of inaccurate personal data concerning you without undue delay. Taking into account the purposes of processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
When You Can Exercise This Right
You can request rectification when personal data we hold about you is factually incorrect (e.g., incorrect name spelling, wrong address), when data is outdated and no longer accurate (e.g., old job title, previous address), or when data is incomplete and the incompleteness affects the purpose for which it is processed.
How to Request Rectification
You can update certain personal data yourself through your account profile settings. For data you cannot update directly, please contact us at contact@debmediaenterprise.com with the subject "Data Rectification Request — GDPR." Please clearly specify which data is inaccurate and provide the corrected information.
Third-Party Notification
Where we have shared inaccurate data with third parties, we will notify each recipient of the rectification, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients on request.
We will respond to all rectification requests within one month of receipt, with a possible extension of up to two further months for complex cases. We will always inform you of any extension within the first month.
12. Right to Erasure — "Right to Be Forgotten" (Article 17)
What This Right Means
Under GDPR Article 17, you have the right to obtain the erasure of personal data concerning you without undue delay where one of the following grounds applies:
The data is no longer necessary for the purposes for which it was collected or processed
You withdraw consent and there is no other legal basis for processing
You object to processing under Article 21 and there are no overriding legitimate grounds
The data has been unlawfully processed
Erasure is required to comply with a legal obligation under EU or Member State law
The data was collected in relation to an offer of information society services to a child
Exceptions to the Right of Erasure
We may decline an erasure request where processing is necessary for exercising the right of freedom of expression and information, complying with a legal obligation, reasons of public interest in the area of public health, archiving purposes in the public interest, scientific or historical research or statistical purposes, or the establishment, exercise, or defence of legal claims.
How to Submit an Erasure Request
Please contact us at contact@debmediaenterprise.com with the subject line "Erasure Request — GDPR." We will respond within one month and will notify relevant third parties of the erasure where practicable.
13. Right to Object and Right to Restrict Processing (Articles 18 & 21)
Right to Object (Article 21)
You have the right to object, on grounds relating to your particular situation, to processing of personal data concerning you which is based on legitimate interests or the performance of a task in the public interest. You also have an absolute right to object to processing of your data for direct marketing purposes at any time, without providing any justification.
To exercise this right, contact us at contact@debmediaenterprise.com with the subject "Objection to Processing — GDPR." We will stop processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless processing is necessary for legal claims.
Right to Restriction of Processing (Article 18)
You have the right to obtain restriction of processing where:
You contest the accuracy of the personal data (restriction applies while we verify accuracy)
The processing is unlawful and you oppose erasure and request restriction instead
We no longer need the data but you require it for the establishment, exercise, or defence of legal claims
You have objected to processing and we are verifying whether our legitimate grounds override yours
During a period of restriction, we will only process your data with your consent, for legal claims, to protect the rights of another person, or for important public interest reasons. We will inform you before lifting any restriction.
Right Not to Be Subject to Automated Decision-Making (Article 22)
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you. Where we do use automated decision-making, we will inform you of the logic involved, the significance and envisaged consequences of such processing, and your right to request human review of any automated decision.
14. Right to Data Portability (Article 20)
What This Right Means
Under GDPR Article 20, where processing is based on consent or contractual necessity and is carried out by automated means, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to transmit that data to another controller without hindrance from us.
Data Covered by Portability Right
The right to data portability applies to personal data that you have actively and knowingly provided to us (such as account information, profile data, and preferences) and data generated by your activity on our platform (such as usage history, content you have created, and transaction records). It does not apply to data inferred or derived by us from your data.
How to Request Data Portability
To request a portable copy of your personal data, contact us at contact@debmediaenterprise.com with the subject "Data Portability Request — GDPR." Please specify the data you would like and, where possible, the format you prefer (JSON, CSV, XML). We will respond within one month and provide your data in a structured, machine-readable format free of charge.
Direct Transfer to Another Controller
Where technically feasible, we can transmit your personal data directly to another data controller of your choice. Please provide us with the details of the receiving controller and confirm their consent to receive the data.
15. Security Measures — Technical and Organisational Measures
Our Security Commitment
We implement appropriate technical and organisational measures in accordance with GDPR Article 32 to ensure a level of security appropriate to the risk. Our security programme is based on recognised frameworks including ISO 27001 principles and the NIST Cybersecurity Framework.
Technical Security Measures
Encryption in transit: All data transmitted between your device and our servers is encrypted using TLS 1.2 or higher (HTTPS)
Encryption at rest: Personal data stored in our databases and file storage systems is encrypted using AES-256 encryption
Access controls: Role-based access controls (RBAC) ensure that employees can only access personal data necessary for their role
Multi-factor authentication: MFA is enforced for all internal systems containing personal data
Vulnerability management: Regular security scanning, penetration testing, and patch management
Intrusion detection: Automated monitoring systems to detect and alert on suspicious activity
Data pseudonymisation: Where possible, we pseudonymise personal data to reduce the risk of harm in the event of a breach
Regular backups: Encrypted backups with tested recovery procedures
Organisational Security Measures
Data protection training: All staff receive regular training on data protection obligations and security best practices
Confidentiality obligations: All employees and contractors are bound by confidentiality agreements
Access reviews: Periodic reviews of user access rights to ensure they remain appropriate
Vendor assessment: Security assessment of all third-party processors before engagement
Incident response plan: A documented and tested incident response procedure for handling data breaches
Privacy by design: Data protection is incorporated into new systems and processes from the outset
No system is 100% secure. While we implement robust measures to protect your data, we cannot guarantee absolute security against all threats. We encourage you to also take steps to protect your own information, such as using a strong, unique password for your account.
16. Data Breach Notification Protocol
Our Obligations Under GDPR
In the event of a personal data breach, GDPR Articles 33 and 34 require us to notify the relevant supervisory authority within 72 hours of becoming aware of the breach where the breach is likely to result in a risk to the rights and freedoms of natural persons. Where the breach is likely to result in a high risk to individuals, we must also notify those affected individuals without undue delay.
What Constitutes a Data Breach
A personal data breach is a security incident that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. This includes hacking incidents and cyberattacks, accidental loss or theft of devices containing personal data, unauthorised access by an employee, accidental disclosure to the wrong person, and ransomware attacks affecting systems containing personal data.
Our Internal Breach Response Process
Our incident response procedure includes immediate containment of the breach to limit its scope, assessment of the nature, extent, and likely consequences, notification to our internal Data Protection lead within 24 hours of discovery, supervisory authority notification within 72 hours where required by GDPR, individual notification to affected data subjects where there is a high risk to their rights, and a post-incident review and corrective action plan.
Breach Notification to You
If a breach affects you and is likely to result in high risk to your rights and freedoms, we will contact you by email (if you are a registered user) or by prominent notice on our website. Our notification will describe the nature of the breach, the personal data affected, the likely consequences, the measures taken or proposed to address the breach, and the name and contact details of our Data Protection contact.
Breach Register
We maintain a documented record of all personal data breaches, including those that are not required to be notified, in compliance with GDPR Article 33(5). This register enables us to demonstrate accountability and improve our security practices over time.
17. Data Protection Officer & Accountability
Data Protection Officer (DPO)
While Debmedia Technologies LLP may not be required under GDPR to formally appoint a Data Protection Officer, we have designated a Data Protection Lead responsible for overseeing our data protection strategy and ensuring compliance with GDPR. This individual acts as the primary point of contact for all data protection matters.
We implement data protection by design and default in accordance with GDPR Article 25. This means data protection considerations are incorporated from the earliest stages of any new system, process, or product development, privacy settings are set to the most protective options by default, we process only the minimum data necessary for each specific purpose, and data minimisation and pseudonymisation are applied wherever technically feasible.
Records of Processing Activities (RoPA)
We maintain a comprehensive Record of Processing Activities (RoPA) as required by GDPR Article 30. This internal document records the name and contact details of the controller and DPO, the purposes of processing, a description of categories of data subjects and personal data, categories of recipients, international transfers and safeguards, retention periods, and a description of security measures.
Data Protection Impact Assessments (DPIAs)
We conduct Data Protection Impact Assessments (DPIAs) as required by GDPR Article 35 prior to undertaking any processing likely to result in a high risk to individuals. DPIAs are required for systematic profiling with legal or significant effects, large-scale processing of special category data, systematic monitoring of publicly accessible areas, and new technologies presenting high risks. We consult with the supervisory authority prior to commencing high-risk processing where a DPIA indicates risk cannot be mitigated.
18. Children's Personal Data
Age Restrictions
Our website and services are not directed at children under the age of 16 (or such lower age as may be established by EU Member State law, but in no case below 13). We do not knowingly collect personal data from children under 16 without verifiable parental or guardian consent.
GDPR Requirements for Children
GDPR Article 8 provides specific rules for children's data in relation to information society services. Where consent is the legal basis for processing, for children under 16, we require consent from the holder of parental responsibility. We use age-verification measures to identify when a child under 16 is attempting to use our services and implement additional safeguards for processing data of young people.
If We Inadvertently Collect Children's Data
If we discover that we have inadvertently collected personal data from a child under 16 without appropriate parental consent, we will delete the data as quickly as possible, notify the parent or guardian if their contact information is available, review our processes to prevent recurrence, and assess whether the incident constitutes a notifiable data breach.
Parental Rights
Parents or legal guardians of children under 16 have the right to request access to, correction of, or deletion of their child's personal data, and to object to further processing. To exercise these rights, contact us at contact@debmediaenterprise.com with the subject "Children's Data Request — GDPR."
19. Updates to This GDPR Policy
Why We May Update This Policy
We may update this GDPR Policy periodically to reflect changes in our data processing activities or services, updates to GDPR guidance from supervisory authorities or the European Data Protection Board (EDPB), relevant court rulings (including decisions from the Court of Justice of the EU), changes in our business structure, partnerships, or third-party processors, and new regulatory requirements in EEA Member States.
How We Notify You of Changes
When we make material changes to this policy, we will update the "Last Updated" date at the top of this document, post a prominent notice on our website for at least 30 days explaining the nature of the changes, send email notifications to registered EU/EEA users for significant changes, and where a change requires renewed consent, re-obtain that consent before continuing to process your data on that basis.
Your Continued Use
Your continued use of our website or services following notification of non-material changes constitutes acknowledgement of the updated policy. For material changes that affect your rights, we will obtain fresh consent or provide a meaningful opportunity for you to review the changes and take action before they become effective.
We recommend reviewing this policy periodically. Previous versions of this policy are available on request by contacting us at contact@debmediaenterprise.com.
20. Contact Us & How to Lodge a Complaint
Exercising Your GDPR Rights
To exercise any of your rights under GDPR — access, rectification, erasure, restriction, portability, objection, or automated decision-making — please contact our Data Protection Lead using the details below. We will respond within one month of receiving your request.
⏰ Business Hours: Monday – Friday, 10:00 AM – 6:00 PM IST
Response Timeframes
GDPR rights requests (access, erasure, portability, etc.): Within 1 month (extendable by 2 months for complex cases)
General data protection enquiries: Within 48 hours (2 business days)
Complaints: Initial response within 5 business days; full response within 1 month
Data breach notifications: We notify supervisory authorities within 72 hours; we notify you without undue delay where applicable
Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to your right to contact us directly, you have the right to lodge a complaint with the data protection supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. Key supervisory authorities include:
UK: Information Commissioner's Office (ICO) — ico.org.uk
Germany: Federal Commissioner for Data Protection (BfDI) — www.bfdi.bund.de
France: Commission Nationale de l'Informatique et des Libertés (CNIL) — www.cnil.fr
All EU/EEA supervisory authorities: Full list available at edpb.europa.eu
India: Data Protection Board of India (under DPDP Act, 2023) — once operational
We always prefer to resolve complaints directly and encourage you to contact us first. However, your right to contact a supervisory authority is unconditional and unaffected by your contact with us.
EU Representative
As a non-EEA organisation processing EEA personal data, we are evaluating the need to appoint an EU Representative under GDPR Article 27. If you are an EEA data subject and require a local contact point, please email us at contact@debmediaenterprise.com and we will provide the most current information.
