GDPR Compliance Statement

Our commitment to protecting the data privacy rights of EU citizens and residents.

Introduction

At Blended Insights, we are committed to ensuring the privacy and protection of your personal data. This statement outlines our approach to compliance with the General Data Protection Regulation (GDPR) of the European Union, which enhances individuals' rights and control over their personal data.

This GDPR Compliance Statement supplements our Privacy Policy and applies to all personal data we process for individuals in the European Economic Area (EEA).

Our Role Under GDPR

Blended Insights acts as both a "Data Controller" and a "Data Processor" under the GDPR:

  • As a Data Controller: We determine the purposes and means of processing personal data collected directly from you when you visit our website, contact us, or use our services directly.
  • As a Data Processor: We process personal data on behalf of our clients according to their instructions when providing consulting and implementation services.

Lawful Basis for Processing

We process personal data only when we have a lawful basis to do so under GDPR. Our processing activities are primarily based on the following:

  • Consent: We obtain your explicit consent for specific processing activities, such as marketing communications or cookie usage.
  • Contractual Necessity: Processing necessary to fulfill our contractual obligations to you.
  • Legitimate Interests: Processing that serves our legitimate business interests, such as improving our services, preventing fraud, or ensuring network security, while respecting your rights and interests.
  • Legal Obligation: Processing required to comply with a legal obligation.

We clearly identify the specific lawful basis for each processing activity in our data processing records.

Your Rights Under GDPR

If you are located in the EEA, you have the following rights regarding your personal data:

  • Right to Information: You have the right to know what personal data we collect, how we use it, how long we keep it, and with whom we share it.
  • Right of Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
  • Right to Erasure (Right to be Forgotten): You can request that we delete your personal data under certain circumstances.
  • Right to Restrict Processing: You can request that we limit how we use your personal data.
  • Right to Data Portability: You can request a machine-readable copy of your personal data to transfer to another service.
  • Right to Object: You can object to our processing of your personal data based on our legitimate interests or for direct marketing purposes.
  • Rights Related to Automated Decision Making and Profiling: You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects.

How to Exercise Your Rights

You can exercise your GDPR rights by contacting our Data Protection Officer atdpo@blendedinsights.com. We will respond to your request within one month, as required by GDPR. In certain cases, we may need to extend this period by up to two additional months, taking into account the complexity and number of requests.

We may request specific information to verify your identity before processing your request.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure data security, including:

  • Encryption of personal data in transit and at rest
  • Regular security assessments and testing
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Data protection impact assessments for high-risk processing activities
  • Data processing agreements with third-party processors

International Data Transfers

As a U.S.-based company, we may transfer personal data from the EEA to the United States or other countries outside the EEA. When we do so, we ensure adequate protection for your data through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Ensuring third-party service providers are certified under frameworks such as the EU-U.S. Data Privacy Framework
  • Implementing supplementary measures as necessary to ensure an essentially equivalent level of protection

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, when possible, within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly, where feasible.

Data Protection Officer

While not legally required, we have voluntarily appointed a Data Protection Officer to oversee our GDPR compliance efforts. You can contact our DPO at:

Email: dpo@blendedinsights.com

Supervisory Authority

If you are located in the EEA and believe that we have not adequately addressed your data privacy concerns, you have the right to lodge a complaint with your local data protection authority.

Changes to This Statement

We may update this GDPR Compliance Statement periodically to reflect changes in our practices or regulatory requirements. We will notify you of any material changes by posting the new statement on our website and updating the "Last Updated" date.

Contact Us

If you have any questions, concerns, or requests regarding this GDPR Compliance Statement or our data protection practices, please contact us at:

Email: dpo@blendedinsights.com

Last Updated: March 28, 2025

Need More Information About Your Data Rights?

We're committed to transparency and protecting your privacy rights. If you have questions about how we handle your information, please reach out.

Contact Our DPO