GDPR Compliance

General Data Protection Regulation Compliance Statement

Our GDPR Commitment

InfiniteMix is fully committed to complying with the General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA).

Certified GDPR Compliant

1. Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance (Art. 6(1)(b) GDPR)

Processing necessary to provide the Service you purchased (account management, file processing, support).

Consent (Art. 6(1)(a) GDPR)

For marketing communications and optional cookies (you can withdraw consent at any time).

Legitimate Interests (Art. 6(1)(f) GDPR)

For analytics, fraud prevention, and service improvements (balanced against your rights).

Legal Obligation (Art. 6(1)(c) GDPR)

To comply with legal requirements (tax records, law enforcement requests).

2. Your GDPR Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access (Art. 15)

Request a copy of all personal data we hold about you.

Right to Rectification (Art. 16)

Correct any inaccurate or incomplete personal data.

Right to Erasure / "Right to be Forgotten" (Art. 17)

Request deletion of your personal data when no longer necessary or if you withdraw consent.

Right to Restriction of Processing (Art. 18)

Limit how we process your data in certain circumstances.

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format and transfer it to another service.

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent (Art. 7(3))

Withdraw consent at any time for processing based on consent.

Right to Lodge a Complaint (Art. 77)

File a complaint with your local data protection authority.

3. How to Exercise Your Rights

To exercise any of your GDPR rights, contact us through any of these methods:

Email: gdpr@infinitemix.com
Data Protection Officer: dpo@infinitemix.com
In-App: Settings → Privacy → Data Rights
Contact Form: Contact Support

Response Time: We will respond to your request within 30 days (extendable by 2 months for complex requests, with notification).

4. Data Security Measures

We implement appropriate technical and organizational measures to protect your data:

•Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
•Access Controls: Role-based access, two-factor authentication
•Monitoring: 24/7 security monitoring and intrusion detection
•Audits: Regular security audits and penetration testing
•Staff Training: Regular GDPR and security training for all employees
•Incident Response: Documented breach notification procedures

5. International Data Transfers

Your data may be transferred outside the EEA. We ensure adequate protection through:

Standard Contractual Clauses (SCCs): Approved by the European Commission
Adequacy Decisions: Transfers to countries with adequate data protection levels
Binding Corporate Rules: For transfers within corporate groups

Primary data storage locations: EU (Frankfurt), with backups in EU data centers.

6. Data Retention

We retain personal data only as long as necessary:

Account Data: Until account deletion + 30 days
Uploaded Files: 30 days after upload
Transaction Records: 7 years (legal requirement)
Support Communications: 3 years
Analytics Logs: 90 days (anonymized after 30 days)
Marketing Consent: Until withdrawn + 30 days

7. Data Processing Agreement (DPA)

If you're a business user processing personal data through InfiniteMix, we can provide a Data Processing Agreement (DPA) that complies with GDPR Art. 28. Contact our legal team at legal@infinitemix.com

8. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms:

•We will notify the relevant supervisory authority within 72 hours
•We will notify affected individuals without undue delay if there is a high risk
•Notifications will include the nature of the breach and remedial actions

9. Children's Data

We do not knowingly process data of children under 16 without parental consent. If we discover we have collected data from a child without proper consent, we will delete it immediately.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you. Our AI features (BPM detection, key detection) are purely technical and do not affect your rights.

11. Supervisory Authority

Our lead supervisory authority is the Irish Data Protection Commission:

Data Protection Commission

21 Fitzwilliam Square South

Dublin 2, D02 RD28

Ireland

Website: www.dataprotection.ie

You have the right to lodge a complaint with your local data protection authority if you're not satisfied with how we handle your data.

12. Updates to GDPR Compliance

We continuously review and update our GDPR compliance measures. This page was last updated in January 2024. Check back regularly for updates.

13. Contact Information

Data Controller: InfiniteMix, Inc.

GDPR Representative (EU): InfiniteMix EU Services Ltd.

Data Protection Officer: John Smith

Email: gdpr@infinitemix.com

DPO: dpo@infinitemix.com

Legal: legal@infinitemix.com

Support: Contact Form