GDPR Compliance

TechCore Studio is fully committed to compliance with the General Data Protection Regulation (GDPR) for all our clients and users within the European Union and European Economic Area. As a UK and USA-based software house, we adhere to: - UK GDPR (post-Brexit data protection law) - EU GDPR (Regulation 2016/679) - Data Protection Act 2018 We process personal data lawfully, fairly, and transparently.

As a data subject, you have the following rights: Right to be Informed: Clear information about how we use your data Right of Access: Request a copy of your personal data Right to Rectification: Correct inaccurate or incomplete data Right to Erasure: Request deletion of your data ("right to be forgotten") Right to Restrict Processing: Limit how we use your data Right to Data Portability: Receive data in a machine-readable format Right to Object: Object to processing based on legitimate interests Rights Related to Automated Decision-Making: Including profiling To exercise any of these rights, email: gdpr@techcorestudio.com

We act as both Data Controller and Data Processor depending on the context: As Data Controller (our website/marketing): - Collecting contact information via forms - Processing newsletter subscriptions - Analyzing website usage As Data Processor (client projects): - Processing data on behalf of our clients - Hosting applications and databases - Providing cloud infrastructure services All processing is governed by Data Processing Agreements (DPAs) where applicable.

We may transfer personal data outside the UK and EEA: To the USA: Under the UK-US Data Bridge and EU-US Data Privacy Framework To other countries: Using Standard Contractual Clauses (SCCs) approved by the European Commission All transfers include appropriate safeguards to ensure your data remains protected according to GDPR standards. Our sub-processors include cloud providers (AWS, Google Cloud, Azure) all certified under relevant frameworks.

Technical Measures: - Encryption at rest (AES-256) and in transit (TLS 1.3) - Regular penetration testing and vulnerability scans - Multi-factor authentication (MFA) - Automated backup and disaster recovery Organizational Measures: - Data Protection Officer (DPO) appointment - Regular staff training on data protection - Incident response plan (72-hour breach notification) - Privacy by Design and Default principles We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities.

Data Protection Officer: Name: [DPO Name] Email: dpo@techcorestudio.com Address: 82a James Carter Road, Mildenhall, Suffolk, IP28 7DE, UK Response Time: We aim to respond to all GDPR-related requests within 72 hours and fully resolve them within 30 days. Supervisory Authority: You have the right to lodge a complaint with the Information Commissioner's Office (ICO) in the UK or your local data protection authority.