GDPR Compliance

CODRocket is committed to protecting your personal data in compliance with the General Data Protection Regulation (GDPR) and applicable data protection laws. This page outlines how we handle your data, your rights as a data subject, and how you can exercise those rights.

Data Controller Information

CODRocket acts as the data controller for personal data collected through our platform. As a data controller, we determine the purposes and means of processing your personal data. For any inquiries regarding our data processing practices, you may contact our data protection team at privacy@codrocket.com. We are committed to processing your data lawfully, fairly, and in a transparent manner.

Legal Basis for Processing

We process your personal data based on the following legal grounds: contractual necessity, where processing is required to provide you with our COD management services and fulfill our obligations under our terms of service; legitimate interests, where processing is necessary for our legitimate business interests such as improving our services, fraud prevention, and platform security; consent, where you have given explicit consent for specific processing activities such as marketing communications and non-essential cookies; and legal obligation, where processing is required to comply with applicable laws and regulations.

Your Data Subject Rights

Under the GDPR, you have the following rights regarding your personal data: the right of access to obtain a copy of your personal data we hold; the right to rectification to correct any inaccurate or incomplete data; the right to erasure (right to be forgotten) to request deletion of your data; the right to restrict processing in certain circumstances; the right to data portability to receive your data in a structured, machine-readable format; the right to object to processing based on legitimate interests or for direct marketing purposes; and the right not to be subject to automated decision-making, including profiling. To exercise any of these rights, please contact us at privacy@codrocket.com. We will respond to your request within 30 days.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of your active subscription and for a reasonable period afterward to comply with legal obligations. Transaction records and financial data are retained as required by applicable tax and accounting regulations. Usage analytics data is anonymized after 26 months. When data is no longer needed, it is securely deleted or anonymized in accordance with our data retention schedule.

International Data Transfers

CODRocket may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure appropriate safeguards are in place to protect your data, including the use of Standard Contractual Clauses approved by the European Commission, transfers to countries recognized as providing an adequate level of data protection, and other legally recognized transfer mechanisms. We regularly review these safeguards to ensure they remain effective and compliant with GDPR requirements.

Data Breach Notification and Contact

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by the GDPR. We maintain incident response procedures to detect, investigate, and report data breaches effectively. If you have any questions about our GDPR compliance, wish to exercise your data subject rights, or want to file a complaint, please contact us at privacy@codrocket.com. You also have the right to lodge a complaint with your local data protection supervisory authority.