URL Shortener GDPR Compliance

Zexo is committed to protecting your data rights under the General Data Protection Regulation (GDPR). Learn about our data processing practices, how we secure your information when using our URL shortening service, and how to exercise your rights as a data subject.

Your GDPR Rights

Zexo is committed to ensuring the rights of our EU users are respected under the General Data Protection Regulation (GDPR). This page explains how we comply with GDPR requirements and details your rights as a data subject.

Right to Access

You can request a copy of all the personal data we hold about you at any time.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal information.

Right to Erasure

You can request that we delete all your personal data, also known as "the right to be forgotten."

Right to Restriction

You can request that we temporarily or permanently stop processing your personal data.

Data Portability

You can request a copy of your data in a machine-readable format to transfer to another service.

01

Legal Basis for Processing

Under GDPR, we must have a valid legal basis for processing your personal data. Depending on the context, we rely on the following legal bases:

Contractual Necessity

We process your data because it's necessary to fulfill our contract with you when you use our URL shortening service. This includes:

  • Creating and managing your shortened URLs
  • Redirecting users who click on your shortened links
  • Maintaining your account and preferences
  • Providing analytics for your shortened URLs

Legitimate Interests

We process certain data based on our legitimate interests, which include:

  • Improving and developing our services
  • Protecting the security of our platform
  • Detecting and preventing fraud and abuse
  • Analyzing how users interact with our service to enhance user experience

We always balance our interests against your privacy rights. If you believe your rights outweigh our legitimate interests, you can object to this processing.

Consent

In some cases, we process your data based on your explicit consent, such as:

  • Non-essential cookies and tracking technologies
  • Marketing communications and newsletters
  • Optional features that require additional personal data

You have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

02

Your GDPR Rights in Detail

Under the GDPR, you have several important rights regarding your personal data:

  • Right to be informed: You have the right to be informed about how we collect and use your personal data, which we address in our Privacy Policy.
  • Right of access: You can request a copy of all personal data we hold about you and information about how we process it.
  • Right to rectification: You can request that we correct inaccurate or incomplete personal data.
  • Right to erasure: You can request that we delete your personal data in certain circumstances.
  • Right to restrict processing: You can request that we limit how we use your data in certain circumstances.
  • Right to data portability: You can request a copy of your data in a machine-readable format to transfer to another service.
  • Right to object: You can object to our processing of your data, particularly for marketing purposes or when based on legitimate interests.
  • Rights related to automated decision making: You have rights regarding automated decision-making, including profiling.
03

Data Protection Measures

We implement appropriate technical and organizational measures to protect your personal data:

Technical Safeguards

Our technical measures include:

  • End-to-end encryption for data transmission using TLS
  • Secure data storage with encryption at rest
  • Regular security audits and vulnerability testing
  • Access controls and authentication systems
  • Firewalls and intrusion detection systems
  • Regular data backups with secure storage

Organizational Safeguards

Our organizational measures include:

  • Staff training on data protection and privacy
  • Data protection policies and procedures
  • Restricted access to personal data on a need-to-know basis
  • Regular privacy impact assessments
  • Documentation of data processing activities
  • Data protection by design and default in our development process
04

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data:

  • We use EU-approved Standard Contractual Clauses (SCCs) with our service providers
  • We work with service providers who are Privacy Shield certified where applicable
  • We conduct data transfer impact assessments to evaluate risks
  • We limit the data we transfer to only what is necessary

You can request information about our data transfer mechanisms by contacting our Data Protection Officer.

05

How to Exercise Your Rights

You can exercise your GDPR rights in the following ways:

  • Account settings: Many rights can be exercised directly through your account settings, including accessing and updating your data.
  • Contact us: You can contact our Data Protection Officer at privacy@zexo.com with any GDPR-related requests.
  • Timeframe: We will respond to all requests within 30 days. If we need more time due to complexity, we'll notify you.
  • Verification: We may need to verify your identity before processing your request to protect your privacy.
  • No fee: We don't charge a fee for processing standard requests, but we may charge a reasonable fee for unfounded or excessive requests.

Contact Our Data Protection Officer

If you have questions about our GDPR compliance or wish to exercise your rights, our Data Protection Officer is ready to assist you.

Email DPO Contact Form