GDPR Compliance & Data Protection

Your privacy matters to us. Learn how BDM Hub protects your personal data in compliance with the General Data Protection Regulation (GDPR).

Last updated: October 5, 2025
Overview Your Rights Data Collection Data Usage Data Sharing Security Contact DPO

GDPR Overview

What is GDPR?

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It gives individuals control over their personal data and simplifies the regulatory environment for international business.

BDM Hub is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal data. This page explains our GDPR compliance measures and your rights as a data subject under European law.

As a business management platform serving customers globally, including the European Union, we take data protection seriously and have implemented comprehensive measures to ensure GDPR compliance across all our services.

Lawful Processing

We only process personal data when we have a lawful basis to do so, such as your consent or for contract performance.

Data Minimization

We collect only the personal data that is necessary for the specific purposes we've identified.

Transparency

We provide clear information about how we use your data and make it easy to understand your rights.

Security

We implement appropriate technical and organizational measures to protect your personal data.

Your Rights Under GDPR

Under GDPR, you have several rights regarding your personal data. These rights allow you to control how your data is used and ensure transparency in our data processing activities.

Right to be Informed

You have the right to be informed about how your personal data is collected, used, and processed. This page and our Privacy Policy provide that transparency.

Right of Access

You can request access to your personal data to understand what information we hold about you and how it's being processed.

Right to Rectification

You can request that we correct any inaccurate or incomplete personal data we hold about you.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when it's no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain circumstances.

Right to Data Portability

You can request a copy of your personal data in a structured, commonly used format to transfer to another service.

Right to Object

You can object to certain types of processing, including direct marketing and processing based on legitimate interests.

How to Exercise Your Rights

To exercise any of these rights, please contact our Data Protection Officer using the contact information provided below. We will respond to your request within 30 days and may ask you to verify your identity to protect your privacy.

Contact Data Protection Officer Email: dpo@bdmhub.com

Data We Collect

We collect different types of personal data depending on how you interact with our services. Here's a comprehensive overview of what we collect and why.

Account Information

What we collect:

  • • Full name
  • • Email address
  • • Company name
  • • Phone number
  • • Business address
  • • Job title/role

Why we collect it:

  • • Account creation and management
  • • Service delivery
  • • Customer support
  • • Billing and invoicing
  • • Legal compliance

Payment Information

What we collect:

  • • Billing address
  • • Payment method details (via Stripe)
  • • Transaction history
  • • Tax identification numbers

Security note:

We do not store full credit card numbers. Payment processing is handled securely by our PCI-compliant payment processor, Stripe.

Usage Data

What we collect:

  • • Feature usage patterns
  • • Login timestamps
  • • Plugin preferences
  • • Performance metrics
  • • Error logs and crash reports

Purpose:

  • • Service improvement
  • • Bug fixes and troubleshooting
  • • Feature development
  • • Security monitoring

Technical Data

What we collect:

  • • IP address (anonymized after 30 days)
  • • Browser type and version
  • • Operating system
  • • Device information
  • • Cookies and session data

Purpose:

  • • Security and fraud prevention
  • • Technical support
  • • Service optimization
  • • Analytics (aggregated only)

How We Use Your Data

We process your personal data only for specific, legitimate purposes and always in accordance with GDPR principles. Here are the lawful bases under which we process your data:

Contract Performance

Processing necessary to fulfill our contract with you:

  • • Providing access to BDM Hub services
  • • Account management
  • • Customer support
  • • Billing and payment processing
  • • Service updates and maintenance

Consent

Processing based on your explicit consent:

  • • Marketing communications
  • • Newsletter subscriptions
  • • Cookies for analytics (non-essential)
  • • Promotional offers
  • • Beta feature participation

Legitimate Interests

Processing for our legitimate business interests:

  • • Service improvement and development
  • • Security and fraud prevention
  • • Technical support and troubleshooting
  • • Business analytics (anonymized)
  • • Internal research and development

Legal Compliance

Processing required by law:

  • • Tax reporting and record keeping
  • • Financial regulations compliance
  • • Data breach notifications
  • • Regulatory investigations
  • • Court orders and legal requests

Important Note About Consent

You can withdraw your consent at any time for processing based on consent (such as marketing communications). This will not affect the lawfulness of processing before your consent was withdrawn.

When We Share Your Data

We do not sell your personal data to third parties. We only share your data in specific circumstances, always in compliance with GDPR requirements and with appropriate safeguards in place.

Service Providers

We work with trusted third-party service providers who help us deliver our services. These providers are contractually bound to protect your data and use it only for the specific services they provide to us.

Current service providers include:

  • Stripe: Payment processing
  • AWS: Cloud hosting and infrastructure
  • SendGrid: Email delivery
  • Intercom: Customer support
  • Google Analytics: Website analytics

Safeguards in place:

  • • GDPR-compliant data processing agreements
  • • EU-US Privacy Shield certification (where applicable)
  • • Standard Contractual Clauses for non-EU transfers
  • • Regular security assessments
  • • Data minimization principles

Legal Requirements

We may disclose your personal data when required by law or when we believe in good faith that such action is necessary to comply with legal obligations.

Examples include:

  • • Court orders or legal process
  • • Government or regulatory requests
  • • Tax authorities
  • • Law enforcement (with valid legal basis)
  • • Financial crime prevention

Our commitment:

  • • We will challenge overly broad requests
  • • We will notify you when legally permitted
  • • We will only share the minimum necessary data
  • • We will document all legal requests

Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction, subject to the same privacy protections.

Your protection:

  • • We will notify you before any such transfer
  • • The acquiring party must honor this privacy policy
  • • You maintain all your GDPR rights
  • • You can object to or withdraw consent as applicable

We Never Sell Your Data

BDM Hub does not sell, rent, or trade your personal data to third parties for their marketing purposes. Any sharing is limited to the specific purposes outlined above and always includes appropriate safeguards.

Data Security & Protection

Protecting your personal data is a top priority. We implement comprehensive technical and organizational measures to ensure the security, confidentiality, and integrity of your information.

Technical Safeguards

  • Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and DDoS protection
  • Monitoring: 24/7 security monitoring and threat detection
  • Backups: Regular encrypted backups with geographic distribution

Organizational Measures

  • Staff Training: Regular GDPR and security awareness training
  • Access Policies: Strict need-to-know data access policies
  • Incident Response: Comprehensive data breach response plan
  • Vendor Management: GDPR compliance requirements for all suppliers
  • Regular Audits: Internal and external security assessments

Certifications & Compliance

  • SOC 2 Type II: Annual compliance audit for security controls
  • GDPR Article 32: Appropriate technical and organizational measures
  • PCI DSS Level 1: Payment card industry compliance (via Stripe)
  • ISO 27001: Information security management system (AWS infrastructure)

Data Breach Response

In the unlikely event of a data breach, we have a comprehensive response plan in place:

1
Detection & Containment: Immediate threat isolation within 1 hour
2
Assessment: Risk evaluation and impact analysis within 24 hours
3
Notification: Authorities within 72 hours, affected users without delay
4
Remediation: Fix vulnerabilities and enhance security measures

International Data Transfers

Your data may be processed in countries outside the EU. We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs) for non-adequate countries
  • Data Processing Agreements with all international vendors
  • Regular reviews of transfer mechanisms and adequacy decisions

Contact Our Data Protection Officer

Our Data Protection Officer (DPO) is your primary contact for all GDPR-related matters. Whether you want to exercise your rights, report a concern, or ask questions about our data practices, we're here to help.

Email: dpo@bdmhub.com
Postal Address:
BDM Hub Data Protection Officer
123 Business District
Suite 456
London, UK EC1A 1BB
Response Time: Within 30 days (usually much faster)

Quick Response Guarantee

We acknowledge all GDPR requests within 48 hours and provide initial responses within 5 business days for urgent matters.

Common GDPR Requests

Data Access Request

Get a copy of all personal data we hold about you

Data Correction

Update or correct inaccurate personal information

Data Deletion

Request removal of your personal data

Data Portability

Export your data in a structured format

Marketing Opt-out

Withdraw consent for marketing communications

Need Help?

Not sure which request is right for you? Our DPO team can help you understand your options and guide you through the process.

Contact Our DPO Team

Supervisory Authority

If you're not satisfied with our response to your GDPR request or believe we're not complying with data protection law, you have the right to lodge a complaint with the relevant supervisory authority.

UK Residents

Information Commissioner's Office (ICO)

Wycliffe House
Water Lane
Wilmslow, Cheshire
SK9 5AF

Phone: 0303 123 1113

Website: ico.org.uk

EU Residents

You can contact the supervisory authority in your country of residence, place of work, or where you believe the infringement occurred.

Find your authority:

European Data Protection Board Directory

Before Filing a Complaint

We encourage you to contact us first so we can try to resolve your concern directly. Most issues can be addressed quickly and to your satisfaction without involving the supervisory authority.

Updates to This Policy

We may update this GDPR compliance page from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

How We'll Notify You

  • • Email notification to all registered users for significant changes
  • • Prominent notice on our website and dashboard
  • • Updated "last modified" date at the top of this page
  • • 30-day advance notice for material changes affecting your rights

Version History

v2.1 - October 5, 2025 Added data transfer mechanisms clarification
v2.0 - January 15, 2025 Major update for new service features
v1.0 - May 25, 2024 Initial GDPR compliance page published

Your Privacy Is Our Priority

We're committed to protecting your personal data and ensuring full GDPR compliance. If you have any questions or concerns, don't hesitate to reach out.

Contact Data Protection Officer Manage Your Account

Questions about your data? We typically respond within 24 hours.