GDPR Compliance

Our GDPR Commitment

SIPCREW is committed to protecting your personal data and respecting your privacy rights under the General Data Protection Regulation (GDPR) and other applicable data protection laws. This page explains how we comply with GDPR requirements and how you can exercise your rights.

1. Your Rights Under GDPR

As an EU/EEA resident, you have the following rights:

Right to Access (Article 15)

You have the right to request a copy of the personal data we hold about you. This includes:

What personal data we process
Why we process it
Who we share it with
How long we keep it
Your rights regarding this data

Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data. You can:

Update your account information directly in your dashboard
Request corrections to data you cannot edit yourself
Have incomplete data completed

Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data when:

The data is no longer necessary for its original purpose
You withdraw consent (where consent was the basis)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed

Note: We may need to retain certain data for legal obligations (e.g., accounting records, regulatory compliance) for up to 7 years.

Right to Restriction of Processing (Article 18)

You can request that we limit how we use your data while:

We verify the accuracy of disputed data
You establish whether our legitimate grounds override your objection
You need data for legal claims, but we no longer need it

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format. We provide data exports in:

JSON format for technical data
CSV format for tabular data
PDF format for documents and records

Right to Object (Article 21)

You have the right to object to:

Processing based on legitimate interests
Direct marketing (including profiling)
Processing for scientific/historical research or statistics

Right to Withdraw Consent (Article 7)

Where we rely on your consent to process data, you can withdraw that consent at any time. This includes:

Marketing communications
Non-essential cookies
Optional data processing activities

Withdrawing consent does not affect the lawfulness of processing based on consent before withdrawal.

Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with your local data protection authority if you believe we have violated your data protection rights.

EU Data Protection Authorities:

Find Your Local Authority

2. How We Process Your Data

Legal Basis for Processing

We process your personal data under the following legal bases:

Contract Performance

Processing necessary to provide VoIP services you've contracted for

Legal Obligation

Compliance with telecommunications regulations, tax laws, KYC/AML requirements

Consent

Marketing communications, non-essential cookies, optional features

Legitimate Interests

Service improvement, fraud prevention, network security

3. Data Protection Measures

We implement comprehensive technical and organizational measures to protect your data:

🔒 Technical Measures

End-to-end encryption (TLS/SSL, AES-256)
Multi-factor authentication
Regular security audits and penetration testing
Intrusion detection and prevention systems
Automated backup and disaster recovery

👥 Organizational Measures

Role-based access controls
Regular staff training on data protection
Data protection impact assessments (DPIAs)
Vendor management and due diligence
Incident response procedures

📜 Certifications & Compliance

SOC 2 Type II certified
ISO 27001 certified
GDPR compliant data processing agreements
Regular third-party audits

4. International Data Transfers

When we transfer data outside the EU/EEA, we ensure adequate protection through:

Safeguards for International Transfers

EU-US Data Privacy Framework: For transfers to participating US companies
Standard Contractual Clauses (SCCs): EU Commission-approved contracts
Binding Corporate Rules: For intra-group transfers
Adequacy Decisions: Transfers to countries with adequate protection

Transparency: We maintain a register of all international data transfers and the safeguards in place. Contact our DPO for more information.

5. Data Breach Notification

In compliance with GDPR Article 33 and 34:

Authority Notification: We will notify relevant supervisory authorities within 72 hours of becoming aware of a breach
User Notification: We will notify affected users without undue delay if the breach is likely to result in high risk to their rights
Breach Register: We maintain records of all data breaches, including facts, effects, and remedial action

Report a Security Concern:

Email: security@sipcrew.com

6. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our GDPR compliance and handle data protection queries. You can contact our DPO regarding:

Questions about how we process your data
Exercising your GDPR rights
Data protection concerns or complaints
Information about our data practices

Data Protection Officer

Name: [DPO Name]

Email: dpo@sipcrew.com

Phone: +1 (234) 567-890

Address: [Your Business Address]

7. How to Exercise Your Rights

You can exercise your GDPR rights through:

Account Dashboard

Manage most settings directly

Email Request

Email our DPO directly

Send Email

Request Form

Submit structured request

Response Times:

We will acknowledge your request within 3 business days
We will respond to your request within 30 days
Complex requests may take up to 60 days (we'll inform you if this is the case)
All requests are handled free of charge

8. Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact our DPO immediately.