GDPR Compliance

How we protect your data and comply with the General Data Protection Regulation

Our Commitment to GDPR Compliance

At Advent Labs, we are committed to protecting your personal data and ensuring compliance with the General Data Protection Regulation (GDPR). This page outlines how we adhere to GDPR principles and what rights you have regarding your personal data.

What is GDPR?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas and aims to give control to individuals over their personal data.

How We Process Your Data

We process personal data in accordance with the following GDPR principles:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner.
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes.
  • Data minimization: We ensure that personal data is adequate, relevant, and limited to what is necessary.
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
  • Storage limitation: We keep personal data for no longer than necessary.
  • Integrity and confidentiality: We process data in a manner that ensures appropriate security.
  • Accountability: We take responsibility for complying with GDPR principles.

Legal Basis for Processing

We process your personal data on one or more of the following legal bases:

Consent

When you have given clear consent for us to process your personal data for a specific purpose.

Contract

When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.

Legal Obligation

When processing is necessary for compliance with a legal obligation to which we are subject.

Legitimate Interests

When processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

Your Rights Under GDPR

Under GDPR, you have the following rights regarding your personal data:

  • Right to be informed: You have the right to be informed about the collection and use of your personal data.
  • Right of access: You have the right to request copies of your personal data.
  • Right to rectification: You have the right to request that we correct any inaccurate personal data.
  • Right to erasure: You have the right to request that we delete your personal data in certain circumstances.
  • Right to restrict processing: You have the right to request that we restrict the processing of your personal data.
  • Right to data portability: You have the right to request that we transfer your personal data to another organization or directly to you.
  • Right to object: You have the right to object to the processing of your personal data in certain circumstances.
  • Rights related to automated decision-making and profiling: You have rights related to automated decision-making and profiling.

Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data
  • Regular testing, assessing, and evaluating the effectiveness of security measures
  • Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Staff training on data protection and security

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission, Binding Corporate Rules, or other legally recognized mechanisms.

Data Breach Procedures

In the event of a personal data breach, we have procedures in place to detect, report, and investigate such a breach. We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible, and will notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms.

How to Exercise Your Rights

To exercise any of your rights under GDPR, please contact our Data Protection Officer at:

Email: privacy@adventlabs.ai

We will respond to your request within one month. This period may be extended by two further months where necessary, taking into account the complexity and number of requests.

Complaints

If you have a concern about our privacy practices, including the way we handle your personal data, you can contact our Data Protection Officer. You also have the right to lodge a complaint with the data protection authority in the EU member state where you reside, where you work, or where an alleged infringement of GDPR has occurred.

Last updated: March 30, 2025