GDPR Compliance

1. Our Commitment

Pitchin is fully committed to compliance with the General Data Protection Regulation (GDPR) for all EU residents. We believe in the fundamental right to digital privacy and have built our processes around the principles of data minimization, transparency, and security.

2. Data Controller vs. Data Processor

As a Data Controller: When you submit a contact form on our website or apply for a job, Pitchin acts as the Data Controller. We decide how and why that data is processed.

As a Data Processor: When we build software for your business, we typically act as a Data Processor. We process data on your behalf according to your strict instructions as detailed in the Data Processing Agreement (DPA).

3. Lawful Basis for Processing

Under GDPR, we process data based on:

• Consent: When you explicitly opt-in to newsletters or analytics.
• Contract: When processing is necessary to fulfill a service contract or provide a quote.
• Legitimate Interest: For security monitoring and preventing fraud.

4. Subject Access Requests (SAR)

EU citizens have the right to request a copy of the personal data we hold about them. To make a SAR, please email our Data Protection Officer. We will respond within 30 days free of charge.

5. Right to Erasure ("Right to be Forgotten")

You may request the permanent deletion of your personal data at any time. Except where we are legally obligated to retain certain records (e.g., for tax purposes), we will securely delete your data from our active systems and backups.

6. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee compliance. You can reach the DPO directly at dpo@pitchin.mobi.