Scope
This notice applies when SuportLayer processes personal data of individuals in the European Union or European Economic Area, or when EU law otherwise applies to our processing. It supplements our Privacy Policy and, where you embed SuportLayer on your site, your role as controller for visitor data.
Lawful bases
We rely on contract performance for providing the platform, legitimate interests for security and product improvement (balanced against your rights), consent where required (e.g. certain cookies or marketing), and legal obligation where applicable.
Data subject rights (EU)
You may exercise GDPR rights by contacting us. We verify requests and respond within one month, extendable where permitted. Rights include access, rectification, erasure, restriction, portability, objection, and withdrawal of consent without affecting prior lawful processing.
- Right of access and copy of your data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten") where applicable
- Right to restrict or object to certain processing
- Right to data portability in a structured format
- Right to lodge a complaint with your local supervisory authority
Processors and transfers
When we act as processor for your visitor chat data, we process only on documented instructions, assist with DPIAs and breach notification where required, and use subprocessors under Article 28 terms. International transfers use appropriate safeguards such as Standard Contractual Clauses where data leaves the EEA.
DPA and records
Business customers may request our Data Processing Agreement (DPA) covering Article 28 obligations, subprocessor list, and security measures. We maintain records of processing activities as required for our role as controller and processor.