Simplified GDPR Notice

1. Roles

Under the General Data Protection Regulation (GDPR), WorkBlofet acts in two distinct capacities:

  • Data Controller: Regarding your account information, billing details, and direct interaction data with our platform.
  • Data Processor: Regarding the personal data (e.g., leads) you collect using our funnels. You act as the Controller for this data.

2. Legal Bases for Processing

  • Contract Performance: Processing required to provide you with the WorkBlofet software services.
  • Legitimate Interests: Processing necessary for platform security, fraud prevention, and basic usage analytics.
  • Consent: Where applicable (e.g., optional marketing communications or non-essential cookies), we rely on your explicit consent, which you may withdraw at any time.

3. Data Subject Rights

If you are located in the EEA or UK, you have the right to request Access, Rectification, Erasure, Portability, Restriction, and Objection to processing regarding your personal data. You may also withdraw any previously granted consent.

4. DSAR Process

To submit a Data Subject Access Request (DSAR) or exercise your rights, please email privacy@workblofet.com. We will respond to your request within 30 days.

5. International Transfers

Your data may be processed in the United States. Where we transfer personal data originating from the EEA or UK outside of those regions, we may rely on Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms to ensure adequate protection.

6. Sub-processors

We engage the following third-party sub-processors to assist in delivering our service:

  • Stripe: Payment processing.
  • PostHog: Application structure and usage analytics.
  • Cloudflare: Content delivery network and security routing.

7. Retention & Security

We adhere to the principle of data minimization, retaining data only for as long as strictly necessary to fulfill the stated processing purposes. We employ reasonable and appropriate technical and organizational security measures to protect this data.

8. Complaints

If you believe our processing of your personal data infringes data protection laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection in your country of residence.