GDPR Compliance Statement

GDPR Compliance Statement

Effective Date: 25 July 2025
Last Updated: 25 July 2025

Deepserp Limited (“Deepserp”, “we”, “our”, or “us”) is committed to protecting the personal data of its users, clients, partners, and employees in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and, where applicable, the EU GDPR.

This page outlines our data protection principles, how we comply with GDPR, and how we empower data subjects to exercise their rights.

1. Our Role Under the GDPR

Depending on the context, Deepserp acts as either:

  • Data Controller – when we determine the purposes and means of processing (e.g., user account data, email communications, billing).
  • Data Processor – when we process data on behalf of our customers (e.g., if users submit personal data through their Deepserp accounts, for tracking or auditing purposes).

Where we process data as a processor, we enter into Data Processing Agreements (DPAs) with our customers, ensuring full compliance with Article 28 of the UK/EU GDPR.

2. Lawful Bases for Processing

We only process personal data where we have a valid lawful basis under Article 6 of the UK GDPR, including:

  • Consent (e.g., email marketing opt-in)
  • Contractual necessity (e.g., providing paid subscriptions)
  • Legal obligation (e.g., tax and accounting compliance)
  • Legitimate interests (e.g., platform security, analytics)

Each processing activity is documented and mapped in our internal GDPR records (ROPA – Records of Processing Activities).

3. Data Subject Rights

Under GDPR, you have the right to:

  • Access – receive a copy of the data we hold about you
  • Rectification – correct inaccurate or incomplete data
  • Erasure (“right to be forgotten”) – request deletion of your data
  • Restriction – limit how we process your data
  • Portability – receive your data in a structured, machine-readable format
  • Objection – object to data processing based on legitimate interest or direct marketing
  • Withdraw Consent – at any time, where processing is based on consent

To exercise these rights, contact us at: privacy@deepserp.com
We will respond within one calendar month, as required under UK GDPR.

You also have the right to lodge a complaint with the UK’s Information Commissioner’s Office (ICO):
https://ico.org.uk/make-a-complaint/

4. International Data Transfers

Where Deepserp or its subprocessors transfer data outside the UK or EEA, we ensure adequate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the UK and EU
  • International Data Transfer Agreements (IDTAs)
  • Adequacy decisions recognised by the UK government or European Commission

5. Subprocessors and Third-Party Providers

We use trusted subprocessors to deliver our Services (e.g., hosting, analytics, payment processing). All subprocessors are subject to strict data protection terms and security reviews.

A full list of subprocessors is available upon request or under a separate Data Processing Agreement.

We never sell or rent user data to third parties.

6. Data Retention & Deletion

We retain personal data only as long as necessary for:

  • Contract performance
  • Legal obligations (e.g., tax law)
  • Dispute resolution
  • Business continuity

Users may request deletion of their data at any time. Where possible, we also offer self-service account deletion in the user dashboard.

7. Security and Safeguards

We implement appropriate technical and organisational measures (TOMs), including:

  • End-to-end encryption
  • Role-based access controls
  • Pseudonymisation and anonymisation strategies (where applicable)
  • Secure coding practices
  • Vendor risk assessments
  • Regular internal audits

We maintain a documented Information Security Policy and conduct periodic risk assessments, including Data Protection Impact Assessments (DPIAs) where required.

8. Cookies and Tracking Technologies

We use essential, performance, and analytics cookies. Full details are provided in our Cookie Policy.

You can manage your cookie preferences through your browser settings or via our consent banner.

9. Data Breaches

In the event of a personal data breach, we will:

  • Notify the ICO within 72 hours (if required)
  • Inform affected users without undue delay (where high risk is identified)
  • Document all incidents in our Breach Register

10. Contact Details

For all GDPR-related enquiries, data access requests, or DPA contract matters, contact:

Data Protection Officer
Deepserp Limited
86-90 Paul Street
London, EC2A 4NE
United Kingdom
Email: privacy@deepserp.com

11. Updates to This Statement

We may update this GDPR Statement periodically to reflect regulatory changes or internal practices. All updates will be posted to this page with an updated “Effective Date.”

© 2025 Deepserp Limited. All rights reserved.

Be found in AI.
Shape the answers that now drive your customers' decisions.

Choose Planicon
4.8 / 5
based on real user feedback