Last updated: January 2025
VoiceHub is committed to full compliance with the General Data Protection Regulation (GDPR), the EU's comprehensive data protection law. We process personal data lawfully, fairly, and transparently, and we respect the rights of all data subjects. This page outlines our GDPR compliance measures and your rights under the regulation.
We process personal data under the following lawful bases as defined in Article 6 of the GDPR:
Under the GDPR, you have the following rights regarding your personal data:
You have the right to request a copy of all personal data we hold about you. We will provide this within 30 days in a structured, commonly used format.
You have the right to correct inaccurate or incomplete personal data without undue delay.
You have the right to request deletion of your personal data when there is no compelling reason for us to continue processing it.
You have the right to request that we limit the processing of your personal data in certain circumstances.
You have the right to receive your personal data in a machine-readable format and transmit it to another controller.
You have the right to object to processing based on legitimate interests or for direct marketing purposes.
Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing before withdrawal.
We have appointed a Data Protection Officer (DPO) as required by Article 37 of the GDPR. Our DPO oversees our data protection strategy and GDPR compliance.
When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place as required by Chapter V of the GDPR:
We have implemented comprehensive data breach procedures in accordance with Articles 33 and 34 of the GDPR:
In accordance with Article 25 of the GDPR, we implement privacy by design and by default principles. Our services are designed with data protection built-in from the ground up. We collect only the minimum data necessary (data minimization), use pseudonymization and encryption by default, and ensure that personal data is not made publicly accessible without explicit action. Our technical and organizational measures are regularly reviewed and updated.
We conduct Data Protection Impact Assessments (DPIAs) as required by Article 35 for processing operations that are likely to result in high risk to individual rights. Our DPIAs systematically describe processing operations, assess necessity and proportionality, evaluate risks to data subjects, and outline measures to mitigate those risks. DPIAs are reviewed and updated regularly, especially when there are changes to processing activities.
When we engage third-party processors, we ensure GDPR-compliant processor agreements are in place as required by Article 28:
We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:
You can exercise your GDPR rights by contacting us through any of the following methods:
We will respond to your request within 30 days. In complex cases, we may extend this by an additional 60 days and will notify you of the extension. We may request additional information to verify your identity before processing your request.
You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state of your residence, workplace, or where an alleged infringement occurred. While we encourage you to contact us first to resolve any concerns, you may file a complaint with your local data protection authority at any time. A list of EU supervisory authorities can be found at: https://edpb.europa.eu/about-edpb/board/members_en