GDPR Compliance
Data Protection Rights for European Union Residents
Wowra Chatbot is committed to protecting the privacy and personal data of all European Union (EU) residents in accordance with the General Data Protection Regulation (GDPR). This page outlines your rights under GDPR and explains how we comply with EU data protection laws.
As a data controller and processor, we implement appropriate technical and organizational measures to ensure the protection of your personal data and respect your fundamental rights to privacy and data protection.
EU Residents: This page is specifically designed for individuals whose personal data is processed under EU GDPR. If you are not an EU resident, please refer to our main Privacy Policy.
We process your personal data based on one or more of the following legal bases under GDPR Article 6:
Contractual Necessity (Article 6(1)(b))
Processing necessary to perform our contract with you, including providing AI services, account management, and customer support.
Legitimate Interests (Article 6(1)(f))
Improving our services, preventing fraud, ensuring security, and conducting analytics where our interests do not override your fundamental rights.
Consent (Article 6(1)(a))
Marketing communications, optional analytics, and other processing activities where we have obtained your explicit consent.
Legal Obligation (Article 6(1)(c))
Compliance with legal requirements, such as tax obligations, record keeping, and regulatory reporting.
Under GDPR, you have the following rights regarding your personal data:
Right of Access (Article 15)
Request a copy of your personal data and information about how it's processed.
Right to Rectification (Article 16)
Correct inaccurate or incomplete personal data.
Right to Erasure (Article 17)
Request deletion of your personal data ("right to be forgotten").
Right to Restrict Processing (Article 18)
Limit how we process your personal data in certain circumstances.
Right to Data Portability (Article 20)
Receive your data in a machine-readable format or transfer it to another service.
Right to Object (Article 21)
Object to processing based on legitimate interests or for direct marketing.
Exercise Your Rights: Contact our Data Protection Officer at dpo@wowra.com to exercise any of these rights. We will respond within 30 days.
| Data Category | Processing Purpose | Legal Basis | Retention |
|---|---|---|---|
| Account Information | Service provision, authentication | Contract | Account lifetime |
| Conversation Data | AI processing, service improvement | Contract + Legitimate interest | 30 days |
| Voice Recordings | Voice synthesis, processing | Contract | 7 days |
| Usage Analytics | Service optimization, security | Legitimate interest | 2 years |
| Marketing Data | Communications, promotions | Consent | Until withdrawn |
Some of our service providers are located outside the European Economic Area (EEA). We ensure adequate protection for international transfers through:
EU-US Data Privacy Framework
For transfers to certified US companies that participate in the EU-US Data Privacy Framework.
Standard Contractual Clauses (SCCs)
EU Commission-approved contractual clauses that ensure adequate data protection standards.
Adequacy Decisions
Transfers to countries recognized by the EU Commission as providing adequate protection.
Our Key Processors:
- • OpenAI (US): EU-US Data Privacy Framework participant
- • ElevenLabs (US): Standard Contractual Clauses
- • Cloud Infrastructure: EU-based servers with data localization
We have appointed a Data Protection Officer to oversee GDPR compliance and act as your point of contact for data protection matters.
Contact Our DPO
Email: dpo@wowra.com
Response Time: Within 72 hours for urgent matters
Languages: English, French, German, Spanish
The DPO can help you with:
- Exercising your GDPR rights
- Understanding how your data is processed
- Filing complaints about data protection
- Providing guidance on consent and data usage
We implement comprehensive security measures to protect your personal data:
Technical Measures
- End-to-end encryption for data in transit
- AES-256 encryption for data at rest
- Regular security assessments and penetration testing
- Multi-factor authentication for system access
- Automated backup and disaster recovery systems
- Network segregation and firewall protection
Organizational Measures
- Privacy by design and by default principles
- Regular staff training on data protection
- Data Processing Impact Assessments (DPIAs)
- Incident response and breach notification procedures
- Regular audits and compliance reviews
- Vendor due diligence and management
In the unlikely event of a data breach that may result in high risk to your rights and freedoms, we will notify you without undue delay and no later than 72 hours after becoming aware of the breach.
What We Will Tell You
- • Nature of the breach and categories of data affected
- • Likely consequences of the breach
- • Measures taken to address the breach
- • Steps you can take to protect yourself
How We Will Contact You
- • Email to your registered address
- • In-app notification when you next log in
- • Public notice on our website if we cannot reach you directly
You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements.
EU Supervisory Authorities
You can contact the supervisory authority in your country of residence, workplace, or where the alleged infringement occurred.
Find your local authority: European Data Protection Board
We encourage you to contact us first so we can try to resolve any concerns directly.
Data Controller
Company: Wowra Chatbot
Address: [Your EU Business Address]
Email: privacy@wowra.com
Phone: [Your EU Phone Number]
Data Protection Officer
DPO Email: dpo@wowra.com
Response Time: 72 hours
Office Hours: Mon-Fri, 9 AM-6 PM CET
Emergency: 24/7 for data breaches