ConformVaultConformVault

GDPR Compliance

Product of: Les Entreprises SecuAAS Inc.
NEQ: 1177504777
Domain: conformvault.com
Last updated: 2026-03-04

7.1 Application

The General Data Protection Regulation (GDPR, EU Regulation 2016/679) applies when ConformVault processes personal data of individuals located in the European Economic Area (EEA). SecuAAS proactively applies the principles of the GDPR as part of its commitment to international best practices in data protection.

7.2 Legal Basis for Processing

Depending on the context, SecuAAS bases the processing of personal data on the following legal grounds (Art. 6 GDPR):

  • Performance of a contract (Art. 6(1)(b)) — Provision of ConformVault services
  • Consent (Art. 6(1)(a)) — Non-essential cookies, marketing communications
  • Legitimate interests (Art. 6(1)(f)) — Platform security, fraud prevention
  • Legal obligation (Art. 6(1)(c)) — Retention of billing data

7.3 Rights of Data Subjects

If you are located in the EEA, you have the following rights:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right not to be subject to automated decision-making (Art. 22)

To exercise your rights: dpo@secuaas.com — Response time: 30 days (extendable by 60 days in case of complexity, with notification).

7.4 International Transfers

SecuAAS is established in Canada. The European Commission has recognized Canada as providing an adequate level of protection (adequacy decision 2002/2/EC) for data transfers under the PIPEDA regime.

For transfers to subcontractors located in the United States, SecuAAS relies on:

  • European Commission standard contractual clauses (SCC), where applicable
  • Transfer Impact Assessments (TIA)
  • Additional technical measures (encryption, minimization, transient processing)

7.5 Data Protection Officer (DPO)

SecuAAS is not legally required to appoint a DPO under Article 37 of the GDPR. However, GDPR-related requests may be directed to dpo@secuaas.com.

7.6 Supervisory Authority

If you believe that the processing of your data infringes the GDPR, you have the right to lodge a complaint with the supervisory authority of your Member State of residence.

7.7 Record of Processing Activities

SecuAAS maintains a record of processing activities in accordance with Article 30 of the GDPR, available upon request from the DPO.

Les Entreprises SecuAAS Inc. — Quebec, Canada
Last updated: 2026-03-04

1

Cookies & Law 25 Compliance

ConformVault only uses essential cookies for authentication and security. Our internal analytics system is 100% compliant with Quebec's Law 25: no IP addresses, no tracking cookies, no digital fingerprinting, and no personal information is collected or stored.

Law 25 — No personal information collected. Hosted in Quebec.

Learn more in our Cookie Policy and Law 25 Compliance.