Data Protection Policy

Last Updated: January 2025

WeConsent is committed to complying with the General Data Protection Regulation (GDPR), the UK Data Protection Act, and all applicable US privacy laws to ensure your personal data is handled with the utmost care and security.

1. Principles of Data Protection

  • Lawfulness, fairness, and transparency: We process your data in compliance with legal requirements and with full transparency.
  • Purpose limitation: We collect data only for specified, explicit, and legitimate purposes.
  • Data minimization: We only collect data that is necessary for the intended purpose.
  • Accuracy: We keep personal data accurate and up to date.
  • Storage limitation: We retain personal data only for as long as necessary.
  • Integrity and confidentiality: We ensure appropriate security of personal data.

2. Data Controller

WeConsent Ltd is the data controller for personal data collected through our app and website.

3. Data Subject Rights

  • Right to be informed: You have the right to know how we use your personal data.
  • Right of access: You can request copies of your personal data.
  • Right to rectification: You can request correction of inaccurate data.
  • Right to erasure: You can request deletion of your personal data.
  • Right to restrict processing: You can request limitation of how we use your data.
  • Right to data portability: You can request transfer of your data to another organization.
  • Right to object: You can object to certain types of processing.

4. Data Retention

We retain user data only as long as necessary for the purposes for which it was collected or as required by law.

Regular reviews are conducted to ensure data is not kept longer than necessary. When data is no longer needed, it is securely deleted or anonymized.

5. Security Measures

Technical Security

  • End-to-end encrypted data transmission and storage
  • Secure socket layer (SSL) technology
  • Regular security vulnerability assessments
  • Encrypted database storage

Access Controls

  • Multi-factor authentication for system access
  • Role-based access controls
  • Regular access right reviews
  • Secure authentication protocols

6. Breach Notification

In the event of a data breach, we will notify affected users and relevant regulatory authorities within 72 hours in compliance with GDPR requirements.

Our breach response protocol includes immediate containment, assessment of impact, notification procedures, and measures to prevent recurrence.

Contact Us

If you have any questions, please contact us:

support@weconsent.app