📄 Read and download the full GDPR Compliance Policy on our trust portal:
https://trust.buildbetter.ai/resources?s=khy0s6atxmuealj7w7p01a&name=gdpr-compliance-policy-(en)

GDPR Compliance Policy Summary

Effective Date: January 1, 2023
Policy Owner: CEO

📌 Scope

This policy applies to all employees, contractors, and vendors of Build Better, Inc. with access to EU/EEA personal data.

🔐 Commitments

Build Better, Inc. ensures:

  • Legal basis for all data processing
  • Technical, physical, and administrative safeguards
  • Access to personal data is strictly need-to-know
  • Personal data is used only for authorized purposes
  • Encryption in transit and at rest
  • Secure disposal of all personal data
  • No third-party transfers without a signed Data Protection Addendum (DPA)

🧑‍💼 Key Roles

  • CEO / Policy Owner: Spencer Shulem
    📧 spencer@buildbetter.app | 📞 +1 (805) 680-6343
  • Data Protection Officer (DPO): Spencer Shulem
    • Ensures GDPR compliance and internal monitoring
    • Reviews DPIAs, breach responses, and processing records
    • Acts as main contact for supervisory authorities

Article 27 Representatives

  • EU Representative:
    Osano International Compliance Services Limited, Dublin, Ireland

  • UK Representative:
    Osano UK Compliance LTD, Belfast, UK

🛠️ Data Protection Measures

  • Encrypted storage & transmission
  • Secure shredding (paper), wiping or destruction (digital media)
  • Mandatory awareness training
  • SAR/DSAR procedures established
  • Maintains a Record of Processing Activity (RoPA) under Article 30

🔁 Data Subject Rights (DSAR/SAR)

Build Better, Inc. supports:

  • Access, Rectification, Erasure, Restriction, Portability, Objection, and Consent withdrawal
  • Requests handled via Privacy Page or privacy@buildbetter.ai
  • Requests acknowledged within 3 days, resolved within 25 days
  • Records of all SARs are maintained and auditable

🛡️ Breach & Disclosure

  • Follows GDPR breach notification requirements
  • All incidents reported to incidents@buildbetter.app
  • Will notify affected data subjects when required
  • External communications approved by CTO or DPO

📘 Enforcement & Reporting

  • Responsible: CTO & CEO
  • Noncompliance may result in disciplinary action, including termination
  • Good faith reporting is protected

📅 Version History

VersionDateDescriptionAuthor
1.010-AUG-2023Initial policySpencer Shulem

📄 Read and download the full GDPR Compliance Policy on our trust portal:
https://trust.buildbetter.ai/resources?s=khy0s6atxmuealj7w7p01a&name=gdpr-compliance-policy-(en)