# GDPR Compliance Guide

## Effective Date: July 5, 2025

## Introduction

This document outlines OpenGIFame's compliance with the General Data Protection Regulation (GDPR) and your rights as a data subject. The GDPR gives you specific rights regarding your personal data, and we are committed to respecting and facilitating these rights.

## Your Rights Under GDPR

### 1. Right to Information (Article 13-14)

You have the right to know:

- What personal data we collect
- Why we collect it
- How long we keep it
- Who we share it with
- Your rights regarding this data

This information is detailed in our [Privacy Policy](./PRIVACY.md).

### 2. Right of Access (Article 15)

You have the right to:

- Confirm whether we process your personal data
- Access your personal data
- Receive information about how we process it

**How to exercise this right:**

1. Sign in to your OpenGIFame account
2. Go to Account Settings → Privacy & Data
3. Click "Download My Data" to receive a complete copy of your data
4. Alternatively, contact us at [privacy@opengifame.com] with your request

### 3. Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data.

**How to exercise this right:**

1. **Profile Information**: Update directly in Account Settings
2. **Content**: Edit your uploaded images, titles, and descriptions
3. **Other Data**: Contact us at [privacy@opengifame.com] for assistance

### 4. Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to request deletion of your personal data when:

- The data is no longer necessary for the original purpose
- You withdraw consent
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- Deletion is required for legal compliance

**See the "Complete Account Deletion" section below for detailed instructions.**

### 5. Right to Restrict Processing (Article 18)

You can request we limit how we use your data while we:

- Verify the accuracy of your data
- Determine legitimate grounds for processing
- Handle your objection to processing

**How to exercise this right:**
Contact us at [privacy@opengifame.com] with your specific request.

### 6. Right to Data Portability (Article 20)

You have the right to:

- Receive your personal data in a structured, commonly used format
- Transfer your data to another service

**How to exercise this right:**

1. Go to Account Settings → Privacy & Data
2. Click "Export Data" to download your data in JSON format
3. This includes your profile, uploaded images, comments, and voting history

### 7. Right to Object (Article 21)

You can object to processing based on:

- Legitimate interests
- Direct marketing
- Profiling

**How to exercise this right:**
Contact us at [privacy@opengifame.com] to discuss your objection.

### 8. Rights Related to Automated Decision Making (Article 22)

We do not use automated decision-making or profiling that significantly affects you. Our recommendation algorithms are designed to enhance user experience and do not make decisions that have legal or similarly significant effects.

## Complete Account Deletion Guide

### What Gets Deleted

When you delete your account, we will permanently remove:

- **Account Information**: Name, email, profile picture, and all account settings
- **Authentication Data**: All login credentials and session tokens
- **Uploaded Content**: All images, titles, and descriptions you've uploaded
- **Social Activity**: All comments, votes (upvotes/downvotes), and reactions
- **Metadata**: Upload timestamps, IP addresses, and activity logs
- **Tags**: Any tags you created (if not used by other users)

### What Happens to Your Content

- **Your Images**: Permanently deleted from our servers and CDN
- **Your Comments**: Removed from all discussions
- **Your Votes**: All voting records are deleted
- **Content References**: Any references to your deleted content are cleaned up

### Before You Delete Your Account

**Important considerations:**

1. **Irreversible Action**: Account deletion cannot be undone
2. **Download Your Data**: Export your data first if you want to keep copies
3. **Active Discussions**: Your comments in discussions will be removed
4. **Shared Content**: Any images you've shared will no longer be accessible

### Step-by-Step Deletion Process

#### Method 1: Self-Service Deletion (Recommended)

1. **Sign in** to your OpenGIFame account
2. **Navigate** to Account Settings → Privacy & Data
3. **Review** the "Delete Account" section warnings
4. **Optional**: Download your data using "Export Data" button
5. **Click** "Delete My Account"
6. **Confirm** by typing "DELETE" in the confirmation field
7. **Enter** your password to verify identity
8. **Final Confirmation**: Click "Permanently Delete Account"

#### Method 2: Contact-Based Deletion

If you cannot access your account:

1. **Email** us at [privacy@opengifame.com]
2. **Include** the following information:
   - Full name associated with the account
   - Email address used for registration
   - Approximate account creation date
   - Reason you cannot access the account
3. **Verification**: We may ask for additional verification
4. **Processing**: We'll process your request within 30 days

### Deletion Timeline

- **Immediate**: Account becomes inaccessible
- **24 hours**: Content removed from public view
- **7 days**: Data purged from active systems
- **30 days**: Complete removal from all backups and archives
- **90 days**: Final verification that all data has been removed

### Data We May Retain

In limited circumstances, we may retain some information for:

**Legal Compliance**:

- Transaction records (if applicable)
- Compliance with data retention laws
- Evidence for legal proceedings

**Security and Fraud Prevention**:

- Anonymized security logs (without personal identifiers)
- Records of policy violations or fraudulent activity

**Technical Requirements**:

- Anonymized analytics data (aggregated, non-personal)
- System performance metrics

### Exceptions to Deletion

We may be unable to delete data if:

- **Legal Hold**: Data is subject to legal proceedings
- **Regulatory Requirements**: Required by law to retain specific data
- **Public Interest**: Data is required for public health or safety
- **Technical Impossibility**: Data is technically impossible to isolate and delete

## Exercising Your Rights

### Response Time

We will respond to your requests:

- **Acknowledgment**: Within 72 hours
- **Complete Response**: Within 30 days (extendable to 60 days for complex requests)

### Verification Process

To protect your privacy, we may need to verify your identity before processing requests:

1. **Account Access**: Sign in to your account when possible
2. **Email Verification**: Confirm ownership of the registered email
3. **Additional Verification**: Answer security questions if needed

### No Cost

Exercising your GDPR rights is free of charge. However, we may charge a reasonable fee for:

- Manifestly unfounded or excessive requests
- Additional copies of data beyond the first free copy

### Appeal Process

If you're not satisfied with our response:

1. **Contact** our Data Protection Officer at [dpo@opengifame.com]
2. **Escalate** to your local supervisory authority
3. **EU Residents**: Contact your national data protection authority
4. **UK Residents**: Contact the Information Commissioner's Office (ICO)

## Technical Implementation

### Data Mapping

We maintain a comprehensive data map showing:

- What personal data we collect
- Where it's stored
- How it's processed
- Retention periods
- Sharing arrangements

### Security Measures

- **Encryption**: All personal data is encrypted at rest and in transit
- **Access Controls**: Strict access controls and audit logs
- **Regular Audits**: Quarterly security and privacy audits
- **Staff Training**: Regular GDPR training for all staff

### Data Processing Records

We maintain detailed records of:

- Processing activities
- Legal basis for processing
- Data sharing agreements
- Retention schedules
- Security measures

## Contact Information

### Data Protection Officer (DPO)

- **Email**: [dpo@opengifame.com]
- **Response Time**: Within 72 hours

### Privacy Team

- **Email**: [privacy@opengifame.com]
- **Response Time**: Within 24 hours for urgent matters

### Supervisory Authorities

If you believe we have not complied with GDPR:

**EU Residents**: Contact your national data protection authority
**UK Residents**: Information Commissioner's Office (ICO)

- Website: ico.org.uk
- Helpline: 0303 123 1113

## Updates to This Document

We may update this GDPR compliance guide to reflect:

- Changes in data protection law
- Updates to our data processing practices
- Feedback from supervisory authorities
- User feedback and requests

**Notification**: We will notify you of significant changes through:

- Email notification to registered users
- Notice on our platform
- Updated "Effective Date" at the top of this document

## Additional Resources

- [Privacy Policy](./PRIVACY.md) - Comprehensive privacy information
- Terms of Service - Platform usage terms (coming soon)
- Data Processing Agreement - For business users (coming soon)
- Cookie Policy - Information about cookies and tracking (coming soon)

---

*This document was last updated on July 5, 2025. For questions about GDPR compliance, contact our privacy team at [privacy@opengifame.com].*