EU Compliant

GDPR Compliance

Incade is fully compliant with the EU General Data Protection Regulation (GDPR).

Our Commitment

As a company registered in Poland (EU member state), Eurekana Sp. z o.o. is subject to and fully compliant with GDPR regulations. We take data protection seriously and have implemented comprehensive measures to ensure your data is processed lawfully, fairly, and transparently.

1

Data Controller

Eurekana Sp. z o.o. is the data controller for personal data processed through Incade.

Data Protection Officer (DPO)

Contact via contact form

Address: Warsaw, Poland

2

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

Request a copy of all personal data we hold about you, including what data we collect, how we use it, and who we share it with.

How to exercise: Use contact form with subject "Data Access Request"

Right to Rectification

Correct any inaccurate or incomplete personal data we hold about you.

How to exercise: Update directly in Settings → Profile or contact support

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data when it's no longer necessary for the purposes it was collected, or if you withdraw consent.

How to exercise: Settings → Account → Delete Account or contact privacy team

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances (e.g., while disputing data accuracy).

How to exercise: Contact us with your request

Right to Data Portability

Receive your personal data in a structured, commonly used, machine-readable format and transfer it to another service.

How to exercise: Settings → Export Data or contact privacy team

Right to Object

Object to processing based on legitimate interests or for direct marketing purposes.

How to exercise: Settings → Notifications or contact privacy team

Response Time: We will respond to all requests within 30 days (extendable to 60 days for complex requests). All requests are free of charge unless clearly excessive or repetitive.

3

Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract Performance: To provide Incade services as per our Terms of Service
  • Consent: For marketing communications (you can withdraw consent anytime)
  • Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
  • Legal Obligation: To comply with tax laws, financial reporting, and legal requirements
4

Data We Process

Personal Data

  • • Name, email, company name
  • • IP address, browser type, device information
  • • Payment information (processed by Stripe, not stored by us)

Business Data

  • • Advertising campaign data (metrics, performance, spend)
  • • Revenue data (transactions, conversions)
  • • Platform connection tokens (encrypted)
5

Data Transfers

Your data may be transferred outside the European Economic Area (EEA) to our service providers. We ensure adequate protection through:

  • • Standard Contractual Clauses (SCCs) approved by the European Commission
  • • Adequacy Decisions for countries deemed to have adequate protection
  • • Appropriate Safeguards as required by GDPR Article 46

Contact our DPO for a copy of the safeguards we have in place.

6

Data Retention

We retain data only as long as necessary:

  • Active accounts: While your subscription is active
  • Cancelled accounts: 30 days after cancellation (for reactivation)
  • Financial records: 7 years (legal requirement)
  • Marketing data: Until consent is withdrawn
7

Security Measures

We implement state-of-the-art security measures:

  • • End-to-end encryption (TLS/SSL) for data transmission
  • • Encryption at rest for stored data
  • • Regular security audits and penetration testing
  • • Access controls and multi-factor authentication
  • • Employee training on data protection
  • • Incident response procedures
8

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33.

9

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For Poland (our registered location):

President of the Personal Data Protection Office (PUODO)

Website: uodo.gov.pl

Email: kancelaria@uodo.gov.pl

Contact Our DPO

For any GDPR-related questions, requests, or concerns: Contact DPO.

Data Protection Officer — Eurekana Sp. z o.o., Warsaw, Poland

GDPR questions or data requests?

Our Data Protection Officer is available to handle all GDPR-related inquiries, data access requests, and erasure requests.

Contact Privacy Team