GDPR Compliance

Last updated: 8/25/2025

Introduction

This page provides information about how Paxley LLC complies with the General Data Protection Regulation (GDPR) and your rights as a data subject under EU law. We are committed to protecting your personal data and ensuring transparency in our data processing activities.

Data Controller Information

Data Controller: Paxley LLC

Address: 1317 Edgewater Dr, Ste 2494, Orlando, FL 32804, USA

Email: privacy@justinharbour.com

Data Protection Officer: Justin Harbour

Website: justinharbour.com

Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Right of Access (Article 15)

You have the right to obtain confirmation as to whether personal data concerning you is being processed, and access to that data including:

The purposes of processing
The categories of personal data
The recipients or categories of recipients
The retention period
Your rights regarding the data

Right to Rectification (Article 16)

You have the right to obtain rectification of inaccurate personal data and to have incomplete personal data completed.

Right to Erasure ('Right to be Forgotten') (Article 17)

You have the right to obtain erasure of personal data concerning you under certain circumstances, including:

The data is no longer necessary for the original purpose
You withdraw consent and there is no other legal ground for processing
The data has been unlawfully processed
Erasure is required for compliance with legal obligations

Right to Restriction of Processing (Article 18)

You have the right to obtain restriction of processing when:

You contest the accuracy of the data (for a period enabling verification)
Processing is unlawful and you oppose erasure
We no longer need the data but you require it for legal claims
You have objected to processing pending verification of legitimate grounds

Right to Data Portability (Article 20)

You have the right to receive personal data concerning you in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests, direct marketing, or profiling.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to automated decision-making, including profiling, which produces legal effects or significantly affects you.

Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

Processing Activity	Legal Basis
Account creation and authentication	Performance of contract
Consulting services delivery	Performance of contract
Communication and support	Legitimate interests
Security and fraud prevention	Legitimate interests
Analytics (anonymized)	Legitimate interests
Legal compliance	Legal obligation

Data Processing Principles

We process personal data in accordance with GDPR principles:

Lawfulness, fairness, and transparency: Processing is lawful, fair, and transparent
Purpose limitation: Data is collected for specified, explicit, and legitimate purposes
Data minimisation: Data is adequate, relevant, and limited to what is necessary
Accuracy: Data is accurate and kept up to date
Storage limitation: Data is kept no longer than necessary
Integrity and confidentiality: Data is processed securely
Accountability: We demonstrate compliance with GDPR principles

International Data Transfers

As we are based in the United States, your personal data may be transferred outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs) with service providers
Adequacy decisions where applicable
Additional security measures as required
Regular review of transfer mechanisms and security measures

Data Security Measures

We implement appropriate technical and organisational measures to ensure data security:

Encryption in transit and at rest
Access controls and authentication systems
Regular security assessments and monitoring
Staff training on data protection
Incident response procedures
Regular backup and recovery testing

Data Breach Notification

In the event of a personal data breach, we will:

Notify the relevant supervisory authority within 72 hours (where required)
Communicate with affected data subjects without undue delay (where required)
Document all breaches and remedial actions taken
Implement measures to prevent future breaches

How to Exercise Your Rights

Contact Information

To exercise your GDPR rights, contact us using the following information:

Email: privacy@justinharbour.com
Subject Line: "GDPR Request - [Your Request Type]"
Include: Your name, email address, and specific request details

Verification Process

We will verify your identity before processing requests to protect your personal data from unauthorized access.

Response Times

Standard Response: Within one month of receipt
Complex Requests: May be extended by two months with notification
Urgent Matters: Processed as quickly as possible

Complaints and Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated. You may contact:

Your local EU data protection authority
The data protection authority in the country where the alleged violation occurred
The data protection authority in the country of your habitual residence

You can find contact information for EU supervisory authorities at:European Data Protection Board website

Updates to This Information

We may update this GDPR compliance information from time to time. Any significant changes will be communicated through our website and other appropriate channels.

Contact Us

For any questions about GDPR compliance or to exercise your rights:

Paxley LLC

Data Protection Officer: Justin Harbour

1317 Edgewater Dr, Ste 2494

Orlando, FL 32804, USA

Email: privacy@justinharbour.com

Subject: GDPR Request

Website: justinharbour.com