GDPR Compliance

Our commitment to the EU General Data Protection Regulation and data subject rights.

Last updated: January 2025

Introduction

SovereignAI Grid is fully committed to compliance with the EU General Data Protection Regulation (GDPR). This statement outlines our key GDPR obligations and how we fulfill them to protect your personal data and privacy rights.

Lawful Basis for Processing

We only process personal data where we have a lawful basis under GDPR Article 6:

  • Consent (Article 6(1)(a)) - For marketing communications and optional data processing where you have given explicit consent
  • Contract (Article 6(1)(b)) - For providing our services and processing partnership inquiries as part of contractual obligations
  • Legal Obligation (Article 6(1)(c)) - For compliance with EU and Dutch legal requirements and regulations
  • Legitimate Interest (Article 6(1)(f)) - For website analytics, security monitoring, and improving our services

Data Subject Rights

We uphold all rights of data subjects under GDPR. You have the following rights:

  • Right to access your personal data and processing information
  • Right to rectify inaccurate or incomplete personal data
  • Right to erasure (right to be forgotten) in specific circumstances
  • Right to restrict processing of your personal data
  • Right to data portability in structured, machine-readable format
  • Right to object to processing based on legitimate interests
  • Right to withdraw consent at any time (where processing is based on consent)

Data Security

We implement comprehensive technical and organizational measures to ensure data security:

  • End-to-end encryption for data transmission and storage
  • Strict access controls and authentication mechanisms
  • Data anonymization and pseudonymization where possible
  • Continuous security monitoring and risk assessment

Data Breach Notification

In the event of a data breach, we follow GDPR Article 33 and 34 requirements:

Our Breach Response Procedure:

  • Immediate assessment of breach severity and scope
  • Notification to supervisory authority within 72 hours
  • Notification to affected individuals without undue delay if high risk
  • Immediate remediation and prevention measures

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee GDPR compliance and handle data protection inquiries.

Data Protection Officer

Email: dpo@sovereignaigrid.nl

Response time: Within 30 days

Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe your rights have been violated.

Autoriteit Persoonsgegevens (AP)

Website: autoriteitpersoonsgegevens.nl

Phone: +31 70 8888 500

Contact Us

For any questions about our GDPR compliance or to exercise your rights, contact our Data Protection Officer at dpo@sovereignaigrid.nl.