Privacy Policy

1. Introduction

This Privacy Policy describes how CRA Compliance ("we," "our," or "us") collects, uses, and protects your personal information when you use our website and services. We are committed to protecting your privacy and ensuring the security of your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

2. Information We Collect

2.1 Information You Provide

• Contact information (name, email address, phone number)
• Company information (company name, industry, size)
• Assessment responses and compliance data
• Messages and communications with our support team
• Newsletter subscription preferences

2.2 Information Automatically Collected

• Usage data and analytics (pages visited, time spent, interactions)
• Device information (browser type, operating system, IP address)
• Cookies and similar tracking technologies
• Log files and technical data

3. How We Use Your Information

We use your personal information for the following purposes:

• Providing and improving our compliance services
• Responding to your inquiries and support requests
• Sending newsletters and marketing communications (with your consent)
• Conducting compliance assessments and generating reports
• Analyzing usage patterns to improve our platform
• Ensuring security and preventing fraud
• Complying with legal obligations

4. Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Consent: For marketing communications and optional features
• Contract: To provide our services and fulfill our obligations
• Legitimate Interest: For analytics, security, and service improvement
• Legal Obligation: To comply with applicable laws and regulations

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your data in the following circumstances:

• With service providers who assist in delivering our services
• When required by law or to protect our legal rights
• In connection with a business transaction (merger, acquisition, etc.)
• With your explicit consent for specific purposes

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of Access: Request information about your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain types of processing
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at privacy@cracompliance.com.

8. Cookies and Tracking

We use cookies and similar technologies to enhance your experience. For detailed information about our cookie usage, please see our Cookie Policy.

9. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Specific retention periods include:

• Account data: Until account deletion or 3 years of inactivity
• Assessment data: 7 years for compliance purposes
• Marketing data: Until consent is withdrawn
• Support communications: 3 years after resolution

10. International Data Transfers

Your data may be processed in countries outside the European Economic Area (EEA). We ensure appropriate safeguards are in place, including adequacy decisions, standard contractual clauses, or other approved mechanisms.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Last updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

12. Contact Information

If you have any questions about this Privacy Policy or our data practices, please contact us:

13. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with data protection laws. In Belgium, you can contact: