← Back to Stratta

GDPR Compliance

Your rights under the General Data Protection Regulation

Introduction

The General Data Protection Regulation (GDPR) gives individuals in the European Union comprehensive rights over their personal data. At Stratta, we are committed to full GDPR compliance and transparency in how we handle your personal information.

This page explains your rights under GDPR and how to exercise them when using our revenue and growth planning platform.

Lawful Basis for Processing

We process your personal data under the following lawful bases:

Contract Performance (Article 6(1)(b))

We process data necessary to provide our platform services:

  • Account management and authentication
  • Campaign data aggregation and analysis
  • Automated optimization execution
  • Customer support and billing

Legitimate Interests (Article 6(1)(f))

We process data for legitimate business purposes:

  • Platform improvement and feature development
  • Security monitoring and fraud prevention
  • Analytics to enhance user experience
  • Direct marketing to existing customers (with opt-out option)

Consent (Article 6(1)(a))

We ask for explicit consent for:

  • Marketing communications to prospects
  • Non-essential cookies and tracking
  • Sharing anonymized data for research purposes
  • Beta feature participation

Legal Obligation (Article 6(1)(c))

We process data when required by law:

  • Tax and accounting records
  • Regulatory compliance reporting
  • Law enforcement requests (with proper legal basis)

Your GDPR Rights

Right to be Informed

You have the right to know how we collect and use your personal data.

How to exercise: Review our Privacy Policy and this GDPR page.

Right of Access

You can request a copy of all personal data we hold about you.

How to exercise: Use the "Export Data" feature in your account settings or contact us.

Right to Rectification

You can correct inaccurate or incomplete personal data.

How to exercise: Update your profile in account settings or contact support.

Right to Erasure

You can request deletion of your personal data ("right to be forgotten").

How to exercise: Use "Delete Account" in settings or send a deletion request.

Right to Restrict Processing

You can limit how we process your data in certain circumstances.

How to exercise: Contact our Data Protection Officer with your specific request.

Right to Data Portability

You can receive your data in a machine-readable format.

How to exercise: Use the "Export Data" feature or request a data export.

Right to Object

You can object to processing based on legitimate interests or direct marketing.

How to exercise: Opt-out via account settings or email unsubscribe links.

Rights Related to Automated Decision-Making

You have rights regarding automated processing and profiling.

How to exercise: Contact us to request human review of automated decisions.

Special Categories of Data

Stratta does not typically process special categories of personal data (sensitive data such as health, racial origin, political opinions, etc.). However, if such data is inadvertently collected through:

  • Campaign targeting data from advertising platforms
  • Customer personas or demographic information
  • Support communications

We will handle it with extra care and delete it promptly unless we have explicit consent or another lawful basis for processing.

International Data Transfers

When we transfer your data outside the EU/EEA, we ensure adequate protection through:

Adequacy Decisions

We transfer data to countries recognized by the European Commission as providing adequate protection (such as the UK under the UK GDPR).

Standard Contractual Clauses (SCCs)

For transfers to other countries, we use the European Commission's Standard Contractual Clauses to ensure equivalent protection.

Safeguards in Place

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security audits and assessments
  • Incident response procedures

Automated Decision-Making and Profiling

Stratta uses automated processing in the following ways:

Campaign Optimization

  • Purpose: Automatically adjust bids, budgets, and pause underperforming campaigns
  • Logic: Based on performance thresholds you set (CTR, CPC, ROAS, etc.)
  • Your Control: You define all rules and can disable automation at any time
  • Human Override: You can always manually override automated actions

Insights and Recommendations

  • Purpose: Provide suggestions for budget allocation and campaign improvements
  • Logic: Analysis of historical performance data and benchmarks
  • Your Control: All recommendations are advisory; you decide whether to implement them

Important: Our automated systems are designed to execute your instructions, not make independent decisions about your campaigns. You retain full control over all automation rules and can request human review at any time.

Data Retention Under GDPR

We retain personal data only as long as necessary for the purposes for which it was collected:

Data TypeRetention PeriodLegal Basis
Account DataDuration of contract + 90 daysContract performance
Campaign Performance Data3 yearsLegitimate interests
Financial Records7 yearsLegal obligation
Marketing PreferencesUntil withdrawnConsent
Support Communications3 yearsLegitimate interests

How to Exercise Your Rights

Self-Service Options

Many rights can be exercised directly through your account:

  • Account Settings: Update personal information, preferences, and privacy settings
  • Data Export: Download your data in JSON or CSV format
  • Integration Management: Connect or disconnect advertising platforms
  • Communication Preferences: Manage email subscriptions and notifications
  • Account Deletion: Permanently delete your account and data

Contacting Our Data Protection Officer

For rights that require manual processing or have complex requirements:

Email: dpo@revnue.com

Subject Line: GDPR Rights Request - [Type of Request]

Required Information:

  • Your full name and account email address
  • Specific right you wish to exercise
  • Reason for the request (if applicable)
  • Preferred method of response

Response Timeline

  • Standard Response: Within 1 month of receiving a valid request
  • Complex Requests: Up to 3 months with explanation of delay
  • Identity Verification: We may need to verify your identity before processing
  • Free of Charge: First request is free; excessive requests may incur reasonable fees

Right to Lodge a Complaint

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with:

Supervisory Authority

You can contact your local data protection authority in the EU member state where you live, work, or where the alleged infringement occurred.

UK Users: Information Commissioner's Office (ICO)

Website: ico.org.uk | Phone: 0303 123 1113

Contact Us First

While you have the right to contact a supervisory authority directly, we encourage you to contact us first so we can try to resolve your concern promptly and directly.

Data Protection Contact

Data Protection Officer: dpo@stratta.com

General Privacy Questions: privacy@stratta.com

Postal Address: [Company Address]

We aim to respond to all GDPR-related inquiries within 72 hours and to resolve requests within the legal timeframes specified above.