Last updated: March 18, 2026
GDPR Compliance
This page provides information about how Haridian LLC complies with the General Data Protection Regulation (GDPR) and your rights as a European Union resident.
1. GDPR Overview
The General Data Protection Regulation (GDPR) is a European Union regulation that provides comprehensive data protection rights to individuals within the EU and EEA. Haridian LLC is committed to protecting the privacy and security of your personal data in compliance with GDPR.
This page supplements our Privacy Policy with additional information specific to GDPR compliance.
2. Data Controller
Haridian LLC is the data controller for personal data collected through SOCSimulator. This means we determine the purposes and means of processing your personal data.
Contact Information:
- Company: Haridian LLC
- Email: gdpr@socsimulator.com
3. Lawful Basis for Processing
Under GDPR, we must have a valid legal basis for processing your personal data. We rely on the following lawful bases:
| Processing Activity | Lawful Basis | GDPR Article |
|---|---|---|
| Account creation and management | Contract performance | Art. 6(1)(b) |
| Processing payments | Contract performance | Art. 6(1)(b) |
| Sending transactional emails | Contract performance | Art. 6(1)(b) |
| Analytics and service improvement | Legitimate interest | Art. 6(1)(f) |
| Marketing communications | Consent | Art. 6(1)(a) |
| Security and fraud prevention | Legitimate interest | Art. 6(1)(f) |
| Legal compliance | Legal obligation | Art. 6(1)(c) |
4. Your Rights Under GDPR
As an EU/EEA resident, you have the following rights regarding your personal data:
Right of Access (Art. 15)
You have the right to request a copy of the personal data we hold about you, along with information about how we process it.
Right to Rectification (Art. 16)
You have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to Erasure (Art. 17)
Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for its original purpose.
Right to Restriction of Processing (Art. 18)
You can request that we limit how we use your data in certain circumstances, such as while we verify its accuracy.
Right to Data Portability (Art. 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
Right to Object (Art. 21)
You can object to processing based on legitimate interests, including profiling. You can also object to direct marketing at any time.
Right to Withdraw Consent (Art. 7)
Where we rely on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
Rights Related to Automated Decision-Making (Art. 22)
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently engage in such automated decision-making.
How to Exercise Your Rights
To exercise any of these rights, please contact us at gdpr@socsimulator.com. We will respond to your request within 30 days. In some cases, we may need to verify your identity before processing your request.
5. Data Processing Activities
We process personal data for the following purposes:
| Category | Data Types | Retention Period |
|---|---|---|
| Account Data | Email, display name, password hash | Until account deletion + 30 days |
| Profile Data | Job title, organization, avatar | Until account deletion |
| Usage Data | Scenarios completed, time spent, progress | Until account deletion |
| Payment Data | Billing address, transaction history | 7 years (legal requirement) |
| Log Data | IP address, browser, device info | 90 days |
| Communication Data | Support tickets, emails | 3 years |
6. International Data Transfers
Haridian LLC is based in the United States. When you use SOCSimulator, your personal data may be transferred to and processed in the United States.
We ensure appropriate safeguards for international transfers through:
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our service providers
- Data Processing Agreements: Contracts with sub-processors that ensure GDPR-compliant data handling
- EU-Based Processing: Where possible, we use service providers with EU data centers (e.g., Supabase EU region)
7. Data Protection Measures
We implement technical and organizational measures to protect your data:
Technical Measures
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Secure password hashing (bcrypt)
- Regular security audits and penetration testing
- Automated vulnerability scanning
- Database backups with encryption
Organizational Measures
- Access controls based on principle of least privilege
- Employee security training
- Vendor security assessments
- Incident response procedures
- Data protection impact assessments for high-risk processing
8. Data Breach Notification
In the event of a personal data breach, we will:
- Notify the relevant supervisory authority within 72 hours (where required)
- Notify affected individuals without undue delay if the breach poses high risk to their rights and freedoms
- Document all breaches, including their effects and remedial actions taken
9. Complaints
If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. You can contact:
- The supervisory authority in your EU/EEA country of residence
- The supervisory authority where the alleged infringement occurred
However, we encourage you to contact us first at gdpr@socsimulator.com so we can try to resolve your concerns directly.
A list of EU/EEA supervisory authorities is available at: European Data Protection Board - Members
10. Contact Our DPO
For any GDPR-related inquiries or to exercise your data subject rights, please contact:
- Email: gdpr@socsimulator.com
- Subject Line:Please include "GDPR Request" in your subject line
- Response Time: We will respond within 30 days
For general privacy inquiries, see our Privacy Policy or contact privacy@socsimulator.com.