PipeRich Legal

GDPR Compliance

PipeRich's commitment to EU General Data Protection Regulation compliance

GDPR Compliance

Effective April 1, 2026

PipeRich is committed to complying with the EU General Data Protection Regulation (GDPR) and protecting the privacy rights of individuals in the European Economic Area (EEA). This page describes how we meet our obligations under the GDPR.

1. Our Commitment

PipeRich takes data protection seriously and has implemented comprehensive measures to ensure compliance with the GDPR. We act as a data processor when processing personal data on behalf of our enterprise customers, and as a data controller for data we collect directly from our website visitors and users.

We have embedded privacy-by-design and privacy-by-default principles throughout our Services and internal processes.

2. Lawful Basis for Processing

We process personal data only when we have a lawful basis for doing so. The lawful bases we rely upon include:

2.1 Contractual Necessity

We process personal data where necessary to perform our contractual obligations to our customers, including providing the Services, managing accounts, and processing payments.

2.2 Legitimate Interests

We process personal data for our legitimate business interests, including fraud prevention, security monitoring, service improvement, and marketing to existing customers. We conduct balancing tests to ensure our interests do not override individuals' rights.

Where we rely on consent as a lawful basis (e.g., for marketing communications to prospective customers), we obtain clear, affirmative consent. You may withdraw consent at any time.

We process personal data where required to comply with legal obligations, including tax, accounting, and regulatory requirements.

3. Data Subject Rights

Under the GDPR, individuals in the EEA have the following rights:

3.1 Right of Access (Article 15)

You have the right to request confirmation of whether we process your personal data and, if so, to receive a copy of that data and information about how it is used.

3.2 Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

3.3 Right to Erasure (Article 17)

You have the right to request deletion of your personal data in certain circumstances, including when the data is no longer necessary for its original purpose.

3.4 Right to Restriction (Article 18)

You have the right to request that we restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

3.5 Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller.

3.6 Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, contact us at privacy@piperich.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

4. Data Protection Officer

PipeRich has appointed a Data Protection Officer (DPO) to oversee our GDPR compliance program. You may contact our DPO at:

Email: dpo@piperich.com

Our DPO is responsible for ensuring that PipeRich processes personal data in compliance with the GDPR, advising on data protection impact assessments, and serving as the point of contact for supervisory authorities.

5. International Data Transfers

When we transfer personal data from the EEA to third countries, we use appropriate safeguards including:

  • Standard Contractual Clauses (SCCs): We incorporate EU Commission-approved SCCs into our agreements with processors and subprocessors in third countries
  • Adequacy Decisions: Where the European Commission has recognized a country as providing adequate protection, we rely on that adequacy decision
  • Binding Corporate Rules: Where applicable, we rely on binding corporate rules approved by the relevant supervisory authority

For details on our subprocessors and the safeguards in place for international transfers, see our Subprocessors page.

6. Personal Data Breach Notification

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, PipeRich will:

  • Notify affected Controllers within 72 hours of becoming aware of the breach
  • Provide information about the nature of the breach, categories and approximate number of data subjects affected, likely consequences, and measures taken or proposed
  • Assist Controllers in notifying affected Data Subjects where required

We maintain a breach response plan and conduct regular training to ensure swift and effective response to any security incidents.

7. Data Processing Agreements

Enterprise customers can execute a Data Processing Agreement (DPA) with PipeRich to formalize the GDPR obligations applicable to our relationship as processor and controller. See our DPA page to download or sign our standard DPA.

For questions about GDPR compliance, contact us at privacy@piperich.com.

Subprocessors

Third-party service providers that process personal data on behalf of PipeRich

Security Policy

How PipeRich protects your data through comprehensive security measures

On this page

GDPR Compliance1. Our Commitment2. Lawful Basis for Processing2.1 Contractual Necessity2.2 Legitimate Interests2.3 Consent2.4 Legal Obligation3. Data Subject Rights3.1 Right of Access (Article 15)3.2 Right to Rectification (Article 16)3.3 Right to Erasure (Article 17)3.4 Right to Restriction (Article 18)3.5 Right to Data Portability (Article 20)3.6 Right to Object (Article 21)4. Data Protection Officer5. International Data Transfers6. Personal Data Breach Notification7. Data Processing Agreements