GDPR Policy
General Data Protection Regulation compliance for European Union users
Last Updated: September 30, 2025
Introduction
If you are located in the European Union (EU) or European Economic Area (EEA), you have specific rights under the General Data Protection Regulation (GDPR). This policy explains your GDPR rights and how we comply with EU data protection law.
This GDPR Policy supplements our Privacy Policy and applies specifically to EU/EEA residents.
Data Controller
ACCalculator.com is the data controller responsible for your personal information. Contact us:
- Email: support@accalculator.com
- Subject Line: "GDPR Request" or "EU Data Rights"
What Personal Data We Collect
Minimal Data Collection
We collect very limited personal data because our calculators process all data locally in your browser. Specifically:
We DO Collect:
- Email Address: Only if you contact us voluntarily
- Legal Basis: Legitimate interest (responding to inquiries)
- Retention: Until inquiry is resolved + 30 days, or until you request deletion
- Analytics Data: Anonymized usage statistics via Google Analytics or similar
- Legal Basis: Legitimate interest (website improvement) + Consent (cookie banner)
- Data: Page views, session duration, browser type, country/city (IP anonymized)
- Retention: 26 months (Google Analytics default)
We DO NOT Collect:
- Calculator inputs (dimensions, insulation, etc.) - processed locally only
- Personal identification (name, address, phone) unless you provide via email
- Payment information (service is free)
- Account information (no registration required)
Your GDPR Rights
1. Right to Access (Article 15)
You have the right to know what personal data we hold about you.
- What we'll provide: Copy of any emails you've sent us, confirmation of analytics data collection
- Timeline: Within 30 days of request
- Cost: Free for first request; may charge for excessive/repeated requests
2. Right to Rectification (Article 16)
You can request correction of inaccurate personal data.
- Example: Correct your email address in our correspondence records
- Timeline: Within 30 days
3. Right to Erasure / "Right to be Forgotten" (Article 17)
You can request deletion of your personal data.
- What we'll delete: Your email correspondence and any associated data
- Exceptions: We may retain data if required for legal compliance or defense of legal claims
- Timeline: Within 30 days
4. Right to Restriction of Processing (Article 18)
You can request we stop processing your data while verifying accuracy or assessing deletion requests.
5. Right to Data Portability (Article 20)
You can request your data in machine-readable format.
- What we'll provide: Email correspondence in .txt or .pdf format
- Note: Limited applicability since we collect minimal data
6. Right to Object (Article 21)
You can object to data processing based on legitimate interests.
- Analytics: Opt-out by disabling cookies in your browser or using Do Not Track
- Marketing: Not applicable—we don't send marketing emails
7. Rights Related to Automated Decision-Making (Article 22)
Not applicable—we do not make automated decisions that produce legal or similarly significant effects.
8. Right to Withdraw Consent
Where processing is based on consent (analytics cookies), you can withdraw consent at any time by:
- Clearing cookies in your browser
- Enabling Do Not Track
- Using privacy-focused browsers (Brave, Firefox with tracking protection)
How to Exercise Your Rights
Submit a Request
Email us at support@accalculator.com with:
- Subject: "GDPR Request - [Type of Request]"
- Body: Specify which right you're exercising and what data you're referring to
- Verification: We may ask for identity verification to prevent fraudulent requests
Response Timeline
- Standard: 30 days
- Complex Requests: May extend to 60 days with notification
- No Charge: Free for reasonable requests
Legal Basis for Processing
| Data Type | Purpose | Legal Basis (GDPR) |
|---|---|---|
| Email correspondence | Respond to inquiries | Legitimate interest (Art. 6(1)(f)) |
| Analytics cookies | Website improvement | Consent (Art. 6(1)(a)) + Legitimate interest |
| Calculator inputs | Provide calculation service | N/A - processed locally only |
Data Transfers Outside the EU
Hosting and Analytics
Our website is hosted on servers that may be located in the United States. When you access ACCalculator.com from the EU:
- Data transferred: Anonymized analytics data, IP addresses (anonymized)
- Safeguards: We use service providers that comply with EU-US data transfer mechanisms (EU-US Data Privacy Framework, Standard Contractual Clauses)
- Service Providers:
- Netlify (hosting) - complies with GDPR
- Google Analytics (if used) - GDPR-compliant configuration with IP anonymization
Minimized Risk
Because we process calculator inputs locally and collect minimal personal data, the risk of cross-border data transfer is minimal.
Data Retention
| Data Type | Retention Period |
|---|---|
| Email correspondence | Until resolved + 30 days, or until deletion request |
| Analytics data | 26 months (Google Analytics default) |
| Calculator inputs | Not stored - deleted when you close browser |
Cookies and Tracking
Cookie Categories
Essential Cookies (No Consent Required)
- Session cookies for calculator functionality
- Security cookies
Analytics Cookies (Consent Required)
- Google Analytics or similar
- Anonymized IP addresses
- No cross-site tracking
Managing Cookie Consent
We respect your cookie preferences:
- Cookie Banner: First visit shows consent banner (if analytics used)
- Opt-Out: Decline cookies via banner or browser settings
- Do Not Track: We honor DNT browser signals
Security Measures
We implement appropriate technical and organizational measures to protect your data:
Technical Measures
- HTTPS encryption (SSL/TLS) for all website traffic
- Secure hosting infrastructure with regular security updates
- Local processing of calculator data (never transmitted to servers)
- IP anonymization in analytics
Organizational Measures
- Limited access to email correspondence (need-to-know basis)
- Regular privacy policy reviews and updates
- Incident response procedures
Data Breach Notification
In the unlikely event of a data breach affecting your personal data:
- Supervisory Authority: We will notify the relevant EU data protection authority within 72 hours
- Affected Individuals: We will notify you without undue delay if the breach poses a high risk to your rights
- Remediation: We will take immediate steps to contain and remedy the breach
Children's Privacy
We do not knowingly collect data from children under 16 (or relevant age of consent in your EU country). If you believe we have collected data from a child, contact us immediately for deletion.
Supervisory Authority
You have the right to lodge a complaint with your local data protection authority if you believe we have violated GDPR.
Find Your Authority
EU Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en
We encourage you to contact us first so we can address your concerns directly.
Changes to This Policy
We may update this GDPR Policy to reflect:
- Changes in EU data protection law
- New service providers or data processing activities
- Feedback from users or supervisory authorities
Material changes will be announced with 30 days' notice. Continued use after changes constitutes acceptance.
Contact Information
Data Protection Inquiries
Email: support@accalculator.com
Subject Line: "GDPR Request" or "EU Data Protection"
Response Timeline
- Simple requests: Within 7-14 days
- Complex requests: Within 30 days (may extend to 60 with notice)
Summary of Your Rights
- ✓ Access your data
- ✓ Correct inaccurate data
- ✓ Delete your data ("right to be forgotten")
- ✓ Restrict processing
- ✓ Data portability
- ✓ Object to processing
- ✓ Withdraw consent
- ✓ Lodge complaint with supervisory authority
Related Policies
- Privacy Policy - General privacy practices
- Terms & Conditions - Usage rules
- Disclaimer - Limitations and liability