Your individual rights under GDPR

How Chameleon fulfills its Data Controller responsibilities to customers including rights to be informed and forgotten

Pulkit Agrawal avatar
Written by Pulkit Agrawal
Updated over a week ago

To learn more about Chameleon's commitment to complying with GDPR please read this overview article

Chameleon role in managing data

Under the GDPR, Chameleon is considered a Data Controller (for the data collected about you, our customer) and a Data Processor (for the data collected about our customers' users). 

The article below describes our obligations to our customers as a Data Controller. To learn how we help our customers become GDPR compliant, and fulfill our responsibilities as a Data Processor, please read this.

Individual data rights

The GDPR provides users with fundamental rights relating to controlling their personal data.

Personal data is defined as any information relating to a person who can be directly or indirectly identified in particular by reference to that information. This can include name, email or other identifiers. 

Chameleon upholds these rights for all our customers and you can learn more about these and how to exercise them below. 

The right to be informed 

Individuals need to be informed about the collection and use of their personal data in a clear and transparent way. 

Read about how what data Chameleon collects and why here, and which vendors Chameleon sends data to here.

The right of access

Individuals can request a copy of their personal data so they can be aware of / validate its lawful processing.

The right to rectification

Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. 

The right to erasure (right to be forgotten)

Individuals can request the deletion of their personal data if it is no longer necessary (for the original purpose) or they no longer consent. 

The right to restrict processing

Individuals can request a restriction on usage of their personal data (not erasure) if they believe it to be inaccurate or unlawfully processed.

The right to data portability

Individuals are entitled to obtain their personal data (in a commonly used format) to reuse for their own purposes across different services.

The right to object

Individuals can object to their data being processed for direct marketing or research. 

You can unsubscribe from our blog updates here. To unsubscribe from all our product update emails, please email us from your Chameleon-registered email address. 

Rights in relation to automated decision making and profiling

Companies can only leverage automated decision-making (without involvement of individuals) that create legal or similarly significant effects upon individuals in very limited and specific circumstances.

Chameleon does not make any automated-decisions based on personal data that cause significant effects to individuals.
​ 

Making requests around your individual rights

To make any data request related to the rights above (e.g. to request a copy, or to object, update or erasure etc.) please please email us at security@trychameleon.com from the email address associated with your Chameleon account. 

We will respond within 30 days, the required legal time window within GDPR, but hopefully sooner. 

Did this answer your question?