GDPR Compliance
Last updated:
GDPR Overview
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organisations processing personal data of individuals in the European Union (EU) and European Economic Area (EEA).
AR API (Auto Reports API) is committed to GDPR compliance and protecting the privacy rights of all our users, particularly those in the EU/EEA.
Data Controller: AR API Ltd is the data controller for personal data collected through our services.
Your Rights Under GDPR
As an EU/EEA resident, you have the following rights regarding your personal data:
Right to Access (Article 15)
You can request a copy of all personal data we hold about you.
Right to Rectification (Article 16)
You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17)
Also known as the "right to be forgotten", you can request deletion of your personal data.
Right to Restrict Processing (Article 18)
You can request that we limit how we use your personal data.
Right to Data Portability (Article 20)
You can request your data in a structured, machine-readable format.
Right to Object (Article 21)
You can object to processing of your personal data in certain circumstances.
To exercise any of these rights, please contact our Data Protection Officer using the details provided below.
Data Processing Activities
We process personal data for the following purposes:
| Purpose | Data Categories | Legal Basis |
|---|---|---|
| Account Management | Name, email, company | Contract |
| Service Delivery | API usage, search queries | Contract |
| Payment Processing | Billing information | Contract |
| Analytics | Usage patterns, device info | Legitimate Interest |
| Marketing | Email, preferences | Consent |
Legal Basis for Processing
We process your personal data based on one or more of the following legal grounds:
- Contract: Processing necessary to fulfil our contractual obligations to you
- Consent: Where you have given explicit consent for specific processing
- Legitimate Interest: Processing necessary for our legitimate business interests, provided these don't override your rights
- Legal Obligation: Processing required to comply with applicable laws
International Data Transfers
Your personal data may be transferred to and processed in countries outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Transfers to countries with adequacy decisions
- Binding Corporate Rules where applicable
You can request information about the specific safeguards applied to your data transfers by contacting our DPO.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected:
- Account data: Duration of account plus 2 years
- Transaction records: 7 years (legal requirement)
- API logs: 90 days
- Marketing preferences: Until consent is withdrawn
Data Protection Officer
We have appointed a Data Protection Officer (DPO) to oversee our data protection practices and handle your enquiries.
Contact Our DPO
Name: Data Protection Team
Email: dpo@arapi.co.uk
Address: AR API Ltd, 123 Tech Street, London, UK
We aim to respond to all data protection enquiries within 30 days.
Making a Complaint
If you are not satisfied with how we handle your personal data or respond to your requests, you have the right to lodge a complaint with a supervisory authority.
In the UK, the supervisory authority is the Information Commissioner's Office (ICO):
We encourage you to contact us first so we can try to resolve your concerns directly.
Questions about this policy?
If you have any questions about this policy or our practices, please contact us.
Contact Us